Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Explorer dispears and reappears [CLOSED]

Started by Ken1985 , Jun 10 2008 08:24 PM

  • This topic is locked This topic is locked

#1
Ken1985
Posted 10 June 2008 - 08:24 PM

Ken1985

    New Member

  • Member
  • Pip
  • 5 posts
I have great respect for what you guys do, you helped me once long ago. Had this virus for two weeks now, Spybot and Trojan Remover got rid of a lot of it, but its put windows on a timer now that only lets it work properly for about an hour. I hope you can help! Thank you! And it seems to be a doozy, so I understand if its not an immediate response, I just appreciate any help right now.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:20 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\CDProxyServ.exe
C:\PROGRA~1\cebas\ip-clamp\ipclamp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: pvnsmfor - {CB07D6A9-7491-4A84-B8E8-E846CC689DDC} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O21 - SSODL: MonBoot - {cca768b8-f3b9-4c7e-bb15-59fee121681b} - C:\WINDOWS\Resources\MonBoot.dll
O21 - SSODL: PreBootCheck - {7910f909-171a-4d72-8743-234d85055b01} - C:\WINDOWS\Resources\RomDrive.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPCLAMP by cebas Computer GmbH (IPClampService) - Unknown owner - C:\PROGRA~1\cebas\ip-clamp\ipclamp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11357 bytes
  • 0

Advertisements

#2
koko_crunch
Posted 15 June 2008 - 03:35 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello Ken1985 and Welcome to Geeks to Go!

Sorry for the delay. It has been a busy week.

After checking your log, I found signs of malware on your system.
Please stick with me until we get you cleaned up. :)


Let's start.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#3
Ken1985
Posted 16 June 2008 - 02:16 AM

Ken1985

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
SmitFraudFix v2.325

Scan done at 3:14:20.53, Mon 06/16/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\CDProxyServ.exe
C:\PROGRA~1\cebas\ip-clamp\ipclamp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ken Adams


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ken Adams\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KENADA~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\tmp???????.exe FOUND !
C:\Program Files\IE Extensions\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

[!] Suspicious: MonBoot.dll
SSODL: MonBoot - {cca768b8-f3b9-4c7e-bb15-59fee121681b}


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
DNS Server Search Order: 207.172.3.8
DNS Server Search Order: 207.172.3.9

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9979D923-4A34-4BBD-98C1-6176FE9BC0F4}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9979D923-4A34-4BBD-98C1-6176FE9BC0F4}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9979D923-4A34-4BBD-98C1-6176FE9BC0F4}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
koko_crunch
Posted 16 June 2008 - 10:28 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
It found infections.
Let's run the fix.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
  • 0

#5
Ken1985
Posted 16 June 2008 - 02:39 PM

Ken1985

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
SmitFraudFix v2.325

Scan done at 14:16:22.87, Mon 06/16/2008
Run from C:\Documents and Settings\Ken Adams\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\Resources\MonBoot.dll deleted


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\tmp???????.exe Deleted
C:\Program Files\IE Extensions\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9979D923-4A34-4BBD-98C1-6176FE9BC0F4}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9979D923-4A34-4BBD-98C1-6176FE9BC0F4}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9979D923-4A34-4BBD-98C1-6176FE9BC0F4}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End





It seems a lot better, thanks! It's still trying to install photogallery from Microsoft.NET framework when windows starts, though.
  • 0

#6
koko_crunch
Posted 16 June 2008 - 02:43 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Now for some scan.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Finally,

Finally,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Post back with the following logs.

- MBAM log
- SuperAntispyware log
- DSS log main and extra
  • 0

#7
koko_crunch
Posted 23 June 2008 - 08:07 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
koko_crunch
Posted 25 June 2008 - 03:04 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
User returned.
  • 0

#9
Ken1985
Posted 25 June 2008 - 09:05 PM

Ken1985

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Whew, finally here you go. again, sorry I took so long, lot of work and traveling and stuff:


Malwarebytes' Anti-Malware 1.18
Database version: 871

10:23:19 AM 6/25/2008
mbam-log-6-25-2008 (10-23-19).txt

Scan type: Quick Scan
Objects scanned: 43775
Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)









SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/25/2008 at 12:00 PM

Application Version : 4.15.1000

Core Rules Database Version : 3490
Trace Rules Database Version: 1481

Scan type : Complete Scan
Total Scan Time : 01:34:43

Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 8006
Registry threats detected : 0
File items scanned : 24796
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\Ken Adams\Cookies\[email protected][1].txt
C:\Documents and Settings\Ken Adams\Cookies\[email protected][2].txt
C:\Documents and Settings\Ken Adams\Cookies\[email protected][1].txt
C:\Documents and Settings\Ken Adams\Cookies\[email protected][1].txt
C:\Documents and Settings\Ken Adams\Cookies\[email protected][1].txt
C:\Documents and Settings\Ken Adams\Cookies\ken__adams@apmebf[1].txt
C:\Documents and Settings\Ken Adams\Cookies\[email protected][2].txt
C:\Documents and Settings\Ken Adams\Cookies\ken__adams@adultadworld[2].txt
C:\Documents and Settings\Ken Adams\Cookies\ken__adams@xxxmofo[1].txt
C:\Documents and Settings\Ken Adams\Cookies\[email protected][1].txt
C:\Documents and Settings\Ken Adams\Cookies\[email protected][2].txt
C:\Documents and Settings\Ken Adams\Cookies\ken__adams@adbrite[1].txt
C:\Documents and Settings\Ken Adams\Cookies\ken__adams@adultfriendfinder[1].txt
C:\Documents and Settings\Ken Adams\Cookies\ken__adams@fastclick[2].txt
C:\Documents and Settings\Ken Adams\Cookies\ken__adams@doubleclick[1].txt
C:\Documents and Settings\Ken Adams\Cookies\[email protected][1].txt
C:\Documents and Settings\Ken Adams\Cookies\ken__adams@zedo[2].txt
C:\Documents and Settings\Ken Adams\Cookies\ken__adams@statcounter[1].txt
.serving-sys.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.partner.googleadservices.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.servedby.da-traffic.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.servedby.da-traffic.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.servedby.da-traffic.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.servedby.da-traffic.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
boards.polycount.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
boards.polycount.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.revenue.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.clickaider.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.lynxtrack.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tracking.vindicosuite.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.tracking.vindicosuite.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.bizrate.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.e-2dj6wfkikkcjifp.stats.esomniture.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.calorie-count.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.calorie-count.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.calorie-count.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.calorie-count.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.calorie-count.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.calorie-count.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
www.calorie-count.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.chitika.net [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Ken Adams\Application Data\Mozilla\Firefox\Profiles\185hnm02.default\cookies.txt ]















Deckard's System Scanner v20071014.68
Run by Ken Adams on 2008-06-25 21:43:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-26 02:43:16 UTC - RP524 - Deckard's System Scanner Restore Point
4: 2008-06-25 08:47:11 UTC - RP523 - Installed SUPERAntiSpyware Free Edition
3: 2008-06-25 03:09:19 UTC - RP522 - Installed Java Runtime Environment
2: 2008-06-25 03:05:03 UTC - RP521 - Installed Java™ 6 Update 5
1: 2008-06-24 23:23:27 UTC - RP520 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.79 GiB (less than 15%) free.


-- HijackThis (run as Ken Adams.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:46 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\CDProxyServ.exe
C:\PROGRA~1\cebas\ip-clamp\ipclamp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\Ken Adams\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ken Adams.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: pvnsmfor - {CB07D6A9-7491-4A84-B8E8-E846CC689DDC} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPCLAMP by cebas Computer GmbH (IPClampService) - Unknown owner - C:\PROGRA~1\cebas\ip-clamp\ipclamp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11724 bytes

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 $sys$cor - c:\windows\system32\drivers\$sys$cor.sys <Not Verified; First 4 Internet; Essential System Tools>
R1 $sys$crater - c:\windows\system32\$sys$filesystem\crater.sys <Not Verified; First 4 Internet; Essential System Tools>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 msvad_multi (Samson Audio (WDM)) - c:\windows\system32\drivers\swaudwdm.sys <Not Verified; Samson; Samson Audio (WDM) Driver>
S3 SamsonLLDriver (Samson C01U LL Driver) - c:\windows\system32\drivers\samsonlldriver.sys <Not Verified; SaneWave Inc.; Samson C01U>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CD_Proxy (XCP CD Proxy) - c:\windows\cdproxyserv.exe <Not Verified; ; CdProxy Application>
R2 IPClampService (IPCLAMP by cebas Computer GmbH) - c:\progra~1\cebas\ip-clamp\ipclamp.exe
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 spmd (SPM License Server) - c:\windows\system32\spm\spmd.exe <Not Verified; mental images GmbH; Software Protection Management System>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 License Management Service ESD - "c:\program files\common files\element5 shared\service\licence manager esd.exe"
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-25 10:56:54 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-24 17:00:01 448 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-06-19 03:32:34 382 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-25 03:48:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-25 03:47:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-25 03:47:16 0 d-------- C:\Documents and Settings\Ken Adams\Application Data\SUPERAntiSpyware.com
2008-06-25 03:46:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 01:45:18 0 d-------- C:\Documents and Settings\Ken Adams\Application Data\Malwarebytes
2008-06-20 01:45:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-20 01:45:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 14:57:01 0 d-------- C:\WINDOWS\resources
2008-06-16 03:14:26 2910 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-16 03:12:47 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-16 03:12:47 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-16 03:12:47 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-16 03:12:47 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-16 03:12:46 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-16 03:12:46 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-16 03:12:46 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-16 03:12:45 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-10 21:21:11 0 d-------- C:\Program Files\Trend Micro
2008-06-01 22:00:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy


-- Find3M Report ---------------------------------------------------------------

2008-06-25 21:47:22 0 d-------- C:\Documents and Settings\Ken Adams\Application Data\Azureus
2008-06-25 11:47:04 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-25 03:46:05 0 d-------- C:\Program Files\Common Files
2008-06-24 22:07:56 0 d-------- C:\Program Files\Java
2008-06-20 03:08:59 0 d-------- C:\Documents and Settings\Ken Adams\Application Data\WTablet
2008-06-07 05:54:54 0 d-------- C:\Documents and Settings\Ken Adams\Application Data\Adobe
2008-06-02 18:56:00 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-01 21:57:41 0 d-------- C:\Program Files\Trojan Remover
2008-05-31 09:42:55 0 d-------- C:\Program Files\Symantec
2008-05-29 02:20:29 0 d-------- C:\Documents and Settings\Ken Adams\Application Data\AdobeUM
2008-05-24 10:36:24 0 d-------- C:\Program Files\Norton 360
2008-05-23 09:48:54 838218 --ahs---- C:\WINDOWS\system32\iOUBdMoq.ini2
2008-05-23 09:40:47 0 d-------- C:\Documents and Settings\Ken Adams\Application Data\Simply Super Software
2008-05-21 03:36:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-20 22:08:53 0 d-------- C:\Documents and Settings\Ken Adams\Application Data\TmpRecentIcons
2008-05-20 15:41:03 0 d-------- C:\Program Files\InCode Solutions
2008-05-20 13:29:45 0 d-------- C:\Program Files\RegCure
2008-05-13 12:35:18 0 d-------- C:\Program Files\iTunes
2008-05-13 12:34:58 0 d-------- C:\Program Files\iPod
2008-05-13 12:33:00 0 d-------- C:\Program Files\QuickTime
2008-05-13 12:28:58 3526 --a----c- C:\Documents and Settings\Ken Adams\Application Data\wklnhst.dat
2008-05-13 12:24:35 0 d-------- C:\Program Files\Apple Software Update
2008-04-30 10:09:13 0 d-------- C:\Documents and Settings\Ken Adams\Application Data\Download Manager
2008-04-27 03:22:34 0 d-------- C:\Program Files\WinAVI MP4 Converter
2008-04-25 08:36:22 0 d-------- C:\Program Files\Apollo iPod Video Converter
2008-04-05 04:52:39 463990043 --a------ C:\WINDOWS\system32\PAPERLESSPRINTER


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/10/2005 11:05 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 01:11 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/19/2005 03:50 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 01:39 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/22/2005 10:57 AM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 12:23 PM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/13/2005 04:45 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/09/2007 06:53 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 07:23 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 08:54 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [04/07/2008 07:51 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/05/2005 03:08 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"Zinio DLM"="C:\Program Files\Zinio\ZinioDeliveryManager.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

C:\Documents and Settings\Ken Adams\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 3:39:30 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atwtusb]
atwtusb.exe beta

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

  • 0

#10
koko_crunch
Posted 25 June 2008 - 11:27 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
That's alright, good thing you came back. :)
Let's perform a query first before removing Sony - XCP DRM Rootkit on your system.

Read this post completely before proceeding. It may be easier for you to print or copy this into notepad for reference later.

Step 1.

Disable Spybot S&D (Teatimer)

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Also,
Temporarily disable Norton Antivirus.
Click here for instructions.

Step 2.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
O3 - Toolbar: pvnsmfor - {CB07D6A9-7491-4A84-B8E8-E846CC689DDC} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Step 3.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Don't forget to re-enable Norton!

Step 4.

Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.

Step 5.

1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

[Search]
LowerFilters
UpperFilters

[Exclude]

[Options]
Filter=KVDLUI



2. Download Registry Search to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.


Please post back with the following logs.
Make sure the logs doesn't get cut off.
- SDFIX log
- Regsearch log
  • 0

#11
Ken1985
Posted 28 June 2008 - 04:15 AM

Ken1985

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
this one seems like a long one. Im a train conductor and have a busy week here, could you give me to monday to do this one? Sorry! thank you
  • 0

#12
koko_crunch
Posted 28 June 2008 - 05:56 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
That's ok.
Will leave this thread open until you return.
Just post back when done. :)
  • 0

#13
koko_crunch
Posted 03 July 2008 - 10:25 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP