|
|
ljk
new user
Reg'd: Sun
Posts: 6
|
|
Hello,
Spyware Terminator found Starware Toolbar on my computer but cant remove so I would like advice on how to remove it from my computer permanently. Please tell me if you see any other problems. Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:07 PM, on 4/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000</a>
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7281 bytes
Edited by ljk (Sun Apr 13 2008 07:12 PM)
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28203
Loc: belfast
|
|
Welcome to the Webuser forum. 
no sign of it the HJT log.
Please download ComboFix from either of these two locations
BleepingComputerComboFix
geeks to go combofix
And save it to your DESKTOP.
* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Post back with the log from ComboFix and a new HJT log please.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
 
A computer once beat me at chess, but it was no match for me at kick boxing.
|
ljk
new user
Reg'd: Sun
Posts: 6
|
|
Bricat, thanks for the reply. Here are the two logs. Thanks for the help.
ComboFix 08-04-14.2 - jcb7901 2008-04-15 1:36:29.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1339 [GMT -5:00]
Running from: C:\Users\jcb7901\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-13 12:02 . 2008-04-13 12:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-09 12:00 . 2008-02-14 18:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 12:00 . 2008-02-19 00:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 12:00 . 2008-02-29 01:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 12:00 . 2008-02-29 01:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 12:00 . 2008-02-29 01:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-03-31 14:44 . 2008-03-31 14:45 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-29 03:47 . 2008-03-29 03:52 <DIR> d-------- C:\Users\jcb7901\AppData\Roaming\IObit
2008-03-29 03:19 . 2008-03-29 03:19 <DIR> d-------- C:\Windows\System32\AppData
2008-03-29 03:19 . 2006-03-14 14:00 544,833 --a------ C:\Windows\System32\wbocx.ocx
2008-03-29 03:19 . 2004-12-07 10:11 258,352 --a------ C:\Windows\System32\unicows.dll
2008-03-29 03:19 . 2002-03-01 17:58 50,688 --a------ C:\Windows\System32\wbhelp2.dll
2008-03-29 03:19 . 2002-03-01 17:58 28,160 --a------ C:\Windows\System32\anim.dll
2008-03-29 03:19 . 1999-11-22 15:50 4,608 --a------ C:\Windows\System32\W95INF32.DLL
2008-03-29 03:19 . 1999-11-22 15:50 2,272 --a------ C:\Windows\System32\W95INF16.DLL
2008-03-29 03:19 . 1999-12-02 12:42 439 --a------ C:\Windows\System32\shfolder.inf
2008-03-29 02:59 . 2008-03-29 02:59 <DIR> d-------- C:\Program Files\CCleaner
2008-03-26 18:36 . 2008-03-26 18:36 <DIR> d-------- C:\Program Files\SopCast
2008-03-22 04:53 . 2003-07-24 12:10 94,208 --a------ C:\Windows\System32\DNIN50.dll
2008-03-22 02:23 . 2005-09-05 11:21 362,944 --a------ C:\Windows\System32\drivers\WG11TND5.sys
2008-03-22 02:23 . 2005-07-27 21:15 149,392 --a------ C:\Windows\System32\drivers\ar5523.bin
2008-03-22 02:23 . 2003-07-24 12:10 17,149 --a------ C:\Windows\System32\DNINDIS5.sys
2008-03-22 02:23 . 2005-09-05 11:39 14,467 --a------ C:\Windows\System32\drivers\netwg11t.inf
2008-03-22 02:23 . 2005-10-28 00:21 8,267 --a------ C:\Windows\System32\drivers\netwg11t.cat
2008-03-22 02:19 . 2008-03-22 20:53 <DIR> d-------- C:\Program Files\NETGEAR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 00:04 --------- d-----w C:\Users\jcb7901\AppData\Roaming\uTorrent
2008-04-15 00:00 --------- d-----w C:\ProgramData\SiteAdvisor
2008-04-14 23:42 --------- d-----w C:\Users\jcb7901\AppData\Roaming\AVG7
2008-04-13 17:05 --------- d-----w C:\ProgramData\Spyware Terminator
2008-04-13 17:04 --------- d-----w C:\Program Files\Spyware Terminator
2008-04-13 16:38 --------- d-----w C:\Users\jcb7901\AppData\Roaming\Spyware Terminator
2008-04-13 13:00 --------- d-----w C:\ProgramData\avg7
2008-04-10 07:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 17:36 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 17:35 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-05 06:11 --------- d-----w C:\ProgramData\CyberLink
2008-03-29 08:47 --------- d-----w C:\Program Files\IObit
2008-03-28 03:28 83,960 ----a-w C:\Windows\system32\drivers\cmdguard.sys
2008-03-26 23:31 --------- d-----w C:\Users\jcb7901\AppData\Roaming\SiteAdvisor
2008-03-25 00:52 --------- d-----w C:\Program Files\Java
2008-03-19 06:26 --------- d-----w C:\Program Files\CONEXANT
2008-03-14 16:59 25,080 ----a-w C:\Windows\system32\drivers\cmdhlp.sys
2008-03-14 16:59 139,008 ----a-w C:\Windows\System32\guard32.dll
2008-03-13 15:41 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-12 10:16 27,525 ----a-w C:\Users\jcb7901\AppData\Roaming\nvModes.dat
