Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems with Spybot

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problems with Spybot

Unread postby Fireman Sam » July 6th, 2008, 7:03 pm

Hello new to this site.
I have been having problems recently when I start up my computer (windows XP).
It has become very slow and spybot keeps popping up the message
Category: Startup user entry
Change: Value deleted
Entry: SpybotDeletingF6331
Old data "C:\Program Files\Spybot - Search_Destroy\SDDelFile.exe" "C:WINDOWS\system32\a.exe"
I click deny change but then I get approx 50 or more of these with different numbers on the entry line.

I have downloaded hijackthis and here is the log

Logfile of HijackThis v1.99.1
Scan saved at 23:37:44, on 06/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wnxx.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\sg1eyh2no98s7.exe
O4 - HKLM\..\Run: [cleaner] C:\WINDOWS\System32\clphurptpvnz.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iecj32.exe] C:\WINDOWS\system32\iecj32.exe
O4 - HKLM\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingF8337] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://%65%68%74%74%70%2E%63%63/?
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A21677F-D762-492F-9162-4400CFDB9886}: NameServer = 69.50.176.197,199.166.31.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{266D49CF-9923-4007-BC13-FBEB69AE64F6}: NameServer = 69.50.176.197,199.166.31.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D0EA9FA-B49C-453B-84D0-4D401BB569B7}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7716DD8-254F-4CD9-A44C-470121630019}: NameServer = 69.50.176.197,199.166.31.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{D96F1292-7D49-4C90-A019-1EF17C9EB389}: NameServer = 92.31.241.20 92.31.241.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFA9677A-4F75-4B9F-BC36-716C317D21B4}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A21677F-D762-492F-9162-4400CFDB9886}: NameServer = 69.50.176.197,199.166.31.3
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Many Thanks Darren
Fireman Sam
Regular Member
 
Posts: 22
Joined: July 6th, 2008, 6:43 pm
Advertisement
Register to Remove

Re: Problems with Spybot

Unread postby muuli » July 7th, 2008, 7:10 am

Hi,

Welcome to the MWR forums. My name is muuli. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research. Please be patient and I'd be grateful if you would note the following:

1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic. Please stay at one forum for help.
3. Please continue reading posts until I give the All Clear. It is important to note this, as a clean looking HijackThis is not always a sign your system is clean.

Note: I am still in training here at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Problems with Spybot

Unread postby muuli » July 8th, 2008, 1:58 pm

Hi,

Step 1

You are operating your computer with multiple Anti Virus programs running in memory at once:
AVG7 and McAfee

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove one of them, or let me know that do you want to remove AVG7 or McAfee antivirus.

Step 2

Disable TeaTimer...
  1. If you have version 1.5, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
  2. Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  3. Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
  4. Click on Mode > Advanced Mode. When it prompts you, click Yes.
  5. On the left hand side, click on Tools.
  6. Check (tick) this box if it is not yet ticked: Resident.
  7. You will notice that Resident is now added under Tools. Click on Resident.
  8. Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
  9. Exit Spybot Search & Destroy.
  10. Restart your computer for the changes to take effect.

Step 3

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin;
follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Post back the contents of the logfile C:\fixwareout\report.txt.

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems.

Step 4

Open HijackThis, press Do a system scan only, checkmark following entries, if found:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A21677F-D762-492F-9162-4400CFDB9886}: NameServer = 69.50.176.197,199.166.31.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{266D49CF-9923-4007-BC13-FBEB69AE64F6}: NameServer = 69.50.176.197,199.166.31.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7716DD8-254F-4CD9-A44C-470121630019}: NameServer = 69.50.176.197,199.166.31.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFA9677A-4F75-4B9F-BC36-716C317D21B4}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A21677F-D762-492F-9162-4400CFDB9886}: NameServer = 69.50.176.197,199.166.31.3
Close all other windows including browser and press Fix checked.

Step 5

  1. Please download Deckard's System Scanner from Tech Support Forum and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
  2. Save all your work and close all opened programs.
  3. Double click on dss.exe to run it. Follow the prompts.
  4. When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
  5. Please post the contents of the 2 log files in your next reply.

Step 6

Please post FixWareout log and DSS logs(main.txt and extra.txt).
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Problems with Spybot

Unread postby Fireman Sam » July 9th, 2008, 1:16 pm

Hello you asked for Fixwareout log in steps 3 and 6 not sure when to post so posting now during step 3.

Username "Darren" - 09/07/2008 17:59:50 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DFA9677A-4F75-4B9F-BC36-716C317D21B4}
"nameserver"="69.50.176.197,195.225.176.31" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://69.50.166.98/users/alberto/web/lodctrpd.exe" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://69.50.166.98/users/alberto/web/diantzpt.exe" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://69.50.166.98/users/alberto/web/dosxpd.exe" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://69.50.166.98/users/alberto/web/audissrp.exe" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "http://69.50.166.98/users/alberto/web/fixmapirs.exe" Deleted
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"VOBRegCheck"="C:\\WINDOWS\\System32\\VOBREGCheck.exe -CheckReg"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Network Security Guard"="C:\\WINDOWS\\System32\\sg1eyh2no98s7.exe"
"cleaner"="C:\\WINDOWS\\System32\\clphurptpvnz.exe"
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"iecj32.exe"="C:\\WINDOWS\\system32\\iecj32.exe"
"ixproxy"="C:\\WINDOWS\\lo-2062960390.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1175040655\\ee\\AOLSoftware.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"ixproxy"="C:\\WINDOWS\\lo-2062960390.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Fireman Sam
Regular Member
 
Posts: 22
Joined: July 6th, 2008, 6:43 pm

Re: Problems with Spybot

Unread postby Fireman Sam » July 9th, 2008, 1:34 pm

main.txt log

Deckard's System Scanner v20071014.68
Run by Darren on 2008-07-09 18:30:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-07-09 17:30:11 UTC - RP249 - Deckard's System Scanner Restore Point
20: 2008-07-06 16:45:04 UTC - RP248 - Restore Operation
19: 2008-07-06 15:30:00 UTC - RP247 - Installed SUPERAntiSpyware Free Edition
18: 2008-07-06 02:24:11 UTC - RP246 - System Checkpoint
17: 2008-07-02 16:04:19 UTC - RP245 - Restore Operation


-- First Restore Point --
1: 2008-04-08 18:46:09 UTC - RP229 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Darren.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:31:00, on 09/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Documents and Settings\Darren\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Darren.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wnxx.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\sg1eyh2no98s7.exe
O4 - HKLM\..\Run: [cleaner] C:\WINDOWS\System32\clphurptpvnz.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iecj32.exe] C:\WINDOWS\system32\iecj32.exe
O4 - HKLM\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [SpybotDeletingE3503] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8085] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE795] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7832] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6490] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9294] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1053] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8780] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4780] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE3906] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE759] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE5470] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7531] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6700] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9740] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6303] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2829] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8712] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2372] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4481] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1495] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2545] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8167] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7619] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2496] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8731] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE5983] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6774] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9860] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4709] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE5471] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9408] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2606] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2779] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2894] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2628] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1085] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE546] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1909] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9918] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6508] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8664] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8303] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6271] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8701] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1072] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9547] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1253] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9885] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8689] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1296] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4197] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9588] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8300] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE380] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8264] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9046] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1390] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1135] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7289] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6853] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4537] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7413] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE327] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4923] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1986] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingF8827] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF6753] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF5110] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7278] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2104] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7500] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF1322] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2140] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF3553] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2605] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF5449] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7301] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7601] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8056] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF6333] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7180] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7744] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8820] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF4657] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF1885] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF4979] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2484] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF4531] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9709] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9681] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9838] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7692] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7225] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF3794] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9270] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF5704] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF5010] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF475] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF1279] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF3696] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF3402] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9150] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9987] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8912] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://%65%68%74%74%70%2E%63%63/?
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080709-182629-184 O17 - HKLM\System\CCS\Services\Tcpip\..\{1A21677F-D762-492F-9162-4400CFDB9886}: NameServer = 69.50.176.197,199.166.31.3
backup-20080709-182629-412 O17 - HKLM\System\CCS\Services\Tcpip\..\{D7716DD8-254F-4CD9-A44C-470121630019}: NameServer = 69.50.176.197,199.166.31.3
backup-20080709-182629-632 O17 - HKLM\System\CCS\Services\Tcpip\..\{266D49CF-9923-4007-BC13-FBEB69AE64F6}: NameServer = 69.50.176.197,199.166.31.3
backup-20080709-182630-350 O17 - HKLM\System\CS1\Services\Tcpip\..\{1A21677F-D762-492F-9162-4400CFDB9886}: NameServer = 69.50.176.197,199.166.31.3

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys (file missing)
S3 adiusbae (USB ADSL LAN Adapter) - c:\windows\system32\drivers\adiusbae.sys (file missing)
S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing)
S3 DMSKSSRh - c:\docume~1\darren\locals~1\temp\dmskssrh.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Terminal Server Keyboard Driver
Device ID: ROOT\RDP_KBD\0000
Manufacturer: (Standard system devices)
Name: Terminal Server Keyboard Driver
PNP Device ID: ROOT\RDP_KBD\0000
Service: TermDD

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Terminal Server Mouse Driver
Device ID: ROOT\RDP_MOU\0000
Manufacturer: (Standard system devices)
Name: Terminal Server Mouse Driver
PNP Device ID: ROOT\RDP_MOU\0000
Service: TermDD


-- Scheduled Tasks -------------------------------------------------------------

2007-08-15 08:31:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-06 16:30:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 16:30:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 16:30:01 0 d-------- C:\Documents and Settings\Darren\Application Data\SUPERAntiSpyware.com
2008-07-06 16:29:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 23:38:37 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-06-19 23:38:37 0 d-------- C:\Documents and Settings\LocalService\Desktop


-- Find3M Report ---------------------------------------------------------------

2008-07-09 17:48:35 0 d-------- C:\Program Files\McAfee.com
2008-07-06 16:29:11 0 d-------- C:\Program Files\Common Files
2008-07-06 01:41:54 0 d-------- C:\Documents and Settings\Darren\Application Data\AVG7
2008-07-04 23:41:51 0 d-------- C:\Program Files\Paint Shop Pro 5
2008-06-14 14:42:20 0 d-------- C:\Program Files\FinePixViewer
2008-05-11 17:00:51 25 --a------ C:\WINDOWS\System32\c.bat
2008-05-09 23:59:54 0 d-------- C:\Documents and Settings\Darren\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [20/01/2003 01:29]
"SoundMan"="SOUNDMAN.EXE" [20/01/2003 10:48 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [09/07/2001 11:50]
"VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [09/01/2003 00:55]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [19/02/2003 01:33]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [07/12/2007 16:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"Network Security Guard"="C:\WINDOWS\System32\sg1eyh2no98s7.exe" []
"cleaner"="C:\WINDOWS\System32\clphurptpvnz.exe" []
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [28/06/2003 17:10]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [19/08/2003 14:47]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [06/05/2003 10:28]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [18/04/2008 19:15]
"iecj32.exe"="C:\WINDOWS\system32\iecj32.exe" []
"ixproxy"="C:\WINDOWS\lo-2062960390.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe" [17/11/2006 14:21]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 23:32]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [29/08/2002 13:00]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [17/07/2002 20:00]
"ixproxy"="C:\WINDOWS\lo-2062960390.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingF8827"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF6753"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF5110"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF7278"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF2104"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF7500"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF1322"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF2140"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF3553"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF2605"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF5449"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF7301"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF7601"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF8056"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF6333"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF7180"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF7744"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF8820"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF4657"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF1885"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF4979"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF2484"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF4531"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF9709"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF9681"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF9838"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF7692"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF7225"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF3794"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF9270"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF5704"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF5010"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF475"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF1279"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF3696"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF3402"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF9150"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF9987"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingF8912"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingE3503"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE8085"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE795"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE7832"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE6490"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE9294"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE1053"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE8780"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE4780"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE3906"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE759"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE5470"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE7531"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE6700"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE9740"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE6303"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE2829"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE8712"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE2372"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE4481"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE1495"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE2545"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE8167"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE7619"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE2496"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE8731"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE5983"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE6774"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE9860"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE4709"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE5471"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE9408"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE2606"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE2779"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE2894"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE2628"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE1085"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE546"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE1909"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE9918"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE6508"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE8664"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE8303"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE6271"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE8701"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE1072"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE9547"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE1253"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE9885"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE8689"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE1296"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE4197"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE9588"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE8300"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE380"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE8264"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE9046"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE1390"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE1135"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE7289"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE6853"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE4537"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE7413"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE327"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE4923"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
"SpybotDeletingE1986"="C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ixproxy"=C:\WINDOWS\lo-2062960390.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [01/06/2004 18:14:06]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [29/03/2008 11:20:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEXPLORE.EXE]
C:\Program Files\Internet Explorer\IEXPLORE.EXE




-- End of Deckard's System Scanner: finished at 2008-07-09 18:31:30 ------------

extra.txt log

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.60GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 511.48 MiB / 241.92 MiB
Pagefile Memory (total/avail): 1350.57 MiB / 1077.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.64 MiB

C: is Fixed (NTFS) - 55.89 GiB total, 26.87 GiB free.
D: is Fixed (NTFS) - 46.87 GiB total, 45.52 GiB free.
E: is Fixed (FAT32) - 9.02 GiB total, 5.76 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3120023A - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 55.89 GiB - C:
\PARTITION1 - Installable File System - 46.87 GiB - D:
\PARTITION2 - Unknown - 9.03 GiB - E:

\\.\PHYSICALDRIVE3 - Medion Flash XL MMC/SD USB Device

\\.\PHYSICALDRIVE1 - Medion Flash XL CF USB Device

\\.\PHYSICALDRIVE2 - Medion Flash XL MS USB Device

\\.\PHYSICALDRIVE4 - Medion Flash XL SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Darren\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTERNAME
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Darren
LOGONSERVER=\\COMPUTERNAME
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Darren\LOCALS~1\Temp
TMP=C:\DOCUME~1\Darren\LOCALS~1\Temp
USERDOMAIN=COMPUTERNAME
USERNAME=Darren
USERPROFILE=C:\Documents and Settings\Darren
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Darren (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82F248C6-D392-11D5-9EA2-0050BAE317E1}\setup.exe" -uninst
--> RunDll32 C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll,VoilaBarUnInstall
a-squared Free 1.6 --> "C:\Program Files\a2 Free\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
AOL Coach Version 1.0(Build:20040229.1 uk) --> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bejeweled 2 Deluxe 1.1 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
BR 9F 2-10-0 92220 Evening Star v1.2 for Microsoft Train Simulator --> C:\Program Files\Microsoft Games\Train Simulator\Uninstal92220.exe
BT Voyager 105 ADSL Modem --> C:\Program Files\BT Voyager 105 ADSL Modem\uninstall.exe
BT Voyager Modem AOL Test --> C:\WINDOWS\AppRun.exe C:\PROGRA~1\VOYAGE~1
Canon i250 --> C:\WINDOWS\System32\CNMCP50.exe "-PRINTERNAMECanon i250" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i250 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i250 Installer\Inst2\cnmi0409.dll"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Class_50_Content_Update --> MsiExec.exe /I{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}
DivX 5.0.2 Bundle --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
Easy DVD Clone --> C:\PROGRA~1\EASYDV~1\UNWISE.EXE C:\PROGRA~1\EASYDV~1\INSTALL.LOG
ELR Add-on pack --> C:\Program Files\Microsoft Games\Train Simulator\Uninstal.exe
ewido anti-malware --> C:\Program Files\ewido anti-malware\Uninstall.exe
Family Fun TrainTown --> C:\WINDOWS\IsUninst.exe -fC:\Sierra\TrainTown\Uninst.isu
FinePix Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource --> C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.4 --> C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Freeserve Search toolbar --> C:\Program Files\Freeserve\FSBar\Uninstall.exe
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GT Interactive - Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GT Interactive\Driver\Uninst.isu"
guidesaverxp Screen Saver --> guidesaverxp /u
GWR City of Truro --> C:\Program Files\Microsoft Games\Train Simulator\TRAINS\Uninstal.exe
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Darren\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
Informations about your PC --> MsiExec.exe /I{0AB149EB-2AE0-466C-9BA4-3A718CF06432}
InstantCopy --> MsiExec.exe /I{A2B3D1A5-82CA-4876-AFFA-DB304A3A4FE1}
Internet Explorer Q831167 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q831167.inf
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark Z600 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Medi@Show --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Medion Home CinemaXL\MediaShow\Uninst.isu"
Medion Flash XL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9
Microsoft AutoRoute 2002 --> MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}
Microsoft Encarta Encyclopedia Standard - WE 2003 --> MsiExec.exe /I{035A0014-3975-4267-9F39-1DC4745090B7}
Microsoft Money --> MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
Microsoft Money System Pack --> MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Train Simulator --> "C:\Program Files\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
PC-Rail Simulations --> C:\Program Files\Pcrail\UnInstal.exe
PowerCinema --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B103F43-069C-11D6-9EA2-0050BAE317E1}\SETUP.EXE" -uninst
PowerCinema 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerDirector Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RollerCoaster Tycoon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
SD40-2_Content_Update --> MsiExec.exe /I{BF7C1B99-A250-45EF-B186-0C33B7308F95}
SimSig Cambridge V2.104 --> "C:\Program Files\SimSig\unins006.exe"
SimSig Didcot --> C:\WINDOWS\uninst.exe -f"C:\Program Files\SimSig\DeIsL2.isu" -cC:\PROGRA~1\SimSig\_ISREG32.DLL
SimSig Drain V2.112 --> "C:\Program Files\SimSig\unins007.exe"
SimSig Exeter V0.1 Beta --> "C:\Program Files\SimSig\unins002.exe"
SimSig King's Cross V2.91b --> "C:\Program Files\SimSig\unins000.exe"
SimSig Peterborough V0.4c Beta --> "C:\Program Files\SimSig\unins004.exe"
SimSig Royston V2.102 --> "C:\Program Files\SimSig\unins005.exe"
SimSig Sheffield V2.121.353 --> "C:\Program Files\SimSig\unins008.exe"
SimSig Southampton --> C:\WINDOWS\uninst.exe -f"C:\Program Files\SimSig\DeIsL5.isu" -cC:\PROGRA~1\SimSig\_ISREG32.DLL
SimSig Stafford --> C:\WINDOWS\uninst.exe -f"C:\Program Files\SimSig\DeIsL1.isu" -c"C:\Program Files\SimSig\_ISREG32.DLL"
SimSig Swindon --> C:\WINDOWS\uninst.exe -f"C:\Program Files\SimSig\DeIsL3.isu" -cC:\PROGRA~1\SimSig\_ISREG32.DLL
SimSig V2.102 --> "C:\Program Files\SimSig\unins001.exe"
SimSig Waterloo --> C:\WINDOWS\uninst.exe -f"C:\Program Files\SimSig\DeIsL6.isu" -cC:\PROGRA~1\SimSig\_ISREG32.DLL
SimSig Westbury V2.101 --> "C:\Program Files\SimSig\unins003.exe"
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
The Simpsons Hit & Run(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}\setup.exe" -l0x9
Trainz --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}\Setup.exe"
VideoLive Mail 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Medion Home CinemaXL\VideoLiveMail\Uninst.isu"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Pool 2 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\VR Sports\VP2\DeIsL1.isu"
Westbury V2.8 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\SimSig\DeIsL4.isu" -cC:\PROGRA~1\SimSig\_ISREG32.DLL
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type6058 / Error
Event Submitted/Written: 07/09/2008 05:54:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sddelfile.exe, version 1.0.2.3, faulting module kernel32.dll, version 5.1.2600.1106, fault address 0x00013887.

Event Record #/Type6057 / Error
Event Submitted/Written: 07/09/2008 05:54:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sddelfile.exe, version 1.0.2.3, faulting module kernel32.dll, version 5.1.2600.1106, fault address 0x00013887.

Event Record #/Type6056 / Error
Event Submitted/Written: 07/09/2008 05:54:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sddelfile.exe, version 1.0.2.3, faulting module kernel32.dll, version 5.1.2600.1106, fault address 0x00013887.

Event Record #/Type6055 / Error
Event Submitted/Written: 07/09/2008 05:54:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sddelfile.exe, version 1.0.2.3, faulting module kernel32.dll, version 5.1.2600.1106, fault address 0x00013887.

Event Record #/Type6054 / Error
Event Submitted/Written: 07/09/2008 05:54:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sddelfile.exe, version 1.0.2.3, faulting module kernel32.dll, version 5.1.2600.1106, fault address 0x00013887.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type101280 / Error
Event Submitted/Written: 07/09/2008 06:02:41 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Ltio62
TermDD

Event Record #/Type101279 / Error
Event Submitted/Written: 07/09/2008 06:02:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The General Purpose USB Driver (adildr.sys) service failed to start due to the following error:
%%2

Event Record #/Type101278 / Warning
Event Submitted/Written: 07/09/2008 06:02:27 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0011F5240DA6. The IP address being used is 169.254.140.178.

Event Record #/Type101269 / Warning
Event Submitted/Written: 07/09/2008 05:54:23 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0011F5240DA6. The IP address being used is 169.254.140.178.

Event Record #/Type101254 / Error
Event Submitted/Written: 07/09/2008 05:53:57 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Ltio62
TermDD



-- End of Deckard's System Scanner: finished at 2008-07-09 18:31:30 ------------
Fireman Sam
Regular Member
 
Posts: 22
Joined: July 6th, 2008, 6:43 pm

Re: Problems with Spybot

Unread postby muuli » July 10th, 2008, 5:20 am

Hi,

Do you know what is this at your uninstall list?
guidesaverxp Screen Saver

Step 1

You don't have a firewall on your computer so start windows firewall if not running yet. Press Start -> Controlpanel -> Windows Firewall, then make sure that tap is ON (recommended). Don't install any third party firewall yet.

Step 2

We remove adobe because it's out of date, I'll give a link for you to the latest version to later.

And also remove ewido anti-malware because Grisoft doesn't update it anymore.

Remove via Add/Remove programs (press Start -> Controlpanel -> Add/Remove programs):
Adobe Reader 7.0.9
ewido anti-malware


Step 3

Open HijackThis, press Do a system scan only, checkmark following entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\sg1eyh2no98s7.exe
O4 - HKLM\..\Run: [cleaner] C:\WINDOWS\System32\clphurptpvnz.exe
O4 - HKLM\..\Run: [iecj32.exe] C:\WINDOWS\system32\iecj32.exe
O4 - HKLM\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [SpybotDeletingE3503] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8085] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE795] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7832] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6490] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9294] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1053] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8780] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4780] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE3906] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE759] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE5470] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7531] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6700] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9740] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6303] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2829] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8712] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2372] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4481] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1495] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2545] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8167] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7619] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2496] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8731] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE5983] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6774] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9860] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4709] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE5471] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9408] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2606] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2779] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2894] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2628] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1085] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE546] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1909] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9918] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6508] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8664] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8303] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6271] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8701] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1072] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9547] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1253] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9885] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8689] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1296] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4197] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9588] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8300] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE380] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8264] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9046] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1390] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1135] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7289] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6853] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4537] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7413] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE327] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4923] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1986] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingF8827] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF6753] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF5110] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7278] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2104] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7500] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF1322] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2140] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF3553] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2605] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF5449] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7301] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7601] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8056] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF6333] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7180] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7744] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8820] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF4657] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF1885] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF4979] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2484] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF4531] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9709] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9681] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9838] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7692] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7225] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF3794] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9270] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF5704] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF5010] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF475] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF1279] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF3696] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF3402] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9150] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9987] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8912] "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "c:\windows\system32\a.exe"
O13 - WWW. Prefix: http://%65%68%74%74%70%2E%63%63/?

Close all other windows including browser and press Fix checked.

Step 4

Please open Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as delete.bat on your Desktop

Code: Select all
@echo off
sc stop DMSKSSRh
sc delete DMSKSSRh


Double click on delete.bat.
A window will open and close this is normal.

Step 5

Delete files with reboot.
  • Open HijackThis
  • Click on the tab "Open the Misc Tools Session"
  • Click on the Box that says "Delete a file on reboot"
  • Find the following file - C:\WINDOWS\System32\c.bat
  • Double click that file, and answer "No" to the next question.
  • Do the same to this file, BUT now answer "Yes" to the question.
    c:\windows\system32\a.exe
HijackThis reboot your computer now.

Remove following folder.
Press Start -> My Computer -> Local Disk (C)
Locate the following folder using the path below. If found please delete.
C:\Program Files\ewido anti-malware

Step 6

Update your Adobe Reader now.
Please download the newest version here and install it:
http://ardownload.adobe.com/pub/adobe/r ... _en_US.exe

During the install make sure you don't install the Adobe Photoshop Album Starter Edition if you don't want it.

Step 7

Scan again with DSS...
    Note: You must be logged onto an account with administrator privileges.
  1. Save all your work and close all opened programs.
  2. Double click on dss.exe to run it. Follow the prompts.
  3. When the scan is complete, a log file will be produced(main.txt).
  4. Please post that log in your next reply.

Step 8

Please post DSS log(main.txt).
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Problems with Spybot

Unread postby Fireman Sam » July 11th, 2008, 8:31 am

Thank you for you help so far I could not find the following
Step 1

You don't have a firewall on your computer so start windows firewall if not running yet. Press Start -> Controlpanel -> Windows Firewall

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

or
c:\windows\system32\a.exe


Deckard's System Scanner v20071014.68
Run by Darren on 2008-07-11 13:25:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Darren.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-11 13:25:24
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\System\MSASP32.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\1175040655\ee\aolsoftware.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Documents and Settings\Darren\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wnxx.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: ExifLauncher2.lnk = ?
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/sh ... tor/sw.cab
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/ ... mvadvd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/C ... 4321064815
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\System32\
O23 - Service: Advance Service Process - Unknown owner - C:\Program Files\Common Files\System\MSASP32.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe


--
End of file - 8656 bytes

-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 13:20:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-11 13:14:07 62168 --a------ C:\WINDOWS\System32\ww.exe
2008-07-09 22:13:13 62168 --a------ C:\WINDOWS\System32\cw.exe
2008-07-09 22:08:20 62168 --a------ C:\WINDOWS\System32\mb.exe
2008-07-06 16:30:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 16:30:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 16:30:01 0 d-------- C:\Documents and Settings\Darren\Application Data\SUPERAntiSpyware.com
2008-07-06 16:29:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 23:38:37 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-06-19 23:38:37 0 d-------- C:\Documents and Settings\LocalService\Desktop


-- Find3M Report ---------------------------------------------------------------

2008-07-11 08:32:35 0 d-------- C:\Documents and Settings\Darren\Application Data\AVG7
2008-07-09 17:48:35 0 d-------- C:\Program Files\McAfee.com
2008-07-06 16:29:11 0 d-------- C:\Program Files\Common Files
2008-07-04 23:41:51 0 d-------- C:\Program Files\Paint Shop Pro 5
2008-06-14 14:42:20 0 d-------- C:\Program Files\FinePixViewer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [20/01/2003 01:29]
"SoundMan"="SOUNDMAN.EXE" [20/01/2003 10:48 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [09/07/2001 11:50]
"VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [09/01/2003 00:55]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [19/02/2003 01:33]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [07/12/2007 16:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [28/06/2003 17:10]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [19/08/2003 14:47]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [06/05/2003 10:28]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [18/04/2008 19:15]
"HostManager"="C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe" [17/11/2006 14:21]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 23:32]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [29/08/2002 13:00]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [17/07/2002 20:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ixproxy"=C:\WINDOWS\lo-2062960390.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [01/06/2004 18:14:06]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [29/03/2008 11:20:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEXPLORE.EXE]
C:\Program Files\Internet Explorer\IEXPLORE.EXE




-- End of Deckard's System Scanner: finished at 2008-07-11 13:25:55 ------------
Fireman Sam
Regular Member
 
Posts: 22
Joined: July 6th, 2008, 6:43 pm

Re: Problems with Spybot

Unread postby muuli » July 12th, 2008, 4:57 pm

Hi,

You didn't answer the question...
muuli wrote:Do you know what is this at your uninstall list?
guidesaverxp Screen Saver


Step 1

Okay, try this to start Windwows firewall...
Press Start -> Controlpanel -> Windows Security Center -> Windows firewall and make sure that tap is ON (recommended).

Step 2

Open HijackThis, press Do a system scan only, checkmark following entries:
O4 - HKUS\S-1-5-19\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'Default user')
Close all other windows including browser and press Fix checked.

Step 3

Please open Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as delete.bat on your Desktop

Code: Select all
@echo off
sc stop "Advance Service Process"
sc delete "Advance Service Process"


Double click on delete.bat.
A window will open and close this is normal.

Step 4

Please download OTMoveIt2.exe by OldTimer and save it to your desktop.

Double click on OTMoveIt2.exe to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

Code: Select all
C:\WINDOWS\System32\ww.exe
C:\WINDOWS\System32\cw.exe
C:\WINDOWS\System32\mb.exe
C:\Program Files\Common Files\System\MSASP32.exe
C:\Program Files\McAfee.com


Click on MoveIt! (2).

When done, click on Exit (3).

Note: If a file or folder can't be moved immediately, you may asked to restart your computer. Please choose Yes.

Please refer to this picture for using OTMoveIt.

Image

The log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Please post this log in your next reply.

Step 5

Please scan again with DSS and post the main.txt log and OtMoveIt2 log(C:\_OTMoveIt\MovedFiles\date_time.log).
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Problems with Spybot

Unread postby Fireman Sam » July 13th, 2008, 6:22 am

Do you know what is this at your uninstall list?
guidesaverxp Screen Saver
This is a screensaver I downloaded from the BBC website several years ago.

Still cannot find Step 1 Windows firewall

Step 2 none of the items listed were present
O4 - HKUS\S-1-5-19\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ixproxy] C:\WINDOWS\lo-2062960390.exe (User 'Default user')


Step 4
C:\WINDOWS\System32\ww.exe moved successfully.
C:\WINDOWS\System32\cw.exe moved successfully.
C:\WINDOWS\System32\mb.exe moved successfully.
C:\Program Files\Common Files\System\MSASP32.exe moved successfully.
C:\Program Files\McAfee.com\Personal Firewall\data\summary\appicons moved successfully.
C:\Program Files\McAfee.com\Personal Firewall\data\summary moved successfully.
C:\Program Files\McAfee.com\Personal Firewall\data moved successfully.
C:\Program Files\McAfee.com\Personal Firewall moved successfully.
C:\Program Files\McAfee.com moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07132008_111157



Step 5

Deckard's System Scanner v20071014.68
Run by Darren on 2008-07-13 11:21:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Darren.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:21:55, on 13/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\System\MSASP32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Documents and Settings\Darren\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Darren.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wnxx.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D0EA9FA-B49C-453B-84D0-4D401BB569B7}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{D96F1292-7D49-4C90-A019-1EF17C9EB389}: NameServer = 92.31.241.20 92.31.241.21
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


-- Files created between 2008-06-13 and 2008-07-13 -----------------------------

2008-07-13 11:18:14 0 --a------ C:\WINDOWS\System32\yf.exe
2008-07-13 11:18:14 177 --a------ C:\WINDOWS\System32\tj
2008-07-13 11:08:25 62168 --a------ C:\WINDOWS\System32\nb.exe
2008-07-12 14:22:34 62168 --a------ C:\WINDOWS\System32\aq.exe
2008-07-11 13:20:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-06 16:30:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 16:30:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 16:30:01 0 d-------- C:\Documents and Settings\Darren\Application Data\SUPERAntiSpyware.com
2008-07-06 16:29:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 23:38:37 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-06-19 23:38:37 0 d-------- C:\Documents and Settings\LocalService\Desktop


-- Find3M Report ---------------------------------------------------------------

2008-07-12 15:11:50 0 d-------- C:\Program Files\Paint Shop Pro 5
2008-07-12 14:52:21 0 d-------- C:\Program Files\FinePixViewer
2008-07-11 08:32:35 0 d-------- C:\Documents and Settings\Darren\Application Data\AVG7
2008-07-06 16:29:11 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [20/01/2003 01:29]
"SoundMan"="SOUNDMAN.EXE" [20/01/2003 10:48 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [09/07/2001 11:50]
"VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [09/01/2003 00:55]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [19/02/2003 01:33]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [07/12/2007 16:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [28/06/2003 17:10]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [19/08/2003 14:47]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [06/05/2003 10:28]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [18/04/2008 19:15]
"HostManager"="C:\Program Files\Common Files\AOL\1175040655\ee\AOLSoftware.exe" [17/11/2006 14:21]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 23:32]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [29/08/2002 13:00]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [17/07/2002 20:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ixproxy"=C:\WINDOWS\lo-2062960390.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [01/06/2004 18:14:06]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [29/03/2008 11:20:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEXPLORE.EXE]
C:\Program Files\Internet Explorer\IEXPLORE.EXE




-- End of Deckard's System Scanner: finished at 2008-07-13 11:22:10 ------------
Fireman Sam
Regular Member
 
Posts: 22
Joined: July 6th, 2008, 6:43 pm

Re: Problems with Spybot

Unread postby muuli » July 14th, 2008, 12:14 pm

Hi,

You didn't find Windows firewall because it's attribute of SP2 and you have only SP1. Note! Don't install SP2 yet, because if you install SP2 to infected computer, can be possible that computer crash and then we have a big problem.

Please make sure that all programs are closed when installing Java.

    Download the latest version of Java Runtime Environment(JRE), and install it to your computer. It is the 5th one down on the page, called Java Runtime Environment (JRE) 6 Update 7
    Download it, choose save, and save it to your desktop.Then doubleclick it, and it will install the newest version of Java for you to use.
  1. After the Java installation has finished, please go to Kaspersky website and perform an online antivirus scan.
  2. Read through the requirements and privacy statement and click on Accept button.
  3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  4. When the downloads have finished, click on Settings.
  5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  6. Click on My Computer under Scan.
  7. Once the scan is complete, it will display the results. Click on View Scan Report.
  8. You will see a list of infected items there. Click on Save Report As....
  9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  10. Please post this log in your next reply.
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Problems with Spybot

Unread postby Fireman Sam » July 15th, 2008, 9:38 am

I have downloaded and run Java Runtime Environment (JRE) 6 Update 7 but at the moment I cannot access the Kaspersky website all I get is 'cannot find server' so I will try again later.
Fireman Sam
Regular Member
 
Posts: 22
Joined: July 6th, 2008, 6:43 pm

Re: Problems with Spybot

Unread postby Fireman Sam » July 16th, 2008, 10:50 am

Fireman Sam wrote:I have downloaded and run Java Runtime Environment (JRE) 6 Update 7 but at the moment I cannot access the Kaspersky website all I get is 'cannot find server' so I will try again later.

I'm still unable to access Kaspersky I have also had this problem for a long time trying to access microsoft.com website which is why I have been unable to update windows.
Fireman Sam
Regular Member
 
Posts: 22
Joined: July 6th, 2008, 6:43 pm

Re: Problems with Spybot

Unread postby muuli » July 16th, 2008, 4:17 pm

Hi,

Panda Online Scan...
  1. Click here to perform a Panda online scan. Please use Internet Explorer as it requires ActiveX.
  2. Click on Scan your PC now.
  3. A new window will open.
  4. Select your country and type in your email address. You may also optionally choose to receive emails from Panda. If you don't wish to, please select I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable. option.
  5. Click on Free online scan.
  6. You will be prompted to install an ActiveX. Please allow it.
  7. Once installed, it will start downloading the virus definitions. Please be patient. This takes a while.
  8. Once the files are downloaded, it will ask you to select what to scan. Select My Computer.
  9. The scan will start. It takes a while, please be patient.
  10. Once done, click on View Report.
  11. You will be brought to another page. Click on Save Report. Save it to your desktop. Please post this report in your next reply.
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Problems with Spybot

