Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

adware.trymedia [RESOLVED]


  • This topic is locked This topic is locked

#1
tykes123

tykes123

    Member

  • Member
  • PipPip
  • 51 posts
I have followed all the steps suggested by using all the malware/spaware scans.BUT on rebot the problems just came back.I have 1.) a HijackThis Log, 2.) a Panda Activescan log, and 3.) a MalwareBytes log.

1.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:02 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\demarcus\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [9Desks] C:\Program Files\9Desks 1.x\9Desks.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1183784854906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11659 bytes



2.)

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-23 22:52:39
PROTECTIONS: 1
MALWARE: 8
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00046160 adware/searchexe Adware No 0 Yes No HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar
00046160 adware/searchexe Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046961.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046949.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046960.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046951.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046959.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046958.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046957.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046956.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046955.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046954.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046953.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046952.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046950.exe
00521370 Spyware/Iehelp Spyware No 1 No No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe[iWinGamesSetup2.exe][iWinGamesHookIE.dll]
00521370 Spyware/Iehelp Spyware No 1 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP355\A0046904.dll
01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
01416550 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Common Files\Wise Installation Wizard\WIS25B052BB7126441299D93D9448235FE4_6_8_0_4.MSI[unk_0058]
01416550 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\Installer\68bcd14.msi[unk_0057]
02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe
02893775 Spyware/Iehelp Spyware No 1 No No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe[iWinGamesSetup2.exe][iWinArcadeLauncher.exe]
02904593 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044453.exe
02904593 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044443.exe
02904593 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044474.exe
02904593 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP340\A0041359.exe
02904593 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP309\A0036445.exe
02904593 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP309\A0036444.exe
02904593 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP340\A0041360.exe
02904593 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044470.exe
02904593 Adware/Trymedia Adware No 0 Yes No C:\Documents and Settings\demarcus\My Documents\Downloaded Installations\Janes_Hotel-v1_0-dm.exe
02904593 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044477.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
108742 MEDIUM MS06-006
;===============================================================================
=================================================================================
===================


3.)

Malwarebytes' Anti-Malware 1.11
Database version: 676

Scan type: Quick Scan
Objects scanned: 37194
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#2
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hello tykes123,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [b]C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046961.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046949.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046960.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046951.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046959.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046958.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046957.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046956.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046955.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046954.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046953.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046952.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046950.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044453.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044443.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044474.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP340\A0041359.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP309\A0036445.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP309\A0036444.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP340\A0041360.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044470.exe
    C:\Documents and Settings\demarcus\My Documents\Downloaded Installations\Janes_Hotel-v1_0-dm.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044477.exe
    C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
    C:\WINDOWS\Installer\68bcd14.msi
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP355\A0046904.dll
    C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe
    [/b]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Please do an online scan with Kaspersky WebScanner

Please note: You must use Internet Explorer for this as it uses an ActiveX component.

This scan may take a while to complete, so please be patient and let it finish.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Select a target to scan; click on My Computer.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete choose the option to Save as Text.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please include OTMoveIt log, SUPERAntiSpyware results and the Kaspersky results together with a fresh HijackThis log for me to review.
  • 0

#3
tykes123

tykes123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
OTmoveIT2 log
------------------------------------------------
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046961.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046949.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046960.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046951.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046959.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046958.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046957.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046956.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046955.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046954.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046953.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046952.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046950.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044453.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044443.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044474.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP340\A0041359.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP309\A0036445.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP309\A0036444.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP340\A0041360.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044470.exe moved successfully.
C:\Documents and Settings\demarcus\My Documents\Downloaded Installations\Janes_Hotel-v1_0-dm.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044477.exe moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll NOT unregistered.
C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll moved successfully.
C:\WINDOWS\Installer\68bcd14.msi moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe moved successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP355\A0046904.dll unregistered successfully.
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP355\A0046904.dll moved successfully.
File/Folder C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05072008_173624
--------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/07/2008 at 07:15 PM

Application Version : 4.0.1154

Core Rules Database Version : 3454
Trace Rules Database Version: 1446

Scan type : Complete Scan
Total Scan Time : 01:23:25

Memory items scanned : 418
Memory threats detected : 0
Registry items scanned : 6199
Registry threats detected : 0
File items scanned : 164687
File threats detected : 2

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\DEMARCUS\LOCAL SETTINGS\TEMP\~DF2FEC.TMP

Adware.IWinGames
C:\_OTMOVEIT\MOVEDFILES\05072008_173624\SYSTEM VOLUME INFORMATION\_RESTORE{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP355\A0046904.DLL
--------------------------------------------------------------------------------------------------------------------
Thursday, May 08, 2008 2:44:31 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/05/2008
Kaspersky Anti-Virus database records: 745602
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 167185
Number of viruses found 5
Number of infected objects 33
Number of suspicious objects 0
Duration of the scan process 02:45:39

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Desktop\Downloads\BabysittingManiaSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\Documents and Settings\demarcus\Application Data\GTek\GTUpdate\AUpdate\DellSupport\AUPNP.log Object is locked skipped
C:\Documents and Settings\demarcus\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\demarcus\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\demarcus\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\demarcus\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-7-2008( 21-37-2 ).LOG Object is locked skipped
C:\Documents and Settings\demarcus\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\demarcus\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\demarcus\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Wise Installation Wizard\WIS25B052BB7126441299D93D9448235FE4_6_8_0_4.MSI/Callw6setup Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\Program Files\Common Files\Wise Installation Wizard\WIS25B052BB7126441299D93D9448235FE4_6_8_0_4.MSI Embedded: infected - 1 skipped
C:\System Volume Information\catalog.wci\00010001.ci Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP380\A0051203.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP387\A0052190.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP399\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5DEB0323-B85E-48F2-9046-A2E2C03D3748}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{35AB2E27-6C92-412E-891F-19EA89404701}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_998.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\Documents and Settings\demarcus\My Documents\Downloaded Installations\Janes_Hotel-v1_0-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP309\A0036444.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP309\A0036445.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP340\A0041359.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP340\A0041360.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044443.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044453.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044470.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044474.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044477.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe/data0002/data0008 Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe/data0002 Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe NSIS: infected - 2 skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046949.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046950.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046951.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046952.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046953.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046954.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046955.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046956.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046957.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046958.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046959.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046960.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046961.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\WINDOWS\Installer\68bcd14.msi/Callw6setup Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\WINDOWS\Installer\68bcd14.msi Embedded: infected - 1 skipped
Scan process completed.
--------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:32 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\GeeksToGo\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [9Desks] C:\Program Files\9Desks 1.x\9Desks.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1183784854906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11490 bytes

Edited by tykes123, 08 May 2008 - 01:52 AM.

  • 0

#4
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Please do an online scan with Kaspersky WebScanner

Please note: You must use Internet Explorer for this as it uses an ActiveX component.

This scan may take a while to complete, so please be patient and let it finish.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Select a target to scan; click on My Computer.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete choose the option to Save as Text.
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis log and let me know how the computer is now behaving.

  • 0

#5
tykes123

tykes123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
KASPERSKY ONLINE SCAN
Thursday, May 08, 2008 2:44:31 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/05/2008
Kaspersky Anti-Virus database records: 745602
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 167185
Number of viruses found 5
Number of infected objects 33
Number of suspicious objects 0
Duration of the scan process 02:45:39

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Desktop\Downloads\BabysittingManiaSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\Documents and Settings\demarcus\Application Data\GTek\GTUpdate\AUpdate\DellSupport\AUPNP.log Object is locked skipped
C:\Documents and Settings\demarcus\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\demarcus\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\demarcus\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\demarcus\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-7-2008( 21-37-2 ).LOG Object is locked skipped
C:\Documents and Settings\demarcus\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat Object is locked skipped
C:\Documents and Settings\demarcus\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\demarcus\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\demarcus\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Wise Installation Wizard\WIS25B052BB7126441299D93D9448235FE4_6_8_0_4.MSI/Callw6setup Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\Program Files\Common Files\Wise Installation Wizard\WIS25B052BB7126441299D93D9448235FE4_6_8_0_4.MSI Embedded: infected - 1 skipped
C:\System Volume Information\catalog.wci\00010001.ci Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP380\A0051203.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP387\A0052190.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP399\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5DEB0323-B85E-48F2-9046-A2E2C03D3748}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{35AB2E27-6C92-412E-891F-19EA89404701}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_998.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\Documents and Settings\demarcus\My Documents\Downloaded Installations\Janes_Hotel-v1_0-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP309\A0036444.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP309\A0036445.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP340\A0041359.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP340\A0041360.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044443.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044453.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044470.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044474.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP343\A0044477.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe/data0002/data0008 Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe/data0002 Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP352\A0046660.exe NSIS: infected - 2 skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046949.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046950.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046951.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046952.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046953.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046954.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046955.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046956.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046957.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046958.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046959.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046960.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\System Volume Information\_restore{E22283DB-6FDD-458D-8748-4B448BB114D1}\RP356\A0046961.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\WINDOWS\Installer\68bcd14.msi/Callw6setup Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\_OTMoveIt\MovedFiles\05072008_173624\WINDOWS\Installer\68bcd14.msi Embedded: infected - 1 skipped
Scan process completed.
  • 0

#6
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [b]C:\Documents and Settings\All Users\Desktop\Downloads\BabysittingManiaSetup-dm[1].exe
    C:\Program Files\Common Files\Wise Installation Wizard\WIS25B052BB7126441299D93D9448235FE4_6_8_0_4.MSI[/b]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the following in your next reply:
  • OTMoveIt2 results
  • A fresh HijackThis log
Can you also tell me how the computer is behaving as I don't see anything else in those logs that could be causing concerns.
  • 0

#7
tykes123

tykes123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
OTMoveIt2 LOG
-----------------------------------------------------------------------------------------------------------
< C:\Documents and Settings\All Users\Desktop\Downloads\BabysittingManiaSetup-dm[1].exe >
C:\Documents and Settings\All Users\Desktop\Downloads\BabysittingManiaSetup-dm[1].exe moved successfully.
C:\Program Files\Common Files\Wise Installation Wizard\WIS25B052BB7126441299D93D9448235FE4_6_8_0_4.MSI moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05092008_072906
---------------------------------------------------------------------------------------------------


hijackthis log
--------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:47 AM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\GeeksToGo\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [9Desks] C:\Program Files\9Desks 1.x\9Desks.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1183784854906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11569 bytes
---------------------------------------------------------------------------------------------------------------------------------------


i no longer have the computer crashes or my internet connecting and disconnecting every 5 seconds. This seems to be the fix to the problem, but im not sure if my router was part of the problem or not.
  • 0

#8
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Congratulations. Your log appears to be clean. :)

I don't know too much about routers, so if you are still having concerns with the router then I would suggest starting a thread in the Networking Forum. I'm sure one of the Techs there will be better able to assist you. :)

Please follow these Tips to prevent a possible infection or re-infection.

Download, install AND update the following free programs. It is important to keep all anti-malware programs updated. Please update at least once a week.
  • Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
You should also have a good firewall. Here are 2 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#9
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP