error opening web pages in every browser

Discussion in 'Windows - Virus and spyware problems' started by ssholovic, Mar 30, 2008.

  1. ssholovic

    ssholovic Member

    Joined:
    Mar 30, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Hi everyone, I am new here and i hope I will find a solution to my problem.
    I tried everything, I mean everything, I can't even write down all the software I used, they found something, cleared, but the problem is still active. When I browse internet, in every browser (FF, IE, Opera) on some adresses, I always get this message Firefox can't find the server at www.anything.com. I get this message usually on .com, .org domens, but hapens randomly. When I press REFRESH or Try again, it loads the web page normaly. This happens especially in Rapid Share when I enter the verification code. I get some strange ads. And Spybot, Spysweeper, AdAware, Kaspersky AV, and etc. nothing helped. Win Update also didn't work, but when some of these sofwares cleared some spyware it works now. If anyone can help please. And also in DC++ it doesn't connect automatically to hubs, and I have to refresh all connections tu hubs.
    here is my Hijack Log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:46:16 PM, on 3/30/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eDSMSNfix.exe
    C:\Program Files\WMonitor\InfoMyCa.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\Users\Oliver\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
    C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
    C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O1 - Hosts: ::1 localhost
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [eDSMSNfix] "C:\Acer\Empowering Technology\eDSMSNfix.exe"
    O4 - HKLM\..\Run: [Getca] "C:\Program Files\WMonitor\InfoMyCa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{11318B7D-E54A-4DFE-AF7D-6C16861BAE6B}
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: 54Mbps Wireless Network Service (54Mbps Wireless Network) - Unknown owner - C:\Program Files\WMonitor\WLService.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9257 bytes
     
    ssholovic, Mar 30, 2008
    #1
  2. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey ssholovic,

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.

    [*]Close all other windows before proceeding.
    [*]Double-click on dss.exe and follow the prompts.
    [*]When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

    Go!

    ~Ltangel~
     
    Ltangel, Mar 30, 2008
    #2
  3. ssholovic

    ssholovic Member

    Joined:
    Mar 30, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Thank you in advance!
    Here are the logs:

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft® Windows Vista™ Home Premium (build 6000)
    Architecture: X86; Language: English

    CPU 0: AMD Turion(tm) 64 Mobile Technology MK-38
    Percentage of Memory in Use: 58%
    Physical Memory (total/avail): 765.56 MiB / 314.32 MiB
    Pagefile Memory (total/avail): 1779.74 MiB / 914.75 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1936.34 MiB

    C: is Fixed (NTFS) - 32.52 GiB total, 14.48 GiB free.
    D: is Fixed (NTFS) - 32.25 GiB total, 14.54 GiB free.
    E: is CDROM (No Media)
    F: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - ST980811AS ATA Device - 74.53 GiB - 3 partitions
    \PARTITION0 - Unknown - 9.76 GiB
    \PARTITION1 (bootable) - MS-DOS V4 Huge - 32.52 GiB - C:
    \PARTITION2 - Installable File System - 32.25 GiB - D:



    -- Security Center -------------------------------------------------------------

    AUOptions is set to notify before install.
    Windows Internal Firewall is enabled.

    FW: Kaspersky Anti-Virus v7.0.0.125 (Kaspersky Lab) Disabled
    AV: ThreatFire v3.0.14.16 (PC Tools)
    AV: Kaspersky Anti-Virus v7.0.0.125 (Kaspersky Lab)
    AV: Spyware Doctor with AntiVirus v4.4.5 (PC Tools)
    AS: Spyware Doctor v5.5.0.212 (PC Tools) Disabled
    AS: Avira AntiVir PersonalEdition v 7.0.3.83
    (Avira GmbH)
    AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.)
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
    AS: Kaspersky Anti-Virus v7.0.0.125 (Kaspersky Lab)
    AS: ThreatFire v3.0.14.16 (PC Tools)
    AS: SUPERAntiSpyware v4, 0, 0, 1154 (SUPERAntiSpyware.com) Disabled
    AS: Spy Sweeper v5.5.7.124 (Webroot Software Inc) Disabled

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
    "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Oliver\AppData\Roaming
    CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=OLIVER-PC
    ComSpec=C:\Windows\system32\cmd.exe
    DEFAULT_CA_NR=CA8
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Oliver
    LOCALAPPDATA=C:\Users\Oliver\AppData\Local
    LOGONSERVER=\\OLIVER-PC
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Intuwave\Shared\mRouterRuntime
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=4c02
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Oliver\AppData\Local\Temp
    TMP=C:\Users\Oliver\AppData\Local\Temp
    USERDOMAIN=Oliver-PC
    USERNAME=Oliver
    USERPROFILE=C:\Users\Oliver
    windir=C:\Windows


    -- User Profiles ---------------------------------------------------------------

    Oliver (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
    --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\Setup.exe" -l0x9
    Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
    Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Any Video Converter 2.5.1 --> "C:\Program Files\Any Video Converter\unins000.exe"
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Applian FLV Player --> "C:\Windows\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
    ATI Uninstaller --> C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    doPDF 5.3 printer --> "C:\Program Files\Softland\doPDF 5\unins000.exe"
    ffdshow [rev 1685] [2007-12-06] --> "C:\Program Files\ffdshow\unins000.exe"
    File Renamer - Basic --> C:\Windows\File Renamer - Basic Uninstaller.exe
    FLV Downloader 1.01 --> "C:\Program Files\FLV Downloader 1.01\unins000.exe"
    GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
    GTK+ Runtime 2.12.1 rev b (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
    HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -Ic:\Release\Foxconn\51338\AcrZUn32z.inf
    Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
    Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
    KGB Archiver 1.2.1.24 --> "C:\Program Files\KGB Archiver\unins000.exe"
    LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
    Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
    Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MP3 Player Utilities 4.00 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    Nero 8 Micro 8.1.1.3 --> "C:\Program Files\Nero\unins000.exe"
    NoAdware v5.0 --> "C:\Program Files\NoAdware5.0\unins000.exe"
    Opera 9.26 --> MsiExec.exe /X{9894D22D-0558-41D9-95FC-8E9BFD6E8170}
    Orbit --> "C:\Program Files\Orbitdownloader\unins000.exe"
    PC Suite for Sony Ericsson --> C:\Windows\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\Setup.exe /uninstall
    PC Suite for Sony Ericsson --> MsiExec.exe /I{430EB7ED-8588-430D-B17C-BFFA00CB370A}
    QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
    Real Alternative 1.60 --> "C:\Program Files\Real Alternative\unins000.exe"
    Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
    Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
    Sony Ericsson Symbian 9 Drivers --> C:\Program Files\Sony Ericsson\Sony Ericsson Symbian 9 Drivers\ZEBRUninstall.exe
    Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
    SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Sweepi 5.4.00 --> "C:\Program Files\YooApplications\Sweepi\unins000.exe"
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Tag&Rename 3.4.6 --> "C:\Program Files\TagRename\unins000.exe"
    Trillian --> C:\Program Files\Trillian\Trillian.exe /uninstall
    TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
    Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
    Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    Wireless USB Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B6187C3-1FC2-453D-96D4-592798BB31A6}\Setup.exe" -l0x9 -L0x9
    Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
    Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe"


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type13296 / Success
    Event Submitted/Written: 03/30/2008 02:36:09 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type13285 / Success
    Event Submitted/Written: 03/30/2008 02:25:29 PM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type13283 / Success
    Event Submitted/Written: 03/30/2008 02:25:26 PM
    Event ID/Source: 5615 / WinMgmt
    Event Description:


    Event Record #/Type13276 / Success
    Event Submitted/Written: 03/30/2008 02:25:12 PM
    Event ID/Source: 902 / Software Licensing Service
    Event Description:
    The Software Licensing service has started.

    Event Record #/Type13261 / Error
    Event Submitted/Written: 03/30/2008 01:26:28 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application Explorer.EXE, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
    process id 0x60c, application start time 0xExplorer.EXE0.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type51889 / Warning
    Event Submitted/Written: 03/30/2008 02:33:21 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %Oliver-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Oliver-PC27 can't undo changes that you allow.

    For more information please see the following:
    %Oliver-PC275

    Scan ID: {ABFC3F6E-2010-41E1-A6C7-30C8A3181C56}

    User: Oliver-PC\Oliver

    Name: %Oliver-PC271

    ID: %Oliver-PC272

    Severity ID: %Oliver-PC273

    Category ID: %Oliver-PC274

    Path Found: %Oliver-PC276

    Alert Type: %Oliver-PC278

    Detection Type: 1.1.1505.02

    Event Record #/Type51868 / Error
    Event Submitted/Written: 03/30/2008 02:26:31 PM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    TfFsMon
    TfSysMon

    Event Record #/Type51847 / Error
    Event Submitted/Written: 03/30/2008 02:26:31 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    ThreatFire%%2

    Event Record #/Type51837 / Error
    Event Submitted/Written: 03/30/2008 02:26:31 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    CSIScanner%%3

    Event Record #/Type51790 / Error
    Event Submitted/Written: 03/30/2008 02:24:57 PM
    Event ID/Source: 6008 / EventLog
    Event Description:
    The previous system shutdown at 2:22:12 PM on 3/30/2008 was unexpected.



