Pop-Ups CiD
Hy there,
I get, once ie opened, constantly pop-ups rom CiD.
So I followed your procedure before placing a log, steps 1 through 8, and this is my Hijackthis-log.
Can you release me from this anoying adware?
Thanks.
I get, once ie opened, constantly pop-ups rom CiD.
So I followed your procedure before placing a log, steps 1 through 8, and this is my Hijackthis-log.
Can you release me from this anoying adware?
Thanks.
0
This discussion has been closed.
Comments
I see in your last request here you uploaded as attachments all your replies. I don't really know how to work that way, and would like you to go ahead and post all your logs here in your thread. You can post those two you attached, but also I would like the following logs done and posted as well please.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):
"%userprofile%\desktop\dss.exe" /config
When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:
System Restore
Temp Cleanup
Process Modules
Then under Options, place a check next to the following:
Backup Registry Hives
Don't make any other changes at this time. Then click the "Scan!" button to start the scan.
Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)
You can use extra posts here if needed for that.
yea, I had some problems adding the reports. I tried what you've asked me and I can't copy the file "dss.exe to the desktop. Once I choose to save it on my desktop, the program installes itself immediatly on my desktop as "dss". So if I copy and paste your command into the "run-window", I get next message:
"C:\documents and settings\cindy\desktop refers to a location witch is not available.
Is this a problem?
Thanks in advance for your help.
Open Notepad (Start - Run, type Notepad then press OK), and copy the following and paste it into the open Notepad textbox.
Dim Wshshell, Desk Set Wshshell = Wscript.CreateObject("Wscript.shell") Desk = Wshshell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop") & "\" Wshshell.run Chr(34) & Desk & "dss.exe" & Chr(34) & " /config"Save this to your desktop as "dssrun.vbs"
Be sure to include the "" quotes in the name. Then click on dssrun.vbs and the Deckards display should open.
Thomas,
I did as you've asked me. Clicking on the icon "dssrun" on my desktop gives nexted message:
Windows Script Host
C:\Documents and Settings\cindy\Bureaublad\dssrun.vbs
line: 4
Sign: 1
Mistake: the system kan nog find the given file
Code: 8007002
Source: (null)
What's next to do?
Greetings Ghigra
Disable all security software then click directly on dss.exe to run the Deckards scan. Doing it this way will also create a System Restore backup, run Cleanup and a few other changes. The logs from this will be larger as well, so yu can break them into parts, and then post those here for review. Use extra posts if needed.
Oké Thomas, these are the 2 reports:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: Dutch
CPU 0: Intel(R) Celeron(R) M processor 1.40GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 446.17 MiB / 149.38 MiB
Pagefile Memory (total/avail): 1056.84 MiB / 751.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1893.81 MiB
C: is Fixed (NTFS) - 27.94 GiB total, 15.87 GiB free.
D: is Fixed (NTFS) - 27.95 GiB total, 27.92 GiB free.
E: is CDROM (No Media)
[URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL] - TOSHIBA MK6026GAX - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 27.94 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 27.95 GiB - D:
-- Security Center
AUOptions is scheduled to auto-install.