2008-03-08 12:01 --------- d-----w C:\ProgramData\NVIDIA
2008-03-08 11:30 --------- d-----w C:\Users\jcb7901\AppData\Roaming\SystemRequirementsLab
2008-03-08 06:57 138,752 ----a-w C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-03-04 07:34 2,125,312 ----a-w C:\Windows\System32\CnxtAp32.dll
2008-03-04 07:32 188,416 ----a-w C:\Windows\system32\drivers\CHDRT32.sys
2008-03-04 06:46 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-03-01 01:39 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-03-01 01:38 --------- d-----w C:\Users\jcb7901\AppData\Roaming\Yahoo!
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-26 23:05 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-22 22:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-21 22:37 --------- d-----w C:\ProgramData\Comodo
2008-02-21 22:16 --------- d-----w C:\Users\jcb7901\AppData\Roaming\Comodo
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-16 17:52 --------- d-----w C:\Program Files\MARS
2008-02-13 14:45 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-13 09:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 09:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 09:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 09:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 09:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 09:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 09:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 09:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 09:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 09:03 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 09:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 09:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 09:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-09 10:20 691,545 ----a-w C:\Windows\unins000.exe
2008-02-08 12:13 699,312 ----a-w C:\Users\jcb7901\AppData\Roaming\MoveMediaPlayer_win_mozilla_07076007.exe
2008-01-25 07:55 229,376 ----a-w C:\Windows\System32\UCI32A27.dll
2007-11-26 05:34 174 --sha-w C:\Program Files\desktop.ini
2007-11-26 05:21 397,312 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-15_ 1.18.39.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 05:36:51 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-15 06:27:35 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-15 05:36:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-15 06:27:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-15 05:36:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-15 06:27:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-15 05:51:57 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-15 06:28:56 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-15 05:39:19 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-15 06:30:01 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-04-15 06:13:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-15 06:36:33 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-15 05:39:14 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-15 06:29:34 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-04-15 05:39:33 9,670 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3192052582-1136718680-667672122-1000_UserData.bin
+ 2008-04-15 06:30:18 9,686 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3192052582-1136718680-667672122-1000_UserData.bin
- 2008-04-15 05:39:33 63,116 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-15 06:30:18 63,202 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-15 05:39:32 48,688 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-15 06:30:16 48,862 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:09 579072]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-03-14 11:58 1503488]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-08 01:57 2957824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-08 15:17 219136]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [2008-03-22 04:53:01 884840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-08 15:17 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\Windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-03-08 01:57 2957824 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-08-04 04:57 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDB79537-BE1B-49D8-9E35-865252F6818E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{62DAD364-9054-4450-8B64-1E97F59A49D1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5BC58A37-88F1-48D7-8BE5-98236F326965}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{977244DC-0C6F-4602-9E5D-F53F4137696A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F238082B-3978-480D-B122-CF2A1C1231A2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{0A7BF647-28C1-40F7-A734-AA7A8036AF42}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{2241A8C6-D15F-4FCF-8AF3-2F007E0CAF66}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{CAE06B97-1D08-4771-9D5A-DAF84E7FB1D3}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{74D70A55-8078-4862-9C5E-D971B7C36842}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{BBE28129-FE48-498F-9F78-DF3815A4EEA7}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C5CDABC3-5CD4-4083-AC53-9D21375997C5}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{71E391F3-BEDA-4530-A703-11C93CAEB786}"= Disabled:UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{9FD1C520-5D6F-4EAC-AECC-9189D4E4A094}"= Disabled:TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{84EE0482-0174-4ED5-A0ED-FC11AAC60549}"= Disabled:UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{DD8D9F94-31FE-4E09-8F18-EE2548A5B667}"= Disabled:TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"TCP Query User{9985E346-F263-45E2-A9AC-8E596A9374CB}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{70BAD344-2E07-42A4-B7C0-3473842FD72E}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"TCP Query User{4ECDE898-BE82-4562-BBD5-1D3BE3E73A0E}C:\\users\\jcb7901\\desktop\\utorrent-1.8-alpha-7676.upx.exe"= UDP:C:\users\jcb7901\desktop\utorrent-1.8-alpha-7676.upx.exe:utorrent-1.8-alpha-7676.upx.exe
"UDP Query User{72591546-B8A3-4EC2-BF6A-E6944C38BD96}C:\\users\\jcb7901\\desktop\\utorrent-1.8-alpha-7676.upx.exe"= TCP:C:\users\jcb7901\desktop\utorrent-1.8-alpha-7676.upx.exe:utorrent-1.8-alpha-7676.upx.exe
"TCP Query User{9EC37DC1-C042-4318-8083-52EE58F014A3}C:\\users\\jcb7901\\desktop\\utorrent.exe"= UDP:C:\users\jcb7901\desktop\utorrent.exe:utorrent.exe
"UDP Query User{D97F92BF-0EC0-4824-B547-96FE32415808}C:\\users\\jcb7901\\desktop\\utorrent.exe"= TCP:C:\users\jcb7901\desktop\utorrent.exe:utorrent.exe
"TCP Query User{8BF878E6-3A32-4FB9-B32C-A635C0B53FF9}C:\\users\\jcb7901\\desktop\\utorrent.exe"= UDP:C:\users\jcb7901\desktop\utorrent.exe:utorrent.exe
"UDP Query User{64EF93CA-8B06-4039-8ED6-9331BB52828B}C:\\users\\jcb7901\\desktop\\utorrent.exe"= TCP:C:\users\jcb7901\desktop\utorrent.exe:utorrent.exe
"TCP Query User{AE00B09C-AAB2-473B-B3D3-9434C4486014}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BE89FB14-730E-41E4-A104-9428D6E76D72}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{315E47E0-5E37-4B07-A9D7-BC1890E9A45B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{872D5F49-0214-42B4-AF58-271668ED8034}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A0F12861-6159-4B54-9C32-D9F2727BC9A6}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{2E1BA956-8C48-4EBF-9DC5-EB835AE1A894}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{3FCBFB83-31B6-4A8C-AE80-01DCB3F7782B}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{6C3ECFE1-2067-4505-A914-4FD4ACCE3F85}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{D6D0D0C1-B9CC-4630-8ACD-A3B40ADBF840}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{E776F083-A1C7-410B-A29F-1EF694774761}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{467FB73E-F31F-4669-977F-A358F6CF3DD7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EC6BE9C9-3268-465E-B9CA-C783EA647310}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-03-27 22:28]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-03-14 11:59]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-03-08 01:57]
R2 AwcService;Advanced WindowsCare Boost Service;C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe [2008-02-18 21:01]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 07:27]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 10:41]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 18:50]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WG11TND5.sys [2005-09-05 11:21]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-13 00:50]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\Windows\system32\DRIVERS\mr97310v.sys [2006-03-07 18:43]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 06:35:00 C:\Windows\Tasks\AWC AutoSweep.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoSweep.exe
"2008-04-15 01:07:30 C:\Windows\Tasks\AWC Update.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\IObitUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
"2008-04-15 06:40:00 C:\Windows\Tasks\User_Feed_Synchronization-{7A2E0656-BAA0-4DC9-B3C9-CA0403D84055}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 01:38:54
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-15 1:40:07
ComboFix-quarantined-files.txt 2008-04-15 06:40:03
ComboFix2.txt 2008-04-15 06:19:11
Pre-Run: 124,283,572,224 bytes free
Post-Run: 124,258,254,848 bytes free
.
2008-04-12 06:05:26 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:57 AM, on 4/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6975 bytes
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28203
Loc: belfast
|
|
no sign of starware at all.
does spyware terminator tell you where it is on the computer ?
try this :-
Please download the trial version of AVG Anti-Spyware. from
here.
Install it and
update the program with the latest definitions.
Reboot your computer in "SAFE MODE" using the F8 method.
To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Scan with AVG Anti-Spyware as follows:
- Click on the "Scanner" button and choose the "Settings" tab.
- Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
- Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
- Under "Reports" select "Do not automatically generate reports".
- Click the "Scan" tab to return to scanning options.
- Click "Complete System Scan" to start.
- When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
- You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the :Apply all actions button.
If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report.
So be sure you save it only AFTER clicking the "Apply all actions" button.- Click on "Save Report" to view all completed scans. Click on the most recent scan you performed, select "Save report as" and save to your desktop.
The default file name will be in date/time format: Report-Scan-200706-1606.
A copy of each report will be saved in C:\Documents and Settings\<user profile>\Application Data\Grisoft\AVG Antispyware 7.5\Reports.
- If you installed AVG AS over a previous version, reports are saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
- If you are a Vista user, reports are saved in C:\Users\<username>\AppData\Roaming\Grisoft\AVG Antispyware 7.5\Reports\
Exit AVG Anti-Spyware when done, reboot normally and post the AVg log report and a new HijackThis log.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
ljk
new user
Reg'd: Sun
Posts: 6
|
|
AVG Anti-Spyware doesn't pick it up either.
Spy ware Terminator shows this:
Quarantine Process:
Preparing structures
Creating System Restore Point
Quarantine Starware Horoscopes Toolbar
File Moving Failed (User Access Denied) : c:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll
File Deletion Failed: c:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll
Closing System Restore Point
Done
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28203
Loc: belfast
|
|
I can't see any sign of any of the files listed HERE in the manual removal instructions for starware horoscopes toolbar.
all we can do is try a few other scans to see if they can pick it up and remove it (if it is there), it could be a false positive from spyware terminator.
Download SDFix and save it to your desktop. http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer than normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
ljk
new user
Reg'd: Sun
Posts: 6
|
|
Nothing on the SDFix report either.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28203
Loc: belfast
|
|
DISABLE UAC then run spyware terminator again.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
ljk
new user
Reg'd: Sun
Posts: 6
|
|
Turning off UAC didn't work either.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28203
Loc: belfast
|
|
I'm afraid all i can suggest is going to the link with all the starware files listed and looking for them on your computer, there is no sign of starware evident in any of the scans, it is probably an orphaned registry entry, which can't do any harm.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
ljk
new user
Reg'd: Sun
Posts: 6
|
|
Bricat, thanks for all your help and patience.
|
|
0 registered and 30 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Topic
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Topic views: 0
|
|
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
