New Windows Vista Computer infected with WINTEMS.EXE

[oheretic]

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys

 

[oheretic]

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys

---- Files - GMER 1.0.13 ----

ADS C:\Users\oheretic\Favorites\Gadets & Gizmos\:favicon

---- EOF - GMER 1.0.13 ----

 

[oheretic]

And HijackThis - Here's hoping!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:30, on 21/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\TPPALDR.EXE
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [TPP Auto Loader] C:\Windows\TPPALDR.EXE
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlinkqueue.htm
O8 - Extra context menu item: Open current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebid.htm
O8 - Extra context menu item: Open link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 7675 bytes

 

[Shaba]

Hi

Yes, looks like that rootkit bagle has been killed

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe

Close all windows including browser and press fix checked.

Reboot.

Install one antivirus from below, please:

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Post back a fresh HijackThis log.

 

[oheretic]

All instructions followed and I have installed Avast!

Thank you so much for taking the time and trouble to help me.I shall ensure everything is better protected in future.

Regards


Oheretic

 

[oheretic]

And here is the final HijackThis Log file:

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:41, on 22/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\TPPALDR.EXE
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [TPP Auto Loader] C:\Windows\TPPALDR.EXE
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlinkqueue.htm
O8 - Extra context menu item: Open current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebid.htm
O8 - Extra context menu item: Open link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 7884 bytes

 

[Shaba]

Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (If available otherwise Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
• Click OK
• Now under select a target to scan select My Computer
• The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button
• Save the file to your desktop.
• Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report

 

[oheretic]

Apologies - I was called away unexpectedly for a few days - am following next instructions now.

 

[oheretic]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 27, 2008 9:35:49 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 534146
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 143056
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:00:57

Infected Object Name / Virus Name / Last Action
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.113.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.113.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy893.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf8BC5.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf8BC6.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050107.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TM.blf Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows Defender\FileTracker\{20679184-1529-4302-82B0-890A291B0313} Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\oheretic\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\oheretic\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\oheretic\NTUSER.DAT Object is locked skipped
C:\Users\oheretic\ntuser.dat.LOG1 Object is locked skipped
C:\Users\oheretic\ntuser.dat.LOG2 Object is locked skipped

 

[oheretic]

C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Windows\Internet Logs\fwpktlog.txt Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

[oheretic]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:08, on 27/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\TPPALDR.EXE
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [TPP Auto Loader] C:\Windows\TPPALDR.EXE
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlinkqueue.htm
O8 - Extra context menu item: Open current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebid.htm
O8 - Extra context menu item: Open link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 7860 bytes

 

[Shaba]

Hi

That looks good

Still problems?

 

[Shaba]

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.