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\cindy\Application Data
CLASSPATH=C:\Program Files\PhotoDeluxe HE 3.1\AdobeConnectables;
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER13
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\cindy
LOGONSERVER=\\COMPUTER13
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\cindy\LOCALS~1\Temp
TMP=C:\DOCUME~1\cindy\LOCALS~1\Temp
USERDOMAIN=COMPUTER13
USERNAME=cindy
USERPROFILE=C:\Documents and Settings\cindy
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles
cindy (admin)
Gast (guest)
-- Add/Remove Programs
--> C:\WINDOWS\IsUn0413.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.1\DeIsL1.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC97 Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_FF311179\HXFSETUP.EXE -U -ItosEW6mk.INF
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Atheros Client Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x13
Atheros Wireless LAN MiniPCI card Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\setup.exe" -l0x13
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ItosEW6a.INF
DVD-RAM-stuurprogramma --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x13 DVD-RAM Driver
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Geluiddemper v. cd/dvd-station --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x13
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
GV_Killer 7.0.7 --> "C:\Program Files\GV_Killer\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KB898458: Beveiligingsupdate voor Step by Step Interactive Training --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
KB923723: Beveiligingsupdate voor Step by Step Interactive Training --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
LinuxBaby --> "C:\Program Files\LinuxBaby\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x13 UNINSTALL
Logitech MouseWare 9.42 .1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x13 -l0013 UNINSTALL
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10413-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Editie 2003 --> MsiExec.exe /I{91110413-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
NTREGOPT 1.1j --> "C:\Program Files\NT Registry Optimizer\unins000.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x13 REMOVE
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA-handleidingen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EB6332B-AF02-457C-A31C-835458C5B48B}\setup.exe" -l0x13 -removeonly
TOSHIBA-zoomutility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x13
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x13 UNINSTALL
TOSHIBA PC Diagnoseprogramma --> C:\WINDOWS\IsUn0413.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
Toshiba Touchpad Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA} /l1043
Toshiba Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{099D12EC-0321-4CAC-A0CC-33D020156FCD} /l1043
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
-- Application Event Log
Event Record #/Type34221 / Error
Event Submitted/Written: 06/20/2008 11:09:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: explorer.exe, versie: 6.0.2900.5512, vastgelopen module: ieframe.dll, versie: 7.0.6000.16674, vastgelopen op: 0x000c9637.
Verwerken van mediaspecifieke gebeurtenis voor [explorer.exe!ws!]
Event Record #/Type34182 / Error
Event Submitted/Written: 06/18/2008 01:44:03 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16674, vastgelopen module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.
Event Record #/Type34181 / Error
Event Submitted/Written: 06/18/2008 01:44:02 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16674, vastgelopen module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.
Event Record #/Type34180 / Error
Event Submitted/Written: 06/18/2008 01:42:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: drwtsn32.exe, versie: 5.1.2600.0, vastgelopen module: dbghelp.dll, versie: 5.1.2600.5512, vastgelopen op: 0x0001295d.
Verwerken van mediaspecifieke gebeurtenis voor [drwtsn32.exe!ws!]
Event Record #/Type34179 / Error
Event Submitted/Written: 06/18/2008 01:42:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: explorer.exe, versie: 6.0.2900.5512, vastgelopen module: ieframe.dll, versie: 7.0.6000.16674, vastgelopen op: 0x000c9637.
Verwerken van mediaspecifieke gebeurtenis voor [explorer.exe!ws!]
-- Security Event Log
No Errors/Warnings found.
-- System Event Log
Event Record #/Type122254 / Error
Event Submitted/Written: 06/22/2008 10:47:55 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service, die vanwege de volgende fout niet kan worden gestart:
%%1058
Event Record #/Type122253 / Error
Event Submitted/Written: 06/22/2008 10:47:55 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service, die vanwege de volgende fout niet kan worden gestart:
%%1058
Event Record #/Type122251 / Error
Event Submitted/Written: 06/22/2008 10:43:04 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service, die vanwege de volgende fout niet kan worden gestart:
%%1058
Event Record #/Type122250 / Error
Event Submitted/Written: 06/22/2008 10:43:04 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service, die vanwege de volgende fout niet kan worden gestart:
%%1058
Event Record #/Type122249 / Error
Event Submitted/Written: 06/22/2008 10:43:04 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service, die vanwege de volgende fout niet kan worden gestart:
%%1058
-- End of Deckard's System Scanner: finished at 2008-06-22 22:48:45
Deckard's System Scanner v20071014.68
Run by cindy on 2008-06-22 22:44:21
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
74: 2008-06-22 20:44:35 UTC - RP453 - Deckard's System Scanner Restore Point
73: 2008-06-19 20:02:57 UTC - RP452 - Software Distribution Service 3.0
72: 2008-06-18 06:47:11 UTC - RP451 - Controlepunt van systeem
71: 2008-06-16 07:13:37 UTC - RP450 - Software Distribution Service 3.0
70: 2008-06-15 19:37:29 UTC - RP449 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-06-11 06:55:31 UTC - RP380 - Controlepunt van systeem
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 447 MiB (512 MiB recommended).
-- HijackThis (run as cindy.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:06, on 22-6-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\cindy\Bureaublad\dss.exe.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\cindy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0ABBD0B-5291-4C72-980C-D41504AA40CA} - C:\WINDOWS\system32\ddcAsrOe.dll (file missing)
O2 - BHO: (no name) - {EC49CDCF-31C7-4C4E-8646-DA682116D65B} - C:\WINDOWS\system32\fccbbBSl.dll (file missing)
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [64 inter flaw hold] C:\Documents and Settings\All Users\Application Data\Mode Rule 64 Inter\city license.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Soap City] C:\DOCUME~1\cindy\APPLIC~1\SECTBA~1\TwoEnc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dgcindy.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://dgcindy.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D29EDC1-15F1-4515-AFC6-280F60E071AA}: NameServer = 195.119.228.67,193.74.208.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{742BEA9D-B11B-423B-9483-7104A695786D}: NameServer = 194.119.228.67,193.74.208.65
O18 - Protocol: bw+0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 21262 bytes
-- File Associations
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsu****a Electric Industrial Co.,Ltd.; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\qkbfiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter Driver>
S3 LVcKap (Logitech AEC Driver) - c:\windows\system32\drivers\lvckap.sys (file missing)
S3 LVMVDrv (Logitech Machine Vision Engine Loader) - c:\windows\system32\drivers\lvmvdrv.sys (file missing)
S3 LVPr2Mon (Logitech LVPr2Mon Driver) - c:\windows\system32\drivers\lvpr2mon.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 PAC207 (Trust WB-1400T Webcam) - c:\windows\system32\drivers\pfc027.sys (file missing)
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
S3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c:\windows\system32\drivers\qmofiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Mouse Filter Device Driver>
S3 TSClient (Tatara Protocol Driver) - c:\windows\system32\drivers\tsclient.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 ACS (Atheros-clienthulpprogramma) - c:\windows\system32\acs.exe
R2 bmwebcfg (Bytemobile Web Configurator) - "c:\windows\system32\bmwebcfg.exe" <Not Verified; Bytemobile, Inc.; Bytemobile Optimization Client>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsu****a Electric Industrial Co., Ltd.; >
S2 LVPrcSrv (Process Monitor) - c:\program files\common files\logitech\lvmvfm\lvprcsrv.exe (file missing)
-- Device Manager: Disabled
Class GUID:
Description: Videocontroller (VGA-compatibel)
Device ID: PCI\VEN_1002&DEV_5A62&SUBSYS_FF311179&REV_00\4&2C0D4F31&0&2808
Manufacturer:
Name: Videocontroller (VGA-compatibel)
PNP Device ID: PCI\VEN_1002&DEV_5A62&SUBSYS_FF311179&REV_00\4&2C0D4F31&0&2808
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_7094144F&REV_01\4&13826118&0&20A4
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_7094144F&REV_01\4&13826118&0&20A4
Service: AR5211
-- Scheduled Tasks
2006-02-10 19:52:45 258 --a
C:\WINDOWS\Tasks\Herinnering voor registratie 3.job
2006-02-10 19:52:45 258 --a
C:\WINDOWS\Tasks\Herinnering voor registratie 2.job
2006-02-10 19:52:44 258 --a
C:\WINDOWS\Tasks\Herinnering voor registratie 1.job
-- Files created between 2008-05-22 and 2008-06-22
2008-06-17 10:02:28 0 d
C:\Program Files\Trend Micro
2008-06-16 07:07:29 0 d
C:\WINDOWS\Prefetch
2008-06-15 22:28:53 0 d
C:\Program Files\Messenger
2008-06-15 22:28:21 0 d
C:\WINDOWS\l2schemas
2008-06-15 22:28:20 0 d
C:\WINDOWS\system32\nl
2008-06-15 22:28:19 0 d
C:\WINDOWS\system32\bits
2008-06-15 22:24:23 0 d
C:\WINDOWS\ServicePackFiles
2008-06-15 22:20:43 0 d
C:\WINDOWS\network diagnostic
2008-06-15 22:15:31 0 d
C:\WINDOWS\EHome
2008-06-14 15:09:23 0 d
C:\Documents and Settings\cindy\Application Data\Malwarebytes
2008-06-14 15:08:53 0 d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 15:08:50 0 d
C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 10:09:41 0 d
C:\Program Files\Panda Security
2008-06-14 00:33:43 0 d
C:\WINDOWS\SHELLNEW
2008-06-13 23:02:39 0 d-a
C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 23:02:15 0 d
C:\Program Files\SpywareBlaster
2008-06-13 17:45:06 1521 --ahs---- C:\WINDOWS\system32\lSBbbccf.ini2
2008-06-13 16:52:05 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 11:09:27 0 d
C:\Program Files\GV_Killer
2008-06-11 23:37:44 0 d
C:\Program Files\NT Registry Optimizer
2008-06-11 11:25:05 0 d
C:\Program Files\Lavasoft
2008-06-11 11:22:56 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 10:47:56 0 d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-11 08:55:19 1109 --ahs---- C:\WINDOWS\system32\eOrsAcdd.ini2
-- Find3M Report
2008-06-22 22:33:41 0 d
C:\Program Files\Common Files\Symantec Shared
2008-06-18 12:38:43 0 d
C:\Program Files\Norton 360
2008-06-16 07:09:17 442556 --a
C:\WINDOWS\system32\perfh013.dat
2008-06-16 07:09:17 69812 --a
C:\WINDOWS\system32\perfc013.dat
2008-06-15 22:28:19 0 d
C:\Program Files\Movie Maker
2008-06-15 22:23:58 0 d
C:\Program Files\Windows NT
2008-06-14 00:34:13 0 d
C:\Program Files\Common Files
2008-06-11 21:29:52 0 d
C:\Program Files\Java
2008-06-11 11:37:23 0 d
C:\Documents and Settings\cindy\Application Data\sect bash window
2008-06-11 10:50:02 0 d
C:\Documents and Settings\cindy\Application Data\Adobe
2008-06-11 08:49:25 0 d
C:\Program Files\Symantec
2008-06-10 21:31:51 8494 --ahs---- C:\WINDOWS\system32\oqtss.ini2
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0ABBD0B-5291-4C72-980C-D41504AA40CA}]
C:\WINDOWS\system32\ddcAsrOe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC49CDCF-31C7-4C4E-8646-DA682116D65B}]
C:\WINDOWS\system32\fccbbBSl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [31-05-2005 05:33]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09-01-2007 23:59]
"64 inter flaw hold"="C:\Documents and Settings\All Users\Application Data\Mode Rule 64 Inter\city license.exe" [22-06-2008 22:35]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29-01-2008 18:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14-04-2008 19:02]
"Soap City"="C:\DOCUME~1\cindy\APPLIC~1\SECTBA~1\TwoEnc.exe" [19-12-2007 20:02]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [12-2-2006 19:53:47]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cindy^Menu Start^Programma's^Opstarten^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\cindy\Menu Start\Programma's\Opstarten\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Soap City]
C:\DOCUME~1\cindy\APPLIC~1\SECTBA~1\TwoEnc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
"C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang NL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"STI Simulator"=2 (0x2)
"Spooler"=2 (0x2)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NtmsSvc"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LexBceS"=2 (0x2)
"comHost"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38fac31a-263b-11dc-80f4-00c09ffca97a}]
AutoRun\command- F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e501aa5a-b617-11db-bf79-00c09ffca97a}]
AutoRun\command- G:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
-- End of Deckard's System Scanner: finished at 2008-06-22 22:48:45
Kind regard, Ghigra
I don't see the CiD installer there, though their adware is showing. And some Vundo items. We will apply a different scan now that was doing well against CiD (Lop adware), then do manual removal after.
If you look at other requests in the forum you will notice their logs are shorter, and do not have the many "O18 - Protocol" entries your log does. These are created by the Logitech Desktop Messenger you have installed. It monitors your activities and sends reports from that back to Logitech. Many people feel this is a form of "spyware" and choose to uninstall that. There is no negative effect on the system if you choose to do that (just uninstall the Logitech Desktop Messenger - leave any other Logitech software as is).
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Download SDFix.exe and save it to your desktop.
Then disconnect from net access. If cable/dsl physically disconnect the modem cable, if dial-up disconnect the phone line. This will keep infection from reinstalling right now.
===================================================
Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).
In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script.
Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here.
=============================
After the reboot reconnect to net access and Go here and download the free version of SUPERAntiSpyware and install it.
After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings.
Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is).
Start-up Options:
*Start SUPERAntiSpyware when Windows starts
Automatic Updates:
*Check for program updates when the application starts.
Start-up Scanning:
*Check for updates before scanning on startup.
Then select Close. Don't scan just yet though.
Again disconnect from net access.
===============================================
Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).
Open SUPERAntiSpyware and click the Scan your Computer button. You may need to start SUPERAntiSpyware, then right click the Taskbar icon (the little bug shaped icon) and select "Scan for Spyware, Adware, Malware..." to access the scan panel. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.
SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).
Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here.
==========================
Then still making sure dss.exe is directly on your desktop, click on rundss.vbs again to open the Deckards display.
When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:
System Restore
Temp Cleanup
Process Modules
Then under Extra Log, uncheck all the boxes except this one:
Security Center
Don't make any other changes at this time. Then click the "Scan!" button to start the scan.
Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)
Post that along with the SUPERAntiSpyware log and the SDFix report.txt log please. Hopefully the Deckards steps will work this time.
Too bad, but the dss.exe file didn't work as you planned. Once I double click either the icon "dss.exe" or the "rundss.vbs", the scan start immediatly. So i get no oportunity to change some settings in the menu. Anyway, I did run the scan and these are the reports you've asked for. First the main.txt followed by the "report.txt". In another "quick reply" I send you the SuperAntiSpyware scan log".
Let yourself go, Thomas' :-))
Deckard's System Scanner v20071014.68
Run by cindy on 2008-06-24 17:21:07
Computer is in Safe Mode.
Total Physical Memory: 447 MiB (512 MiB recommended).
-- HijackThis (run as cindy.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:26, on 24-6-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\cindy\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\cindy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0ABBD0B-5291-4C72-980C-D41504AA40CA} - C:\WINDOWS\system32\ddcAsrOe.dll (file missing)
O2 - BHO: (no name) - {E19A926F-1B47-4BEC-BB7B-79BDB566244F} - C:\WINDOWS\system32\rqRlLdda.dll
O2 - BHO: (no name) - {EC49CDCF-31C7-4C4E-8646-DA682116D65B} - C:\WINDOWS\system32\fccbbBSl.dll (file missing)
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [64 inter flaw hold] C:\Documents and Settings\All Users\Application Data\Mode Rule 64 Inter\city license.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Soap City] C:\DOCUME~1\cindy\APPLIC~1\SECTBA~1\TwoEnc.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dgcindy.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://dgcindy.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D29EDC1-15F1-4515-AFC6-280F60E071AA}: NameServer = 195.119.228.67,193.74.208.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{742BEA9D-B11B-423B-9483-7104A695786D}: NameServer = 194.119.228.67,193.74.208.65
O18 - Protocol: bw+0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {335B15FC-4C3D-4370-B852-A428CB9DA74C} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 20770 bytes
-- Files created between 2008-05-24 and 2008-06-24
2008-06-24 13:16:39 0 d
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-24 13:16:12 0 d
C:\Program Files\SUPERAntiSpyware
2008-06-24 13:16:09 0 d
C:\Documents and Settings\cindy\Application Data\SUPERAntiSpyware.com
2008-06-24 12:26:13 0 d
C:\WINDOWS\ERUNT
2008-06-24 08:35:13 1628 --ahs---- C:\WINDOWS\system32\addLlRqr.ini2
2008-06-24 08:35:09 318256
n--- C:\WINDOWS\system32\rqRlLdda.dll
2008-06-17 10:02:28 0 d
C:\Program Files\Trend Micro
2008-06-16 07:07:29 0 d
C:\WINDOWS\Prefetch
2008-06-15 22:28:53 0 d
C:\Program Files\Messenger
2008-06-15 22:28:21 0 d
C:\WINDOWS\l2schemas
2008-06-15 22:28:20 0 d
C:\WINDOWS\system32\nl
2008-06-15 22:28:19 0 d
C:\WINDOWS\system32\bits
2008-06-15 22:24:23 0 d
C:\WINDOWS\ServicePackFiles
2008-06-15 22:20:43 0 d
C:\WINDOWS\network diagnostic
2008-06-15 22:15:31 0 d
C:\WINDOWS\EHome
2008-06-14 15:09:23 0 d
C:\Documents and Settings\cindy\Application Data\Malwarebytes
2008-06-14 15:08:53 0 d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 15:08:50 0 d
C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 10:09:41 0 d
C:\Program Files\Panda Security
2008-06-14 00:33:43 0 d
C:\WINDOWS\SHELLNEW
2008-06-13 23:02:39 0 d-a
C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 23:02:15 0 d
C:\Program Files\SpywareBlaster
2008-06-13 17:45:06 1521 --ahs---- C:\WINDOWS\system32\lSBbbccf.ini2
2008-06-13 16:52:05 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 11:09:27 0 d
C:\Program Files\GV_Killer
2008-06-11 23:37:44 0 d
C:\Program Files\NT Registry Optimizer
2008-06-11 11:25:05 0 d
C:\Program Files\Lavasoft
2008-06-11 11:22:56 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 10:47:56 0 d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-11 08:55:19 1109 --ahs---- C:\WINDOWS\system32\eOrsAcdd.ini2
-- Find3M Report
2008-06-24 13:01:37 0 d
C:\Program Files\Common Files\Symantec Shared
2008-06-23 12:43:36 0 d
C:\Program Files\Java
2008-06-18 12:38:43 0 d
C:\Program Files\Norton 360
2008-06-16 07:09:17 442556 --a
C:\WINDOWS\system32\perfh013.dat
2008-06-16 07:09:17 69812 --a
C:\WINDOWS\system32\perfc013.dat
2008-06-15 22:28:19 0 d
C:\Program Files\Movie Maker
2008-06-15 22:23:58 0 d
C:\Program Files\Windows NT
2008-06-14 00:34:13 0 d
C:\Program Files\Common Files
2008-06-11 11:37:23 0 d
C:\Documents and Settings\cindy\Application Data\sect bash window
2008-06-11 10:50:02 0 d
C:\Documents and Settings\cindy\Application Data\Adobe
2008-06-11 08:49:25 0 d
C:\Program Files\Symantec
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0ABBD0B-5291-4C72-980C-D41504AA40CA}]
C:\WINDOWS\system32\ddcAsrOe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E19A926F-1B47-4BEC-BB7B-79BDB566244F}]
24-06-2008 08:35 318256
C:\WINDOWS\system32\rqRlLdda.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC49CDCF-31C7-4C4E-8646-DA682116D65B}]
C:\WINDOWS\system32\fccbbBSl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [31-05-2005 05:33]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09-01-2007 23:59]
"64 inter flaw hold"="C:\Documents and Settings\All Users\Application Data\Mode Rule 64 Inter\city license.exe" [24-06-2008 13:14]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29-01-2008 18:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14-04-2008 19:02]
"Soap City"="C:\DOCUME~1\cindy\APPLIC~1\SECTBA~1\TwoEnc.exe" [19-12-2007 20:02]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [12-2-2006 19:53:47]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13-05-2008 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19-04-2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cindy^Menu Start^Programma's^Opstarten^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\cindy\Menu Start\Programma's\Opstarten\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Soap City]
C:\DOCUME~1\cindy\APPLIC~1\SECTBA~1\TwoEnc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
"C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang NL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"STI Simulator"=2 (0x2)
"Spooler"=2 (0x2)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NtmsSvc"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LexBceS"=2 (0x2)
"comHost"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38fac31a-263b-11dc-80f4-00c09ffca97a}]
AutoRun\command- F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e501aa5a-b617-11db-bf79-00c09ffca97a}]
AutoRun\command- G:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
-- End of Deckard's System Scanner: finished at 2008-06-24 17:26:56
and the report.txt:
SDFix: Version 1.196
Run by cindy on di 24-06-2008 at 12:34
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\fccYpPGa.dll - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 13:03:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
"C:\\Program Files\\Steam\\steamapps\\icebunny\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\icebunny\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:FTP-bestandsoverdrachtprogramma"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 3 Nov 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 17 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 4 Jan 2008 4,144 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Finished!
