|
|
|
spyware-server can't find web page in every browser
|
|
|
ssholovic
Newbie
|
30. March 2008 @ 13:42 |
Link to this message
|
Hi everyone, I am new here and i hope I will find a solution to my problem.
I tried everything, I mean everything, I can't even write down all the software I used, they found something, cleared, but the problem is still active. When I browse internet, in every browser (FF, IE, Opera) on some adresses, I always get this message Firefox can't find the server at www.anything.com. I get this message usually on .com, .org domens, but hapens randomly. When I press REFRESH or Try again, it loads the web page normaly. This happens especially in Rapid Share when I enter the verification code. I get some strange ads. And Spybot, Spysweeper, AdAware, Kaspersky AV, and etc. nothing helped. Win Update also didn't work, but when some of these sofwares cleared some spyware it works now. If anyone can help please. And also in DC++ it doesn't connect automatically to hubs, and I have to refresh all connections tu hubs.
here is my Hijack Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:16 PM, on 3/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\WMonitor\InfoMyCa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Users\Oliver\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [eDSMSNfix] "C:\Acer\Empowering Technology\eDSMSNfix.exe"
O4 - HKLM\..\Run: [Getca] "C:\Program Files\WMonitor\InfoMyCa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{11318B7D-E54A-4DFE-AF7D-6C16861BAE6B}
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 54Mbps Wireless Network Service (54Mbps Wireless Network) - Unknown owner - C:\Program Files\WMonitor\WLService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9257 bytes
DSS Scanner
Here are the logs:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista? Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: AMD Turion(tm) 64 Mobile Technology MK-38
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 765.56 MiB / 314.32 MiB
Pagefile Memory (total/avail): 1779.74 MiB / 914.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.34 MiB
C: is Fixed (NTFS) - 32.52 GiB total, 14.48 GiB free.
D: is Fixed (NTFS) - 32.25 GiB total, 14.54 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST980811AS ATA Device - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 32.52 GiB - C:
\PARTITION2 - Installable File System - 32.25 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
Windows Internal Firewall is enabled.
FW: Kaspersky Anti-Virus v7.0.0.125 (Kaspersky Lab) Disabled
AV: ThreatFire v3.0.14.16 (PC Tools)
AV: Kaspersky Anti-Virus v7.0.0.125 (Kaspersky Lab)
AV: Spyware Doctor with AntiVirus v4.4.5 (PC Tools)
AS: Spyware Doctor v5.5.0.212 (PC Tools) Disabled
AS: Avira AntiVir PersonalEdition v 7.0.3.83
(Avira GmbH)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Kaspersky Anti-Virus v7.0.0.125 (Kaspersky Lab)
AS: ThreatFire v3.0.14.16 (PC Tools)
AS: SUPERAntiSpyware v4, 0, 0, 1154 (SUPERAntiSpyware.com) Disabled
AS: Spy Sweeper v5.5.7.124 (Webroot Software Inc) Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Oliver\AppData\Roaming
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OLIVER-PC
ComSpec=C:\Windows\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Oliver
LOCALAPPDATA=C:\Users\Oliver\AppData\Local
LOGONSERVER=\\OLIVER-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Intuwave\Shared\mRouterRuntime
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4c02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Oliver\AppData\Local\Temp
TMP=C:\Users\Oliver\AppData\Local\Temp
USERDOMAIN=Oliver-PC
USERNAME=Oliver
USERPROFILE=C:\Users\Oliver
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Oliver (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
--> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\Setup.exe" -l0x9
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Any Video Converter 2.5.1 --> "C:\Program Files\Any Video Converter\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Applian FLV Player --> "C:\Windows\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
ATI Uninstaller --> C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
doPDF 5.3 printer --> "C:\Program Files\Softland\doPDF 5\unins000.exe"
ffdshow [rev 1685] [2007-12-06] --> "C:\Program Files\ffdshow\unins000.exe"
File Renamer - Basic --> C:\Windows\File Renamer - Basic Uninstaller.exe
FLV Downloader 1.01 --> "C:\Program Files\FLV Downloader 1.01\unins000.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
GTK+ Runtime 2.12.1 rev b (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -Ic:\Release\Foxconn\51338\AcrZUn32z.inf
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
KGB Archiver 1.2.1.24 --> "C:\Program Files\KGB Archiver\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 4.00 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 Micro 8.1.1.3 --> "C:\Program Files\Nero\unins000.exe"
NoAdware v5.0 --> "C:\Program Files\NoAdware5.0\unins000.exe"
Opera 9.26 --> MsiExec.exe /X{9894D22D-0558-41D9-95FC-8E9BFD6E8170}
Orbit --> "C:\Program Files\Orbitdownloader\unins000.exe"
PC Suite for Sony Ericsson --> C:\Windows\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\Setup.exe /uninstall
PC Suite for Sony Ericsson --> MsiExec.exe /I{430EB7ED-8588-430D-B17C-BFFA00CB370A}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Real Alternative 1.60 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Skype? 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sony Ericsson Symbian 9 Drivers --> C:\Program Files\Sony Ericsson\Sony Ericsson Symbian 9 Drivers\ZEBRUninstall.exe
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sweepi 5.4.00 --> "C:\Program Files\YooApplications\Sweepi\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tag&Rename 3.4.6 --> "C:\Program Files\TagRename\unins000.exe"
Trillian --> C:\Program Files\Trillian\Trillian.exe /uninstall
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless USB Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B6187C3-1FC2-453D-96D4-592798BB31A6}\Setup.exe" -l0x9 -L0x9
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type13296 / Success
Event Submitted/Written: 03/30/2008 02:36:09 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type13285 / Success
Event Submitted/Written: 03/30/2008 02:25:29 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type13283 / Success
Event Submitted/Written: 03/30/2008 02:25:26 PM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type13276 / Success
Event Submitted/Written: 03/30/2008 02:25:12 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type13261 / Error
Event Submitted/Written: 03/30/2008 01:26:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.EXE, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x60c, application start time 0xExplorer.EXE0.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type51889 / Warning
Event Submitted/Written: 03/30/2008 02:33:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Oliver-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Oliver-PC27 can't undo changes that you allow.
For more information please see the following:
%Oliver-PC275
Scan ID: {ABFC3F6E-2010-41E1-A6C7-30C8A3181C56}
User: Oliver-PC\Oliver
Name: %Oliver-PC271
ID: %Oliver-PC272
Severity ID: %Oliver-PC273
Category ID: %Oliver-PC274
Path Found: %Oliver-PC276
Alert Type: %Oliver-PC278
Detection Type: 1.1.1505.02
Event Record #/Type51868 / Error
Event Submitted/Written: 03/30/2008 02:26:31 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
TfFsMon
TfSysMon
Event Record #/Type51847 / Error
Event Submitted/Written: 03/30/2008 02:26:31 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
ThreatFire%%2
Event Record #/Type51837 / Error
Event Submitted/Written: 03/30/2008 02:26:31 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
CSIScanner%%3
Event Record #/Type51790 / Error
Event Submitted/Written: 03/30/2008 02:24:57 PM
Event ID/Source: 6008 / EventLog
Event Description:
The previous system shutdown at 2:22:12 PM on 3/30/2008 was unexpected.
-- End of Deckard's System Scanner: finished at 2008-03-30 17:12:29 ------------
Deckard's System Scanner v20071014.68
Run by Oliver on 2008-03-30 17:08:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
13: 2008-03-30 09:41:03 UTC - RP449 - Windows Defender Checkpoint
12: 2008-03-29 10:41:58 UTC - RP447 - Before uninstall Spyware Doctor 5.5
11: 2008-03-29 09:09:18 UTC - RP445 - Windows Defender Checkpoint
10: 2008-03-29 00:54:19 UTC - RP443 - Windows Update
9: 2008-03-29 00:46:03 UTC - RP442 - Windows Update
-- First Restore Point --
1: 2008-03-28 21:24:14 UTC - RP427 - Before uninstall Samsung PC Studio 3 USB Driver Installer
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 766 MiB (1024 MiB recommended).
-- HijackThis (run as Oliver.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:41 PM, on 3/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\WMonitor\InfoMyCa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Users\Oliver\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
C:\Users\Oliver\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Oliver.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [eDSMSNfix] "C:\Acer\Empowering Technology\eDSMSNfix.exe"
O4 - HKLM\..\Run: [Getca] "C:\Program Files\WMonitor\InfoMyCa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{11318B7D-E54A-4DFE-AF7D-6C16861BAE6B}
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 54Mbps Wireless Network Service (54Mbps Wireless Network) - Unknown owner - C:\Program Files\WMonitor\WLService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9151 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080314-104718-246 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ahsan_Manan_Khan_Bhutta * Internet Explorer *
backup-20080314-104922-695 O23 - Service: KQN - Unknown owner - C:\Users\Oliver\AppData\Local\Temp\KQN.exe (file missing)
backup-20080314-104922-740 O23 - Service: YGSCWWQN - Unknown owner - C:\Users\Oliver\AppData\Local\Temp\YGSCWWQN.exe (file missing)
backup-20080328-121405-536 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080328-123006-761 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080328-123006-885 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20080329-000336-862 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080329-000336-970 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080330-140125-403 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe"%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - \??\c:\windows\system32\drivers\nsdriver.sys
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - \??\c:\windows\system32\drivers\awrtpd.sys
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - \??\c:\windows\system32\drivers\awrtrd.sys
S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 54Mbps Wireless Network (54Mbps Wireless Network Service) - c:\program files\wmonitor\wlservice.exe
R2 ALaunchService (ALaunch Service) - c:\acer\alaunch\alaunchsvc.exe <Not Verified; ; ALaunchSvc Service Image>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p
S2 CSIScanner -
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 ThreatFire - c:\program files\threatfire\tfservice.exe service (file missing)
S4 KQN - c:\users\oliver\appdata\local\temp\kqn.exe (file missing)
S4 YGSCWWQN - c:\users\oliver\appdata\local\temp\ygscwwqn.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR5007EG Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04281468&REV_01\4&188A24BE&0&0020
Manufacturer: Atheros Communications Inc.
