kill.av
- Thread starter jeg er torstein
- Start date
jeg er torstein
New member
Hello.
Did not read your instructions good enough. Thougt the last bit was the usual footer mumbo-jumbo.:santa:
Symanteck reported the following threats:
sfsrv.exe
275892~1.exe
scan[1].exe
All in the library c:\_OTMoveIt\movedfiles\10222008_172203\....
MBAM Logs:
-------------------
USER ADMIN
Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 6.0.6000
27.10.2008 21:39:09
mbam-log-2008-10-27 (21-39-09).txt
Scan type: Full Scan (C:\|)
Objects scanned: 179803
Time elapsed: 4 hour(s), 11 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------------------------
USER KONTOR
Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 6.0.6000
27.10.2008 15:10:05
mbam-log-2008-10-27 (15-10-05).txt
Scan type: Full Scan (C:\|)
Objects scanned: 168904
Time elapsed: 3 hour(s), 16 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
----------------------------------
USER GUTTA
Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 6.0.6000
27.10.2008 11:23:16
mbam-log-2008-10-27 (11-23-16).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 178600
Time elapsed: 58 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcc1jj0e16j (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------------------
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:49, on 27.10.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=5070418
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-768292798-2853778854-40575902-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Kontor')
O4 - HKUS\S-1-5-21-768292798-2853778854-40575902-1002\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Kontor')
O4 - HKUS\S-1-5-21-768292798-2853778854-40575902-1002\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Kontor')
O4 - HKUS\S-1-5-21-768292798-2853778854-40575902-1002\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Kontor')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni Insight\XobniService.exe
--
End of file - 11204 bytes
Did not read your instructions good enough. Thougt the last bit was the usual footer mumbo-jumbo.:santa:
Symanteck reported the following threats:
sfsrv.exe
275892~1.exe
scan[1].exe
All in the library c:\_OTMoveIt\movedfiles\10222008_172203\....
MBAM Logs:
-------------------
USER ADMIN
Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 6.0.6000
27.10.2008 21:39:09
mbam-log-2008-10-27 (21-39-09).txt
Scan type: Full Scan (C:\|)
Objects scanned: 179803
Time elapsed: 4 hour(s), 11 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------------------------
USER KONTOR
Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 6.0.6000
27.10.2008 15:10:05
mbam-log-2008-10-27 (15-10-05).txt
Scan type: Full Scan (C:\|)
Objects scanned: 168904
Time elapsed: 3 hour(s), 16 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
----------------------------------
USER GUTTA
Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 6.0.6000
27.10.2008 11:23:16
mbam-log-2008-10-27 (11-23-16).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 178600
Time elapsed: 58 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcc1jj0e16j (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------------------
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:49, on 27.10.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=5070418
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-768292798-2853778854-40575902-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Kontor')
O4 - HKUS\S-1-5-21-768292798-2853778854-40575902-1002\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Kontor')
O4 - HKUS\S-1-5-21-768292798-2853778854-40575902-1002\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Kontor')
O4 - HKUS\S-1-5-21-768292798-2853778854-40575902-1002\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Kontor')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni Insight\XobniService.exe
--
End of file - 11204 bytes
Hello Torstein
That's looking quite good now
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.
How's the system running now?
That's looking quite good now
- Double-click OTMoveIt2.exe.
- Click the CleanUp! button.
- Select Yes when the
Begin cleanup Process?
prompt appears. - If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.
How's the system running now?
jeg er torstein
New member
Hello.
Ran a Kaspersky scan last night, and got a few warnings.
Maby its old shit to be fixed by the OTM Cleanup. Tought I'd post it anyway.
Thanx so far.
Posting Log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 28, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 27, 2008 18:38:19
Records in database: 1351844
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 145494
Threat name: 5
Infected objects: 15
Suspicious objects: 0
Duration of the scan: 03:52:15
File name / Threat name / Threats count
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140007.VBN Infected: Trojan.Win32.Delf.eun 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17C00001.VBN Infected: Trojan.Win32.Delf.eun 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140007.VBN Infected: Trojan.Win32.Delf.eun 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17C00001.VBN Infected: Trojan.Win32.Delf.eun 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FRXMDQ1\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.mjh 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FRXMDQ1\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.mjj 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FRXMDQ1\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.mji 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJLVZI2Z\WebSoftCodecDrivern[2].exe Infected: Trojan.Win32.Vapsup.mjh 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJLVZI2Z\WebSoftCodecDrivern[2].exe Infected: Trojan.Win32.Vapsup.mjj 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJLVZI2Z\WebSoftCodecDrivern[2].exe Infected: Trojan.Win32.Vapsup.mji 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Temp\t13.php Infected: Trojan.Win32.Vapsup.mjh 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Temp\t13.php Infected: Trojan.Win32.Vapsup.mjj 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Temp\t13.php Infected: Trojan.Win32.Vapsup.mji 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Kontor\Documents\Downloads\Magic ISO Maker 5.4 + serial\Magic ISO Maker 5.4 + serial.rar Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Public\Kardinal Offishall Featuring Akon - Dangerous\Kardinal Offishall Featuring Akon - Dangerous.EXE Infected: Trojan.Win32.Delf.eun 1
The selected area was scanned.
Ran a Kaspersky scan last night, and got a few warnings.
Maby its old shit to be fixed by the OTM Cleanup. Tought I'd post it anyway.
Thanx so far.
Posting Log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 28, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 27, 2008 18:38:19
Records in database: 1351844
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 145494
Threat name: 5
Infected objects: 15
Suspicious objects: 0
Duration of the scan: 03:52:15
File name / Threat name / Threats count
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140007.VBN Infected: Trojan.Win32.Delf.eun 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17C00001.VBN Infected: Trojan.Win32.Delf.eun 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140007.VBN Infected: Trojan.Win32.Delf.eun 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17C00001.VBN Infected: Trojan.Win32.Delf.eun 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FRXMDQ1\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.mjh 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FRXMDQ1\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.mjj 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FRXMDQ1\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.mji 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJLVZI2Z\WebSoftCodecDrivern[2].exe Infected: Trojan.Win32.Vapsup.mjh 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJLVZI2Z\WebSoftCodecDrivern[2].exe Infected: Trojan.Win32.Vapsup.mjj 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJLVZI2Z\WebSoftCodecDrivern[2].exe Infected: Trojan.Win32.Vapsup.mji 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Temp\t13.php Infected: Trojan.Win32.Vapsup.mjh 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Temp\t13.php Infected: Trojan.Win32.Vapsup.mjj 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Gutta\AppData\Local\Temp\t13.php Infected: Trojan.Win32.Vapsup.mji 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Kontor\Documents\Downloads\Magic ISO Maker 5.4 + serial\Magic ISO Maker 5.4 + serial.rar Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\10222008_172203\Users\Public\Kardinal Offishall Featuring Akon - Dangerous\Kardinal Offishall Featuring Akon - Dangerous.EXE Infected: Trojan.Win32.Delf.eun 1
The selected area was scanned.
Hi
OTMI CleanUp -process takes care of those in C:\_OTMoveIt
These have to be deleted manually:
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140007.VBN
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17C00001.VBN
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140007.VBN
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17C00001.VBN
OTMI CleanUp -process takes care of those in C:\_OTMoveIt
These have to be deleted manually:
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140007.VBN
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17C00001.VBN
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140007.VBN
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17C00001.VBN
jeg er torstein
New member
Hi.
Did the clean up as described in your post.
Ran Kaspersky and Mallwarebyte, and nothing.
Spyware doctor stil reports Backdoor.Frauder has registry values.
SwD has no log option, and will nor fix if i do'nt buy the product.
Is it safe to leave it this way ?
Torstein.
Did the clean up as described in your post.
Ran Kaspersky and Mallwarebyte, and nothing.
Spyware doctor stil reports Backdoor.Frauder has registry values.
SwD has no log option, and will nor fix if i do'nt buy the product.
Is it safe to leave it this way ?
Torstein.
jeg er torstein
New member
Hello.
Trying to upload pickture....
Screen dump
View attachment 2636
...hoping for getting throug
Torstein
Trying to upload pickture....
Screen dump
View attachment 2636
...hoping for getting throug
Torstein
Hi
Disable TeaTimer before doing following
Download ERUNT
Save it to your desktop. Run and install this program.
In the box that opens ONLY choose
System registry.
Then click OK.
Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.
It should look like this ->
Doubleclick fix.reg, press Yes and ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)
Reboot and run check again.
Disable TeaTimer before doing following
Download ERUNT
Save it to your desktop. Run and install this program.
In the box that opens ONLY choose
System registry.
Then click OK.
Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.
Code:
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows]
"VRSIN"=-
[HKEY_CURRENT_USER\Software\Microsoft\windows]
"AIM"=-It should look like this ->
Doubleclick fix.reg, press Yes and ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)
Reboot and run check again.
jeg er torstein
New member
Hello.
Did a new Spydoctor scan.
Now it onely report of Application.NirCmd
View attachment 2637
Seems to be OK now.
How do I keep it that way ?
Torstein
Did a new Spydoctor scan.
Now it onely report of Application.NirCmd
View attachment 2637
Seems to be OK now.
How do I keep it that way ?
Torstein
Yes, that entry can be left there.
You might want to read So how did I get infected in the first place? -sticky by TonyKlein if you haven't done so already
By being cautious while surfing. Don't visit dubious web sites etc.
You might want to read So how did I get infected in the first place? -sticky by TonyKlein if you haven't done so already
jeg er torstein
New member
Missing postsCan not post the screenshot.File gets too big.
Think I have identified the problem though.
I have been using Hybrid mode while viewing the posts.
In this mode all posts appears as #1. At the bottom post on each page ther's an internal link to "more posts under this link" (or something like that.)
Except for the seccond last page. There's no link to more posts there, so in hybrid mode page 4 is invisible. Hitting the next button leads to the top post, so it was no reason to think it was any posts after mine.
Therfore:
You claimed your last post was no. 31.
On my screen your last post was about the "tea timer"
I had a post after that one, so I supposed it was no.32.
Maby thers a bug in the forum web site, or maby Im all mixed up, infected by the virus myself
:Anyway.
Thanks again for youre time and help. Format C:\ would have been my solution. I'll be keeping an eye on page 4 in case you come up whith an explanation on the Hybrid problem, or give any final instructions.
Torstein
You're welcome and thanks for letting us know about the hybrid mode. I use forums in linear mode myself and so haven't noticed anything abnormal. Hybrid mode does work a bit differently. Since I'm not sure I use it right it's better I forward the note to others who may be able to explain how hybrid mode works or at least should work
tashi
Member of Team Spybot
Hello,
From the Faqs: http://forums.spybot.info/faq.php?faq=vb3_board_usage#faq_vb3_thread_display
I'd recommend members use Linear mode to read or post to their topic in the Malware removal forum.
Cheers.
From the Faqs: http://forums.spybot.info/faq.php?faq=vb3_board_usage#faq_vb3_thread_display
Switching to Hybrid myself, I don't see any missing posts in this thread. However it is confusing to read by virtue of its "hybrid-ness".
I'd recommend members use Linear mode to read or post to their topic in the Malware removal forum.
Cheers.
jeg er torstein
New member
"Missing" post
Here is how it looks like on my PC
(collors corrupted due to saved in 16 colors to reduse size)
View attachment 2646
As you can see it appears not to be any further posts after my "Hello. Did a new Spybot..." Post.
And the post allso appears to be the no.1 post in the thread.
Fooled me for shure.
You may look into it one day whith no rescue requests
Torstein.
Here is how it looks like on my PC
(collors corrupted due to saved in 16 colors to reduse size)
View attachment 2646
As you can see it appears not to be any further posts after my "Hello. Did a new Spybot..." Post.
And the post allso appears to be the no.1 post in the thread.
Fooled me for shure.
You may look into it one day whith no rescue requests
Torstein.
jeg er torstein
New member
Close up time
Thank you again for splendid advice and patient instrucktions.
Pink Floyd wonderd if there where anybody out there.
I'd say: "Yes it is"
So long.
Torstein
Thank you again for splendid advice and patient instrucktions.
Pink Floyd wonderd if there where anybody out there.
I'd say: "Yes it is"
So long.
Torstein
You're welcome
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.