    -- End of Deckard's System Scanner: finished at 2008-03-30 17:12:29 ------------

    Deckard's System Scanner v20071014.68
    Run by Oliver on 2008-03-30 17:08:23
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 5 Restore Point(s) --
    13: 2008-03-30 09:41:03 UTC - RP449 - Windows Defender Checkpoint
    12: 2008-03-29 10:41:58 UTC - RP447 - Before uninstall Spyware Doctor 5.5
    11: 2008-03-29 09:09:18 UTC - RP445 - Windows Defender Checkpoint
    10: 2008-03-29 00:54:19 UTC - RP443 - Windows Update
    9: 2008-03-29 00:46:03 UTC - RP442 - Windows Update


    -- First Restore Point --
    1: 2008-03-28 21:24:14 UTC - RP427 - Before uninstall Samsung PC Studio 3 USB Driver Installer


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 766 MiB (1024 MiB recommended).


    -- HijackThis (run as Oliver.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:09:41 PM, on 3/30/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eDSMSNfix.exe
    C:\Program Files\WMonitor\InfoMyCa.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\Users\Oliver\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
    C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
    C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
    C:\Users\Oliver\Desktop\dss.exe
    C:\Windows\system32\conime.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Oliver.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O1 - Hosts: ::1 localhost
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [eDSMSNfix] "C:\Acer\Empowering Technology\eDSMSNfix.exe"
    O4 - HKLM\..\Run: [Getca] "C:\Program Files\WMonitor\InfoMyCa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{11318B7D-E54A-4DFE-AF7D-6C16861BAE6B}
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: 54Mbps Wireless Network Service (54Mbps Wireless Network) - Unknown owner - C:\Program Files\WMonitor\WLService.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9151 bytes

    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

    backup-20080314-104718-246 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ahsan_Manan_Khan_Bhutta * Internet Explorer *
    backup-20080314-104922-695 O23 - Service: KQN - Unknown owner - C:\Users\Oliver\AppData\Local\Temp\KQN.exe (file missing)
    backup-20080314-104922-740 O23 - Service: YGSCWWQN - Unknown owner - C:\Users\Oliver\AppData\Local\Temp\YGSCWWQN.exe (file missing)
    backup-20080328-121405-536 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    backup-20080328-123006-761 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    backup-20080328-123006-885 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    backup-20080329-000336-862 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    backup-20080329-000336-970 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    backup-20080330-140125-403 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    -- File Associations -----------------------------------------------------------

    .reg - regfile - shell\open\command - regedit.exe"%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 StarOpen - c:\windows\system32\drivers\staropen.sys
    R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
    R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

    S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - \??\c:\windows\system32\drivers\nsdriver.sys
    S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - \??\c:\windows\system32\drivers\awrtpd.sys
    S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - \??\c:\windows\system32\drivers\awrtrd.sys
    S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 54Mbps Wireless Network (54Mbps Wireless Network Service) - c:\program files\wmonitor\wlservice.exe
    R2 ALaunchService (ALaunch Service) - c:\acer\alaunch\alaunchsvc.exe <Not Verified; ; ALaunchSvc Service Image>
    R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
    R2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p

    S2 CSIScanner -
    S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
    S2 ThreatFire - c:\program files\threatfire\tfservice.exe service (file missing)
    S4 KQN - c:\users\oliver\appdata\local\temp\kqn.exe (file missing)
    S4 YGSCWWQN - c:\users\oliver\appdata\local\temp\ygscwwqn.exe (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros AR5007EG Wireless Network Adapter
    Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04281468&REV_01\4&188A24BE&0&0020
    Manufacturer: Atheros Communications Inc.
    Name: Atheros AR5007EG Wireless Network Adapter
    PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04281468&REV_01\4&188A24BE&0&0020
    Service: athr


    -- Scheduled Tasks -------------------------------------------------------------

    2008-03-30 10:36:38 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{11318B7D-E54A-4DFE-AF7D-6C16861BAE6B}.job
    2008-03-28 18:27:26 378 --a------ C:\Windows\Tasks\1-Click Maintenance.job
    2008-01-17 16:57:44 256 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job


    -- Files created between 2008-02-29 and 2008-03-30 -----------------------------

    2008-03-30 14:22:26 10880 --a------ C:\Windows\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI>
    2008-03-30 14:22:25 0 d-------- C:\Program Files\PrevxCSI
    2008-03-30 14:22:19 0 d-------- C:\Users\All Users\PrevxCSI
    2008-03-29 20:34:25 0 d-------- C:\Program Files\NoAdware5.0
    2008-03-28 17:05:05 0 d-------- C:\Program Files\TagRename
    2008-03-28 16:53:49 394240 --a------ C:\Windows\system32\Smab.dll
    2008-03-28 16:53:47 719872 --a------ C:\Windows\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
    2008-03-28 16:53:46 318976 --a------ C:\Windows\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
    2008-03-28 16:53:44 27648 --a------ C:\Windows\system32\AVSredirect.dll
    2008-03-28 16:53:44 66560 --a------ C:\Windows\MOTA113.exe
    2008-03-28 16:53:43 70656 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
    2008-03-28 16:53:43 70656 --a------ C:\Windows\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
    2008-03-28 16:53:40 217073 --a------ C:\Windows\meta4.exe
    2008-03-28 16:53:39 0 d-------- C:\Program Files\AviSynth 2.5
    2008-03-28 16:50:54 0 d-------- C:\Program Files\eRightSoft
    2008-03-28 12:38:30 208896 --a------ C:\Windows\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
    2008-03-28 12:38:11 0 d-------- C:\Program Files\Comodo
    2008-03-28 12:06:28 0 d-------- C:\Users\All Users\Malwarebytes
    2008-03-28 12:06:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-03-28 11:58:55 0 d-------- C:\Program Files\SpywareGuard
    2008-03-27 21:12:15 0 d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-27 17:04:45 0 d-------- C:\Users\All Users\PC Tools
    2008-03-27 17:04:45 0 d-------- C:\Program Files\Spyware Doctor
    2008-03-27 14:21:54 0 d-------- C:\Users\All Users\Avira
    2008-03-17 19:12:34 0 d-------- C:\Program Files\a-squared Free
    2008-03-15 11:38:55 0 d-------- C:\Windows\Sun
    2008-03-15 11:17:19 0 d-------- C:\Program Files\Trillian
    2008-03-14 17:19:28 0 d-------- C:\Program Files\Lavasoft
    2008-03-14 14:54:50 0 d-------- C:\Users\All Users\Webroot
    2008-03-14 14:54:50 0 d-------- C:\Program Files\Webroot
    2008-03-14 14:13:25 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
    2008-03-14 12:55:48 0 --a------ C:\Windows\system32\SBRC.dat
    2008-03-14 12:55:48 0 --a------ C:\Windows\system32\SBFC.dat
    2008-03-14 10:45:43 0 d-------- C:\Program Files\Trend Micro
    2008-03-11 23:34:17 0 d-------- C:\Program Files\Intuwave
    2008-03-11 23:34:01 0 d-------- C:\Program Files\Symbian
    2008-03-11 23:33:13 0 d-------- C:\Users\All Users\Sony Ericsson
    2008-03-11 23:33:13 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
    2008-03-11 23:33:07 0 d-------- C:\Program Files\Common Files\Teleca Shared
    2008-03-11 23:33:06 0 d-------- C:\Program Files\Sony Ericsson
    2008-03-11 23:33:05 0 d-------- C:\Users\All Users\Teleca
    2008-03-11 23:30:35 0 d-------- C:\Windows\Downloaded Installations
    2008-02-29 15:01:24 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
    2008-02-29 14:37:57 0 d-------- C:\Program Files\SuperRam


    -- Find3M Report ---------------------------------------------------------------

    2008-03-30 14:33:58 0 d-------- C:\Users\Oliver\AppData\Roaming\Orbit
    2008-03-29 22:35:55 12 --a------ C:\Windows\bthservsdp.dat
    2008-03-29 11:51:15 0 d-------- C:\Program Files\Common Files
    2008-03-29 09:57:15 0 d-------- C:\Program Files\Windows Mail
    2008-03-29 02:02:08 0 d-------- C:\Program Files\Windows Live
    2008-03-29 01:08:04 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-03-28 23:12:28 174 --ahs---- C:\Program Files\desktop.ini
    2008-03-28 12:06:37 0 d-------- C:\Users\Oliver\AppData\Roaming\Malwarebytes
    2008-03-27 21:12:15 0 d-------- C:\Users\Oliver\AppData\Roaming\SUPERAntiSpyware.com
    2008-03-27 21:09:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-27 16:55:37 0 d-------- C:\Program Files\Opera
    2008-03-27 14:33:17 0 d-------- C:\Users\Oliver\AppData\Roaming\Real
    2008-03-22 12:08:18 0 d-------- C:\Program Files\Winamp
    2008-03-17 20:47:08 0 d-------- C:\Program Files\Macrogaming
    2008-03-15 11:29:32 0 d-------- C:\Users\Oliver\AppData\Roaming\Trillian
    2008-03-14 14:54:50 0 d-------- C:\Users\Oliver\AppData\Roaming\Webroot
    2008-03-14 12:03:20 0 d-------- C:\Users\Oliver\AppData\Roaming\Sunbelt Software
    2008-03-11 23:45:48 0 d-------- C:\Users\Oliver\AppData\Roaming\Teleca
    2008-03-11 23:34:29 0 d-------- C:\Users\Oliver\AppData\Roaming\Sony Ericsson
    2008-03-11 22:44:18 0 d-------- C:\Users\Oliver\AppData\Roaming\Any Video Converter
    2008-03-05 23:38:38 0 d-------- C:\Program Files\Acer Inc
    2008-03-05 23:30:58 0 d-------- C:\Program Files\mIRC
    2008-02-29 15:02:24 0 d-------- C:\Users\Oliver\AppData\Roaming\Mozilla
    2008-02-26 00:40:20 0 d-------- C:\Program Files\TuneUp Utilities 2008
    2008-02-25 20:06:43 0 d-------- C:\Program Files\YooApplications
    2008-02-24 17:12:35 0 d-------- C:\Users\Oliver\AppData\Roaming\mIRC
    2008-02-22 16:01:20 0 d-------- C:\Program Files\FLV Player
    2008-02-21 19:44:04 0 d-------- C:\Users\Oliver\AppData\Roaming\GHISLER
    2008-02-21 13:24:51 0 d-------- C:\Users\Oliver\AppData\Roaming\Yahoo!
    2008-02-19 11:16:49 0 d-------- C:\Program Files\Yahoo!
    2008-02-19 01:39:22 0 d-------- C:\Users\Oliver\AppData\Roaming\zbusoft
    2008-02-19 01:37:10 0 d-------- C:\Program Files\FLV Downloader 1.01
    2008-02-18 23:37:33 0 d-------- C:\Users\Oliver\AppData\Roaming\SoftMaker
    2008-02-11 17:38:16 0 d-------- C:\Users\Oliver\AppData\Roaming\.purple
    2008-02-11 17:37:34 0 d-------- C:\Users\Oliver\AppData\Roaming\Adobe
    2008-02-11 17:34:31 0 d-------- C:\Users\Oliver\AppData\Roaming\Skype
    2008-02-11 17:01:04 0 d-------- C:\Users\Oliver\AppData\Roaming\skypePM
    2008-02-11 13:09:55 0 d-------- C:\Program Files\Common Files\Adobe
    2008-02-01 11:11:10 586240 --a------ C:\Windows\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
    2008-01-20 12:14:43 120545 --a------ C:\Windows\File Renamer - Basic Uninstaller.exe
    2008-01-18 15:45:33 0 --a------ C:\Windows\system32\Ultra.dll


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [12/01/2006 06:37 AM C:\Windows\RtHDVCpl.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/06/2007 02:23 PM]
    "eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [02/08/2007 06:40 PM]
    "Getca"="C:\Program Files\WMonitor\InfoMyCa.exe" [03/10/2004 01:57 PM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
    "PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [11/08/2007 02:06 PM]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [09/30/2007 06:28 PM]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 12:51 PM]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "@"="" []
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 08:35 PM]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 01:35 PM]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
    "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [11/02/2006 10:45 AM]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 01:36 PM]

    C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [10/4/2007 9:54:24 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    "mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
    "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0401ac59-80ad-11dc-be54-001b243acdf6}]
    AutoRun\command- F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23680d27-efbb-11dc-82c7-001b243acdf6}]
    AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec /fums {12BC816B-8F68-CAB4-867E-FA0FEF15FB36} /qb

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-03-30 17:12:29 ------------

     
    ssholovic, Mar 30, 2008
    #3
  4. creaky

    creaky Moderator Staff Member

    Joined:
    Jan 14, 2005
    Messages:
    27,900
    Likes Received:
    1
    Trophy Points:
    96
    creaky, Mar 30, 2008
    #4
  5. creaky

    creaky Moderator Staff Member

    Joined:
    Jan 14, 2005
    Messages:
    27,900
    Likes Received:
    1
    Trophy Points:
    96
    reopened by request
     
    creaky, Mar 31, 2008
    #5

Share This Page