Name: Atheros AR5007EG Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04281468&REV_01\4&188A24BE&0&0020
Service: athr
-- Scheduled Tasks -------------------------------------------------------------
2008-03-30 10:36:38 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{11318B7D-E54A-4DFE-AF7D-6C16861BAE6B}.job
2008-03-28 18:27:26 378 --a------ C:\Windows\Tasks\1-Click Maintenance.job
2008-01-17 16:57:44 256 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2008-02-29 and 2008-03-30 -----------------------------
2008-03-30 14:22:26 10880 --a------ C:\Windows\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI>
2008-03-30 14:22:25 0 d-------- C:\Program Files\PrevxCSI
2008-03-30 14:22:19 0 d-------- C:\Users\All Users\PrevxCSI
2008-03-29 20:34:25 0 d-------- C:\Program Files\NoAdware5.0
2008-03-28 17:05:05 0 d-------- C:\Program Files\TagRename
2008-03-28 16:53:49 394240 --a------ C:\Windows\system32\Smab.dll
2008-03-28 16:53:47 719872 --a------ C:\Windows\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-03-28 16:53:46 318976 --a------ C:\Windows\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-03-28 16:53:44 27648 --a------ C:\Windows\system32\AVSredirect.dll
2008-03-28 16:53:44 66560 --a------ C:\Windows\MOTA113.exe
2008-03-28 16:53:43 70656 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-03-28 16:53:43 70656 --a------ C:\Windows\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-03-28 16:53:40 217073 --a------ C:\Windows\meta4.exe
2008-03-28 16:53:39 0 d-------- C:\Program Files\AviSynth 2.5
2008-03-28 16:50:54 0 d-------- C:\Program Files\eRightSoft
2008-03-28 12:38:30 208896 --a------ C:\Windows\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2008-03-28 12:38:11 0 d-------- C:\Program Files\Comodo
2008-03-28 12:06:28 0 d-------- C:\Users\All Users\Malwarebytes
2008-03-28 12:06:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-28 11:58:55 0 d-------- C:\Program Files\SpywareGuard
2008-03-27 21:12:15 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-27 17:04:45 0 d-------- C:\Users\All Users\PC Tools
2008-03-27 17:04:45 0 d-------- C:\Program Files\Spyware Doctor
2008-03-27 14:21:54 0 d-------- C:\Users\All Users\Avira
2008-03-17 19:12:34 0 d-------- C:\Program Files\a-squared Free
2008-03-15 11:38:55 0 d-------- C:\Windows\Sun
2008-03-15 11:17:19 0 d-------- C:\Program Files\Trillian
2008-03-14 17:19:28 0 d-------- C:\Program Files\Lavasoft
2008-03-14 14:54:50 0 d-------- C:\Users\All Users\Webroot
2008-03-14 14:54:50 0 d-------- C:\Program Files\Webroot
2008-03-14 14:13:25 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-14 12:55:48 0 --a------ C:\Windows\system32\SBRC.dat
2008-03-14 12:55:48 0 --a------ C:\Windows\system32\SBFC.dat
2008-03-14 10:45:43 0 d-------- C:\Program Files\Trend Micro
2008-03-11 23:34:17 0 d-------- C:\Program Files\Intuwave
2008-03-11 23:34:01 0 d-------- C:\Program Files\Symbian
2008-03-11 23:33:13 0 d-------- C:\Users\All Users\Sony Ericsson
2008-03-11 23:33:13 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-03-11 23:33:07 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-11 23:33:06 0 d-------- C:\Program Files\Sony Ericsson
2008-03-11 23:33:05 0 d-------- C:\Users\All Users\Teleca
2008-03-11 23:30:35 0 d-------- C:\Windows\Downloaded Installations
2008-02-29 15:01:24 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-02-29 14:37:57 0 d-------- C:\Program Files\SuperRam
-- Find3M Report ---------------------------------------------------------------
2008-03-30 14:33:58 0 d-------- C:\Users\Oliver\AppData\Roaming\Orbit
2008-03-29 22:35:55 12 --a------ C:\Windows\bthservsdp.dat
2008-03-29 11:51:15 0 d-------- C:\Program Files\Common Files
2008-03-29 09:57:15 0 d-------- C:\Program Files\Windows Mail
2008-03-29 02:02:08 0 d-------- C:\Program Files\Windows Live
2008-03-29 01:08:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-28 23:12:28 174 --ahs---- C:\Program Files\desktop.ini
2008-03-28 12:06:37 0 d-------- C:\Users\Oliver\AppData\Roaming\Malwarebytes
2008-03-27 21:12:15 0 d-------- C:\Users\Oliver\AppData\Roaming\SUPERAntiSpyware.com
2008-03-27 21:09:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 16:55:37 0 d-------- C:\Program Files\Opera
2008-03-27 14:33:17 0 d-------- C:\Users\Oliver\AppData\Roaming\Real
2008-03-22 12:08:18 0 d-------- C:\Program Files\Winamp
2008-03-17 20:47:08 0 d-------- C:\Program Files\Macrogaming
2008-03-15 11:29:32 0 d-------- C:\Users\Oliver\AppData\Roaming\Trillian
2008-03-14 14:54:50 0 d-------- C:\Users\Oliver\AppData\Roaming\Webroot
2008-03-14 12:03:20 0 d-------- C:\Users\Oliver\AppData\Roaming\Sunbelt Software
2008-03-11 23:45:48 0 d-------- C:\Users\Oliver\AppData\Roaming\Teleca
2008-03-11 23:34:29 0 d-------- C:\Users\Oliver\AppData\Roaming\Sony Ericsson
2008-03-11 22:44:18 0 d-------- C:\Users\Oliver\AppData\Roaming\Any Video Converter
2008-03-05 23:38:38 0 d-------- C:\Program Files\Acer Inc
2008-03-05 23:30:58 0 d-------- C:\Program Files\mIRC
2008-02-29 15:02:24 0 d-------- C:\Users\Oliver\AppData\Roaming\Mozilla
2008-02-26 00:40:20 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-25 20:06:43 0 d-------- C:\Program Files\YooApplications
2008-02-24 17:12:35 0 d-------- C:\Users\Oliver\AppData\Roaming\mIRC
2008-02-22 16:01:20 0 d-------- C:\Program Files\FLV Player
2008-02-21 19:44:04 0 d-------- C:\Users\Oliver\AppData\Roaming\GHISLER
2008-02-21 13:24:51 0 d-------- C:\Users\Oliver\AppData\Roaming\Yahoo!
2008-02-19 11:16:49 0 d-------- C:\Program Files\Yahoo!
2008-02-19 01:39:22 0 d-------- C:\Users\Oliver\AppData\Roaming\zbusoft
2008-02-19 01:37:10 0 d-------- C:\Program Files\FLV Downloader 1.01
2008-02-18 23:37:33 0 d-------- C:\Users\Oliver\AppData\Roaming\SoftMaker
2008-02-11 17:38:16 0 d-------- C:\Users\Oliver\AppData\Roaming\.purple
2008-02-11 17:37:34 0 d-------- C:\Users\Oliver\AppData\Roaming\Adobe
2008-02-11 17:34:31 0 d-------- C:\Users\Oliver\AppData\Roaming\Skype
2008-02-11 17:01:04 0 d-------- C:\Users\Oliver\AppData\Roaming\skypePM
2008-02-11 13:09:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-01 11:11:10 586240 --a------ C:\Windows\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
2008-01-20 12:14:43 120545 --a------ C:\Windows\File Renamer - Basic Uninstaller.exe
2008-01-18 15:45:33 0 --a------ C:\Windows\system32\Ultra.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [12/01/2006 06:37 AM C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/06/2007 02:23 PM]
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [02/08/2007 06:40 PM]
"Getca"="C:\Program Files\WMonitor\InfoMyCa.exe" [03/10/2004 01:57 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [11/08/2007 02:06 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [09/30/2007 06:28 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 12:51 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 08:35 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 01:35 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [11/02/2006 10:45 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 01:36 PM]
C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [10/4/2007 9:54:24 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0401ac59-80ad-11dc-be54-001b243acdf6}]
AutoRun\command- F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23680d27-efbb-11dc-82c7-001b243acdf6}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {12BC816B-8F68-CAB4-867E-FA0FEF15FB36} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-03-30 17:12:29 ------------
|
Moderator
|
31. March 2008 @ 08:32 |
Link to this message
|
Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules *** |
|