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/24/2008 at 03:46 PM
Application Version : 4.15.1000
Core Rules Database Version : 3489
Trace Rules Database Version: 1480
Scan type : Complete Scan
Total Scan Time : 02:18:14
Memory items scanned : 175
Memory threats detected : 1
Registry items scanned : 4903
Registry threats detected : 6
File items scanned : 23715
File threats detected : 20
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\RQRLLDDA.DLL
C:\WINDOWS\SYSTEM32\RQRLLDDA.DLL
Trojan.Vundo-Variant/Small-GEN
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47F159F8-956C-4723-AF8F-427CBFEBD236}
HKCR\CLSID\{47F159F8-956C-4723-AF8F-427CBFEBD236}
HKCR\CLSID\{47F159F8-956C-4723-AF8F-427CBFEBD236}\InprocServer32
HKCR\CLSID\{47F159F8-956C-4723-AF8F-427CBFEBD236}\InprocServer32#ThreadingModel
Adware.Tracking Cookie
C:\Documents and Settings\cindy\Cookies\cindy@ad.yieldmanager[2].txt
C:\Documents and Settings\cindy\Cookies\cindy@ads.techguy[2].txt
C:\Documents and Settings\cindy\Cookies\cindy@tradedoubler[1].txt
C:\Documents and Settings\cindy\Cookies\cindy@statse.webtrendslive[2].txt
C:\Documents and Settings\cindy\Cookies\cindy@nl.sitestat[2].txt
C:\Documents and Settings\cindy\Cookies\cindy@www.adserver5[1].txt
C:\Documents and Settings\cindy\Cookies\cindy@banner.32vegas[2].txt
C:\Documents and Settings\cindy\Cookies\cindy@nl.sitestat[1].txt
C:\Documents and Settings\cindy\Cookies\cindy@mistergooddeal.112.2o7[1].txt
C:\Documents and Settings\cindy\Cookies\cindy@weborama[2].txt
C:\Documents and Settings\cindy\Cookies\cindy@rotator.adjuggler[1].txt
C:\Documents and Settings\cindy\Cookies\cindy@247realmedia[2].txt
C:\Documents and Settings\cindy\Cookies\cindy@linkstat.neckermann[2].txt
C:\Documents and Settings\cindy\Cookies\cindy@stat.onestat[2].txt
C:\Documents and Settings\cindy\Cookies\cindy@adserver.aol[1].txt
C:\Documents and Settings\cindy\Cookies\cindy@clickbank[1].txt
C:\Documents and Settings\cindy\Cookies\cindy@ad.cibleclick[1].txt
C:\Documents and Settings\cindy\Cookies\cindy@mediaplex[1].txt
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
C:\WINDOWS\SYSTEM32\OQTSS.INI2
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Open and update Malwarebytes, as you already have that.
Then select "Perform Complete Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.
============================
Still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):
"%userprofile%\desktop\dss.exe" /config
When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:
System Restore
Temp Cleanup
Process Modules
Then under Extra Log, uncheck all the boxes except this one:
Security Center
Don't make any other changes at this time. Then click the "Scan!" button to start the scan.
Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)
Post that along with the Malwarebytes log please.
Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead