honey_sucker7814

Spyware 2008 Giving Me Hardtime[RESOLVED]

Recommended Posts

I installed MAMB..Ran full scan...rebooted...no luck. Tried in safe mode...deleted the reg entries given in other forums...no luck. I am posting my hizackthis log...Please help.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:34:33, on 12/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\AccessManager\Client\AMBroker.exe

C:\Program Files\LANDesk\Shared Files\residentagent.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe

C:\Program Files\LANDesk\LDClient\LocalSch.EXE

C:\WINDOWS\system32\CBA\pds.exe

C:\Program Files\LANDesk\LDClient\tmcsvc.exe

C:\PROGRA~1\LANDesk\LDClient\issuser.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\lotus\notes\ntmulti.exe

C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe

C:\ODI\OStore\BIN\OSCMGR6.EXE

C:\ODI\OStore\BIN\OSSERVER.EXE

C:\oracle\ora92\bin\omtsreco.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe

C:\SiebelAnalytics\Bin\NQSComGateway.exe

C:\SiebelAnalytics\Bin\nqsserver.exe

C:\Program Files\LANDesk\LDClient\softmon.exe

C:\Program Files\AccessManager\PMAC\sp_SWIns.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

C:\Program Files\AccessManager\Client\sygman.exe

C:\WINDOWS\system32\kktools\userdump.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\SiebelAnalytics\SQLAnywhere\dbeng8.exe

C:\WINDOWS\system32\winscenter.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\AccessManager\Client\AccessMgr.exe

C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Sun\SDK\jdk\bin\javaw.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.merck.de/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.1.117:8080

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe

O4 - HKLM\..\Run: [MerckPrivateDataCheck] cachedos C:\Windows\System32\MyLocalDataShorcutcheck.vbs

O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"

O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDISCN32.EXE" /NTT=USSE1LDMSNA01.na.merckgroup.com:5007 /S="USSE1LDMSNA01.na.merckgroup.com" /I=HTTP://USSE1LDMSNA01.na.merckgroup.com/ldlogon/ldappl3.ldz /NOUI /W=900

O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /to=30

O4 - HKLM\..\Run: [LANDeskVulscanClient] "C:\Program Files\LANDesk\LDClient\vulScan.exe" /noreboot

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: SDK Tray Menu.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: VPN Client.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm

O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.merckgroup.com (HKLM)

O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://activex.microsoft.com/activex/contr...ce/outlctlx.CAB

O16 - DPF: {00D9C306-6B11-492A-9AFC-C53CE30849CF} (Siebel SmartScript) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Smartscript.cab

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://quickr02.merck.de/qp2.cab

O16 - DPF: {06314967-EECF-11D2-9D64-0000949887BE} (Siebel ERM eBriefings Offline Content Synchronization Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_ERM_ContentSync.cab

O16 - DPF: {0D68687A-A2A3-46EB-9ED9-956C83875A6C} (Siebel Marketing HTML Editor) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_HTML_Editor.cab

O16 - DPF: {169ADD4B-EE8B-4B27-B332-2941A82DA7E2} (Siebel Microsite Layout Designer) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Microsite_Layout.cab

O16 - DPF: {16C7BBB7-738A-47D7-956E-52DD9A166A9A} (Siebel Event Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Calendar.cab

O16 - DPF: {1D922C61-16AB-4179-8302-6B8A688C88D0} (CSSAxContainerCtrl Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Container_Control.cab

O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) -

O16 - DPF: {353F130D-72DB-4F14-B750-625F90D75D1B} (Siebel Test Automation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Test_Automation.cab

O16 - DPF: {3E8C4740-70C5-439E-AE2F-16234083E248} (Siebel High Interactivity Framework) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_HI_Client.cab

O16 - DPF: {4514F46B-308B-401B-969D-B62E288158ED} (CSSFlexAxContainerCtrl Class) - http://localhost/19238/applets/SiebelAx_Co...ner_Control.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/42.20/uploader2.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab

O16 - DPF: {48CE1C1F-092D-461C-A385-A0C3D19FE052} (Siebel iHelp) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_iHelp.cab

O16 - DPF: {5FCAD8CF-85C1-4FD9-BD04-995CBEBA5BEB} (Siebel Hospitality Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Hospitality_Gantt.cab

O16 - DPF: {73EF83D1-DA75-4F58-8DB6-1CD6D8F9C8A1} (Siebel Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Calendar.cab

O16 - DPF: {756E01C3-2CF9-4364-8724-B8C850CB0D50} (UInboxDynBtn Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_UInbox.cab

O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Desktop_Integration.cab

O16 - DPF: {96A3E5AB-C228-4D1D-B31F-712BA35EE470} (Siebel Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Gantt_Chart.cab

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -

O16 - DPF: {C5FEEC93-506D-4B41-A38B-3A59BF5B41AB} (Siebel Callcenter Communications Toolbar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_CTI_Toolbar.cab

O16 - DPF: {C657D5D2-D725-4F0E-91A9-EA74647DCF84} (Siebel Marketing Allocation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Allocation.cab

O16 - DPF: {D6CC2526-859B-40C0-8515-1A47946478B6} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_OutBound_mail.cab

O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://uscallcenter.us-siebel.us-bos01.ser...x_HI_Client.cab

O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://ch1tt031.ch-gva01.serono.com/pam_us...x_HI_Client.cab

O16 - DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} (ExecuteViewer2 Class) - http://usse1ldmsna01/common/ENUrcviewer.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ch2.serono.com/dana-cached/setup/JuniperSetupSP1.cab

O16 - DPF: {EFA4D912-2A19-4E6F-B681-4DC0C796FBD8} (Siebel SmartScript) - http://us1tt063/epharma_enu/19230/applets/...Smartscript.cab

O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\iTools.cab

O16 - DPF: {FB8A6B20-09DD-43D5-BF33-676DF96767F3} (Siebel High Interactivity Framework) - http://localhost/19238/applets/SiebelAx_HI_Client.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.merckgroup.com

O17 - HKLM\Software\..\Telephony: DomainName = na.merckgroup.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.merckgroup.com

O21 - SSODL: ieModule - {3A530F59-69CF-46B0-A6F9-AC1CBCB631A1} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll

O21 - SSODL: InternetConnection - {73E4214D-5483-4D82-AEFA-611C2EAB914A} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\rledtcblog.dll

O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe

O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe

O23 - Service: DB2 Management Service (TAEVAL20) (DB2MGMTSVC_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe

O23 - Service: DB2 Security Server (TAEVAL20) (DB2NTSECSERVER_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2sec.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe

O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE

O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe

O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe

O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe

O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe

O23 - Service: ObjectStore Cache Manager R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSCMGR6.EXE

O23 - Service: ObjectStore Server R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSSERVER.EXE

O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe

O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Siebel Analytics Java Host (sawjavahostsvc) - Unknown owner - C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Siebel Analytics Server - Siebel Systems, Inc. - C:\SiebelAnalytics\Bin\NQSComGateway.exe

O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe

O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe

O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 18127 bytes

Share this post


Link to post
Share on other sites

Hello and Welcome to the forums. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your computer problem today.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Share this post


Link to post
Share on other sites

Here is the requested log..

********************************************************************************

* *

* FixIEDef Log *

* Version 1.7.20.7201 *

* *

********************************************************************************

Created at 13:30:22 on Saturday, December 27, 2008

Time Zone : (GMT-05:00) Eastern Time (US & Canada)

Logged On User : m157236

Operating System : Microsoft Windows XP Professional Service Pack 2

OS Version : 5.1.2600

System Langauge : English (United States)

Keyboard Layout : English (United States)

Processor : X86 Intel® Core2 Duo CPU T7250 @ 2.00GHz

System Drive : H:\

Windows Directory : C:\WINDOWS

System Directory : C:\WINDOWS\system32

System Drive Type : Network

System Drive Status : READY

System Drive Label : Offline

System Drive Size : 76.31 GB

System Drive Free : 16.39 GB

Total Physical Memory: 3062 MB

Free Physical Memory : 2216 MB

Total Page File : 3062 MB

Free Page File : 3608 MB

Total Virtual Memory : 2048 MB

Free Virtual Memory : 1970 MB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\tmp.txt

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Share this post


Link to post
Share on other sites

Here is the output from Smitfraudfix

SmitFraudFix v2.387

Scan done at 15:38:17.23, Sat 12/27/2008

Run from C:\Documents and Settings\M157236.DNNA\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AccessManager\Client\AMBroker.exe

C:\Program Files\LANDesk\Shared Files\residentagent.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe

C:\Program Files\LANDesk\LDClient\LocalSch.EXE

C:\WINDOWS\system32\CBA\pds.exe

C:\Program Files\LANDesk\LDClient\tmcsvc.exe

C:\PROGRA~1\LANDesk\LDClient\issuser.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\lotus\notes\ntmulti.exe

C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe

C:\ODI\OStore\BIN\OSCMGR6.EXE

C:\ODI\OStore\BIN\OSSERVER.EXE

C:\oracle\ora92\bin\omtsreco.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe

C:\SiebelAnalytics\Bin\NQSComGateway.exe

C:\SiebelAnalytics\Bin\nqsserver.exe

C:\Program Files\LANDesk\LDClient\softmon.exe

C:\Program Files\AccessManager\PMAC\sp_SWIns.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

C:\Program Files\AccessManager\Client\sygman.exe

C:\WINDOWS\system32\kktools\userdump.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\SiebelAnalytics\SQLAnywhere\dbeng8.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\winscenter.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\AccessManager\Client\AccessMgr.exe

C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe

C:\Program Files\LANDesk\LDClient\LDISCN32.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\cidaemon.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» H:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\reged.exe FOUND !

C:\WINDOWS\spoolsystem.exe FOUND !

C:\WINDOWS\sys.com FOUND !

C:\WINDOWS\syscert.exe FOUND !

C:\WINDOWS\sysexplorer.exe FOUND !

C:\WINDOWS\vmreg.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\M157236.DNNA

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\M15723~1.DNN\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\M157236.DNNA\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\M15723~1.DNN\STARTM~1\Programs\Spyware Guard 2008 FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\M15723~1.DNN\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\M15723~1.DNN\Desktop\Spyware Guard 2008.lnk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Spyware Guard 2008\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, following keys are not inevitably infected!!!

o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport

DNS Server Search Order: 68.87.71.226

DNS Server Search Order: 68.87.73.242

DNS Server Search Order: 68.87.64.146

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

HKLM\SYSTEM\CS1\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

HKLM\SYSTEM\CS3\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

Hello again,

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Share this post


Link to post
Share on other sites

Thanks a lot for your help...

SmitFraudFix v2.387

Scan done at 23:16:16.89, Sun 12/28/2008

Run from C:\Documents and Settings\M157236.DNNA\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\reged.exe Deleted

C:\WINDOWS\spoolsystem.exe Deleted

C:\WINDOWS\sys.com Deleted

C:\WINDOWS\syscert.exe Deleted

C:\WINDOWS\sysexplorer.exe Deleted

C:\WINDOWS\vmreg.dll Deleted

C:\DOCUME~1\M15723~1.DNN\STARTM~1\Programs\Spyware Guard 2008 Deleted

C:\DOCUME~1\M15723~1.DNN\Desktop\Spyware Guard 2008.lnk Deleted

C:\Program Files\Spyware Guard 2008\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport

DNS Server Search Order: 68.87.71.226

DNS Server Search Order: 68.87.73.242

DNS Server Search Order: 68.87.64.146

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

HKLM\SYSTEM\CS1\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

HKLM\SYSTEM\CS3\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Once i rebooted, the Spyware guard came right away. Once i reboot, i get the Windows Security center window and then comes the spyware guard stuff.

Really appreciate your help...

Share this post


Link to post
Share on other sites

Hello again,

Download Roguescanfix.

  • Double-click roguescanfix_setup install automatically to C:\Program Files\Roguescanfix.
  • Accept the agreement and click Next.
  • Under additional icons, check "create a desktop icon", click Next, then Install.
  • You will be prompted to launch roguescanfix now. Click "Finish"
  • At the DOS window that opens "Press any key to continue..."

Note: This tool needs internet connection because it downloads an additional file to let the tool work properly. If your firewall gives an alert, allow it instead of blocking it.

In case you still get the message "BFU.exe is not present", download BFU.zip from here.

Unzip it and place BFU.exe inside the Roguescanfix folder. Then double-click Run.bat again.

  • The tool will uninstall some programs and delete related files and registry keys.
  • When some files won't get deleted, it will ask you to reboot your system to delete the files after reboot.
  • Please make sure the uninstall of the programs are finished before you click Yes to reboot.
  • A textfile wil open. Place the contents of that file in your next reply, along with a new Hijackthis logfile. (The textfile can also be found at C:\Program Files\Roguescanfix\task.txt)

Share this post


Link to post
Share on other sites

Here you go my friend....

task.txt

Export SharedTaskScheduler key

------------------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:36:39, on 12/29/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AccessManager\Client\AMBroker.exe

C:\Program Files\LANDesk\Shared Files\residentagent.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe

C:\Program Files\LANDesk\LDClient\LocalSch.EXE

C:\WINDOWS\system32\CBA\pds.exe

C:\Program Files\LANDesk\LDClient\tmcsvc.exe

C:\PROGRA~1\LANDesk\LDClient\issuser.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\lotus\notes\ntmulti.exe

C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe

C:\ODI\OStore\BIN\OSCMGR6.EXE

C:\ODI\OStore\BIN\OSSERVER.EXE

C:\oracle\ora92\bin\omtsreco.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe

C:\SiebelAnalytics\Bin\NQSComGateway.exe

C:\SiebelAnalytics\Bin\nqsserver.exe

C:\Program Files\LANDesk\LDClient\softmon.exe

C:\Program Files\AccessManager\PMAC\sp_SWIns.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

C:\Program Files\AccessManager\Client\sygman.exe

C:\WINDOWS\system32\kktools\userdump.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\SiebelAnalytics\SQLAnywhere\dbeng8.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\AccessManager\Client\AccessMgr.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe

C:\Program Files\LANDesk\LDClient\LDISCN32.EXE

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\winscenter.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.merck.de/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.1.117:8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe

O4 - HKLM\..\Run: [MerckPrivateDataCheck] cachedos C:\Windows\System32\MyLocalDataShorcutcheck.vbs

O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"

O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDISCN32.EXE" /NTT=USSE1LDMSNA01.na.merckgroup.com:5007 /S="USSE1LDMSNA01.na.merckgroup.com" /I=HTTP://USSE1LDMSNA01.na.merckgroup.com/ldlogon/ldappl3.ldz /NOUI /W=900

O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /to=30

O4 - HKLM\..\Run: [LANDeskVulscanClient] "C:\Program Files\LANDesk\LDClient\vulScan.exe" /noreboot

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: VPN Client.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm

O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.merckgroup.com (HKLM)

O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://activex.microsoft.com/activex/contr...ce/outlctlx.CAB

O16 - DPF: {00D9C306-6B11-492A-9AFC-C53CE30849CF} (Siebel SmartScript) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Smartscript.cab

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://quickr02.merck.de/qp2.cab

O16 - DPF: {06314967-EECF-11D2-9D64-0000949887BE} (Siebel ERM eBriefings Offline Content Synchronization Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_ERM_ContentSync.cab

O16 - DPF: {0D68687A-A2A3-46EB-9ED9-956C83875A6C} (Siebel Marketing HTML Editor) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_HTML_Editor.cab

O16 - DPF: {169ADD4B-EE8B-4B27-B332-2941A82DA7E2} (Siebel Microsite Layout Designer) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Microsite_Layout.cab

O16 - DPF: {16C7BBB7-738A-47D7-956E-52DD9A166A9A} (Siebel Event Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Calendar.cab

O16 - DPF: {1D922C61-16AB-4179-8302-6B8A688C88D0} (CSSAxContainerCtrl Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Container_Control.cab

O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) -

O16 - DPF: {353F130D-72DB-4F14-B750-625F90D75D1B} (Siebel Test Automation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Test_Automation.cab

O16 - DPF: {3E8C4740-70C5-439E-AE2F-16234083E248} (Siebel High Interactivity Framework) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_HI_Client.cab

O16 - DPF: {4514F46B-308B-401B-969D-B62E288158ED} (CSSFlexAxContainerCtrl Class) - http://localhost/19238/applets/SiebelAx_Co...ner_Control.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/42.20/uploader2.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab

O16 - DPF: {48CE1C1F-092D-461C-A385-A0C3D19FE052} (Siebel iHelp) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_iHelp.cab

O16 - DPF: {5FCAD8CF-85C1-4FD9-BD04-995CBEBA5BEB} (Siebel Hospitality Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Hospitality_Gantt.cab

O16 - DPF: {73EF83D1-DA75-4F58-8DB6-1CD6D8F9C8A1} (Siebel Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Calendar.cab

O16 - DPF: {756E01C3-2CF9-4364-8724-B8C850CB0D50} (UInboxDynBtn Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_UInbox.cab

O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Desktop_Integration.cab

O16 - DPF: {96A3E5AB-C228-4D1D-B31F-712BA35EE470} (Siebel Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Gantt_Chart.cab

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -

O16 - DPF: {C5FEEC93-506D-4B41-A38B-3A59BF5B41AB} (Siebel Callcenter Communications Toolbar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_CTI_Toolbar.cab

O16 - DPF: {C657D5D2-D725-4F0E-91A9-EA74647DCF84} (Siebel Marketing Allocation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Allocation.cab

O16 - DPF: {D6CC2526-859B-40C0-8515-1A47946478B6} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_OutBound_mail.cab

O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://uscallcenter.us-siebel.us-bos01.ser...x_HI_Client.cab

O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://ch1tt031.ch-gva01.serono.com/pam_us...x_HI_Client.cab

O16 - DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} (ExecuteViewer2 Class) - http://usse1ldmsna01/common/ENUrcviewer.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ch2.serono.com/dana-cached/setup/JuniperSetupSP1.cab

O16 - DPF: {EFA4D912-2A19-4E6F-B681-4DC0C796FBD8} (Siebel SmartScript) - http://us1tt063/epharma_enu/19230/applets/...Smartscript.cab

O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\iTools.cab

O16 - DPF: {FB8A6B20-09DD-43D5-BF33-676DF96767F3} (Siebel High Interactivity Framework) - http://localhost/19238/applets/SiebelAx_HI_Client.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.merckgroup.com

O17 - HKLM\Software\..\Telephony: DomainName = na.merckgroup.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.merckgroup.com

O21 - SSODL: ieModule - {3A530F59-69CF-46B0-A6F9-AC1CBCB631A1} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll

O21 - SSODL: InternetConnection - {73E4214D-5483-4D82-AEFA-611C2EAB914A} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\rledtcblog.dll

O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe

O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe

O23 - Service: DB2 Management Service (TAEVAL20) (DB2MGMTSVC_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe

O23 - Service: DB2 Security Server (TAEVAL20) (DB2NTSECSERVER_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2sec.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe

O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE

O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe

O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe

O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe

O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe

O23 - Service: ObjectStore Cache Manager R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSCMGR6.EXE

O23 - Service: ObjectStore Server R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSSERVER.EXE

O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe

O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Siebel Analytics Java Host (sawjavahostsvc) - Unknown owner - C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe

O23 - Service: Siebel Analytics Server - Siebel Systems, Inc. - C:\SiebelAnalytics\Bin\NQSComGateway.exe

O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe

O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe

O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 17093 bytes

FYI:::The spyware keeps coming up...

Share this post


Link to post
Share on other sites

Hello again,

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the fix below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :processes
    explorer.exe

    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\spywareguard
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\spywareguard
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008

    :files
    C:\WINDOWS\system32\winscenter.exe
    C:\Program Files\Spyware Guard 2008
    C:\Windows\reged.exe
    C:\Windows\spoolsystem.exe
    C:\Windows\sys.com
    C:\Windows\syscert.exe
    C:\Windows\sysexplorer.exe
    C:\Windows\vmreg.dll
    C:\Documents and Settings\M157236.DNNA\Desktop\Spyware Guard 2008.lnk
    C:\Documents and Settings\M157236.DNNA\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
    C:\Documents and Settings\M157236.DNNA\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk
    C:\Documents and Settings\M157236.DNNA\Application Data\Microsoft\Internet Explorer\olesys.dll

    :commands
    [purity]
    [emptytemp]
    [start explorer]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Share this post


Link to post
Share on other sites

When i pasted into the yellow box and clickde on MoveIt button. I am waiting for the past 10 mins and nothing seems to be happening. I saw the Process explorer.exe killed successfully.

After that there is REGISTRY and it is staying there for the past 10 mins.

Should this be taking so long.

Share this post


Link to post
Share on other sites

Looks like it is stuck at the Registry. Looks like it is not able to unregister the vmreg.dll.

If it helps - I tried to unregister the vmreg.dll earlier.But i could not. Maybe your application is also not able to uninstall.

I am comfortable with unregistering dll's,playing with regedit etc. Let me know

Share this post


Link to post
Share on other sites

Hello again,

Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.

  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • "Delete on Reboot
    • then Click on the "All Files" button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

    C:\Windows\vmreg.dll

    [*] Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

    [*]Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt.

If your computer does not restart automatically, please restart it manually

Share this post


Link to post
Share on other sites

Mhmm,

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the
    F8
    key until a menu appears.

    Use your up arrow key to highlight SafeMode then hit
    enter
    .


  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • System Memory

  • Startup Objects

  • Disk Boot Sectors.

  • My Computer.

  • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.

Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Share this post


Link to post
Share on other sites

i ran MAMB and deleted the spyware in safemode.Used CCCLeaner to clean the registry. In safe mode i restored my pc to a week before and the virus is gone.

I ran MAMB to clean up the System Volume Information drive as the spyware is still showing up in the system restores. Used AVG and MAMB to clean up everything.

This spyware comes back when started in normal mode along with the Windows Security center. Windows security center doesnt start in safe mode. I can access the System restore in safe mode.

Now my system is spyware free.

Thaanks for your help my friend.

Much appreciated.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.