Unread postby Fireman Sam » July 18th, 2008, 10:16 am

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-18 15:12:39
PROTECTIONS: 0
MALWARE: 28
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00013512 adware/searchaid Adware No 0 Yes No c:\windows\system32\sdkry32.exe
00013512 adware/searchaid Adware No 0 Yes No c:\windows\system32\sdksv32.exe
00013512 adware/searchaid Adware No 0 Yes No c:\windows\sdkau32.exe
00013512 adware/searchaid Adware No 0 Yes No c:\windows\sdkiy32.exe
00013512 adware/searchaid Adware No 0 Yes No c:\windows\sdklu32.exe
00029036 adware/superspider Adware No 1 Yes No hkey_current_user\software\microsoft\internet explorer\main\hpded
00029036 adware/superspider Adware No 1 Yes No hkey_current_user\software\microsoft\internet explorer\main\spded
00048337 Trj/Relink.A Virus/Trojan No 0 Yes No Local Folders\Sent Items\Carlisle\~0000002.~
00048404 Trj/Zapchast.D Virus/Trojan No 0 Yes No C:\WINDOWS\system32\c.bat
00110438 dialer.qi Dialers No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E1E7E702-E22C-40A1-A936-3F8EF75C71F5}
00110438 dialer.qi Dialers No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{9A9C9133-E640-4CA7-81C1-123FAC78855F}
00139535 Application/Processor HackTools No 0 Yes No C:\Download\smitRem.exe[smitRem/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Darren\Desktop\smitRem.exe[smitRem/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Darren\Desktop\smitRem\Process.exe
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@anm.co[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@ccbill[1].txt
00155126 adware/adultlt Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{373E0369-863A-4345-BD57-F46DD9A0C4F2}
00155126 adware/adultlt Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{C848D4BE-A391-4456-ABAA-81E834C77700}
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@kinghost[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@com[1].txt
00167653 Cookie/Outster TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@outster[2].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@fe.lea.lycos[1].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@tickle[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@ad.yieldmanager[2].txt
00168059 Cookie/Mp3s Hits TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@www.mp3shits[1].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@888[2].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@metriweb[1].txt
00173905 Cookie/Xmts TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@xmts[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@bravenet[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@go[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@searchportal.information[2].txt
00311014 Cookie/Freehqvideos TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@www.freehqvideos[1].txt
00311015 Cookie/Freehqvideos TrackingCookie No 0 Yes No C:\Documents and Settings\Darren\Cookies\darren@_mov[1].txt
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\fixwareout\FindT\nircmd.exe
00528536 W32/Sdbot.KLA.worm Virus/Worm No 1 Yes No C:\WINDOWS\system32\aq.exe
00528536 W32/Sdbot.KLA.worm Virus/Worm No 1 Yes No C:\WINDOWS\system32\nb.exe
00528536 W32/Sdbot.KLA.worm Virus/Worm No 1 Yes No C:\_OTMoveIt\MovedFiles\07132008_111157\Program Files\Common Files\System\MSASP32.exe
00528536 W32/Sdbot.KLA.worm Virus/Worm No 1 Yes No C:\_OTMoveIt\MovedFiles\07132008_111157\WINDOWS\System32\cw.exe
00528536 W32/Sdbot.KLA.worm Virus/Worm No 1 Yes No C:\_OTMoveIt\MovedFiles\07132008_111157\WINDOWS\System32\mb.exe
00528536 W32/Sdbot.KLA.worm Virus/Worm No 1 Yes No C:\_OTMoveIt\MovedFiles\07132008_111157\WINDOWS\System32\ww.exe
00528536 W32/Sdbot.KLA.worm Virus/Worm Yes 2 Yes No C:\Program Files\Common Files\System\MSASP32.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location <\s5
;===================================================================================================================================================================================
No C:\WINDOWS\I386\TELNET.EXE <\s5
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description <\s5
;===================================================================================================================================================================================
133387 MEDIUM MS06-065 <\s5
133386 MEDIUM MS06-064 <\s5
133385 MEDIUM MS06-063 <\s5
133379 HIGH MS06-057 <\s5
131654 HIGH MS06-055 <\s5
129977 MEDIUM MS06-053 <\s5
129976 MEDIUM MS06-052 <\s5
126093 HIGH MS06-051 <\s5
126092 MEDIUM MS06-050 <\s5
126087 HIGH MS06-046 <\s5
126086 MEDIUM MS06-045 <\s5
126083 HIGH MS06-042 <\s5
126082 HIGH MS06-041 <\s5
126081 HIGH MS06-040 <\s5
123421 HIGH MS06-036 <\s5
123420 HIGH MS06-035 <\s5
120825 MEDIUM MS06-032 <\s5
120823 MEDIUM MS06-030 <\s5
120818 HIGH MS06-025 <\s5
120815 HIGH MS06-022 <\s5
120814 HIGH MS06-021 <\s5
117384 MEDIUM MS06-018 <\s5
114666 HIGH MS06-015 <\s5
114664 HIGH MS06-013 <\s5
111790 MEDIUM MS06-011 <\s5
108744 MEDIUM MS06-008 <\s5
108743 MEDIUM MS06-007 <\s5
108742 MEDIUM MS06-006 <\s5
104567 HIGH MS06-002 <\s5
104237 HIGH MS06-001 <\s5
101055 HIGH MS05-054 <\s5
96574 HIGH MS05-053 <\s5
93396 HIGH MS05-052 <\s5
93395 HIGH MS05-051 <\s5
93394 HIGH MS05-050 <\s5
93454 MEDIUM MS05-049 <\s5
;===================================================================================================================================================================================
Fireman Sam
Regular Member
 
Posts: 22
Joined: July 6th, 2008, 6:43 pm

Re: Problems with Spybot

Unread postby muuli » July 19th, 2008, 3:14 pm

Hi,

Step 1

If you already have SDFix, please delete this copy and download it again as it's being updated regularly.

  1. Please download SDFix by AndyManchesta and save it to your desktop.
  2. Double click on SDFix.exe. By default, it will install to C:\.
  3. Click on Install.

Please print out or save this set of instructions as you will not have internet access during the fix.

Next, boot into Safe Mode.

Note! Let me know if you can't boot into Safe Mode. Do not continue with the fixes.

  1. When you see BIOS screen, start pressing F8.
  2. A boot menu will appear shortly.
  3. Using the up down arrows, select Safe Mode and press the Enter key.
  4. Windows will now load.
  5. Log in to your usual account.
  6. Navigate to C:\SDfix (if you installed it to the default location, otherwise, locate where you installed it)
  7. Double click on RunThis.bat
  8. Type Y to begin the cleanup process.
  9. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  10. Press any key to reboot.
  11. When the PC restarts the tool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  12. Once the desktop icons load, the SDFix report will open on screen. You can also find the report in SDFix folder, named Report.txt.

Step 2

Scan again with DSS...
    Note: You must be logged onto an account with administrator privileges.
  1. Save all your work and close all opened programs.
  2. Double click on dss.exe to run it. Follow the prompts.
  3. When the scan is complete, a log file will be produced(main.txt).
  4. Please post that log in your next reply, post also SDFix log.
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 489 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware