Help !! VX2 -Aurora - Abetterinternet

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Alun

Thread Starter
Joined
Jun 22, 2005
Messages
6
Please help.
Problems with Slow running machine, pop ups, icons dissapear from my desktop a few seconds after startup.

Spybot - Search & Destroy version: 1.4 detects the following:

AbetterInternet: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-448539723-854245398-839522115-1003\Software\aurora

Adaware detects multiple instances of "VX2"

installed lavasofts "vx2 remover" to no effect.

Thanks for any advice you can give.
Alun

Hijack-this log follows:
-=-=-=-=-
Logfile of HijackThis v1.99.1
Scan saved at 3:21:40 PM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.guardian.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program

Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} -

C:\WINDOWS\System32\WinStat12.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio

Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator

6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator

6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] G:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [qna] C:\WINDOWS\System32\qna.exe
O4 - HKLM\..\Run: [ahrcic] C:\WINDOWS\System32\ahrcic.exe
O4 - HKLM\..\Run: [ojqlhv] C:\WINDOWS\System32\ojqlhv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -

http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup

.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) -

http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} -

http://www.alwaysupdatednews.com/install/aun_0032.exe
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -

http://www.live365.com/players/play365.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} -

http://www.pacimedia.com/install/pcs_0006.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - G:\Program

Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: DefWatch - Symantec Corporation -

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - G:\Program

Files\iTunes\bin\iPodService.exe
O23 - Service: MacFormatService - Unknown owner - g:\program files\mac_opener\FORMATM.EXE"

/SERVICE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation -

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown

owner - G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
 
Joined
Jul 26, 2002
Messages
46,353
Hi Alun

Welcome to TSG! :)

* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.



* Also Click here to download Nailfix.zip.
Unzip it to the desktop but please do NOT run it yet.


* Go here to download and install CCleaner
Do not use it yet.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.


* Now run Ewido:
  • Click on scanner
  • Put a check by the following before you scan:
    • Binder
      [*]Crypter
      [*]Archives
  • Click the Start Scan button to start the scan.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop



* Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the Ewido scan.
 

Alun

Thread Starter
Joined
Jun 22, 2005
Messages
6
Thank you for your help!!
sorry I had to run out on you last night (had to get my kids from school).

Ok.
followed instructions and things are looking better already.
Here are the requested logs:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:04:52 AM, 6/23/2005
+ Report-Checksum: ED954321

+ Date of database: 6/22/2005
+ Version of scan engine: v3.0

+ Duration: 37 min
+ Scanned Files: 85415
+ Speed: 37.60 Files/Second
+ Infected files: 19
+ Removed files: 18
+ Files put in quarantine: 18
+ Files that could not be opened: 0
+ Files that could not be cleaned: 1

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\
E:\
G:\

+ Scan result:
C:\Documents and Settings\User #2\Cookies\user #2@user [30].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\Alun\cd_images\warez_2_cd\StreamBoxVCR\StreamboxVcrSuite1.zip/StreamboxVcrSuite1.exe -> TrojanDropper.Small.ys -> Error during cleaning
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df103.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df111.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df115.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df117.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df118.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df119.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df120.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df125.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df130.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df135.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df141.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df154.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df87.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df94.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df96.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df97.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\RECYCLER\S-1-5-21-1957994488-1606980848-725345543-1005\Df99.txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End


-=-=-=-=-=-
Logfile of HijackThis v1.99.1
Scan saved at 10:26:54 AM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
g:\program files\mac_opener\FORMATM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
G:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
G:\Program Files\iTunes\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] G:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0032.exe
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0006.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - G:\Program Files\iTunes\bin\iPodService.exe
O23 - Service: MacFormatService - Unknown owner - g:\program files\mac_opener\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown
owner - G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

-=-=-=-=-=-=-=
 
Joined
Jul 26, 2002
Messages
46,353
Download DelDomains.inf from here.

Rightclick DelDomains.inf and choose install.


Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O2 - BHO: (no name) - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - (no file)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...Bridge-c139.cab

O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0032.exe

O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab

O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0006.exe


Restart your computer.


Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
 

Alun

Thread Starter
Joined
Jun 22, 2005
Messages
6
here are the requested reports:
(actually posting in two different messages - post has too many charecters)

Active scan report
Incident Status Location Spyware:Spyware/SurfSideKick No disinfected Windows Registry
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Alun Thomas\Application Data\Sskknwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Alun Thomas\Application Data\Sskuknwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\User #2\Local Settings\Temp\i1.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\User #2\Local Settings\Temp\i3.tmp
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\codecs\WMSDKACodec.french
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\codecs\WMSDKACodec.german
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\codecs\WMSDKACodec.italian
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\codecs\WMSDKACodec.japanese
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\codecs\WMSDKVCodec.french
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\codecs\WMSDKVCodec.german
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\codecs\WMSDKVCodec.italian
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\codecs\WMSDKVCodec.japanese
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\writers\RealMediaWriter.french
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\writers\RealMediaWriter.german
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\writers\RealMediaWriter.italian
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\writers\RealMediaWriter.japanese
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\writers\WinMediaWriter.french
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\writers\WinMediaWriter.german
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\writers\WinMediaWriter.italian
Adware:Adware/PsGuard No disinfected C:\Program Files\Adobe\Premiere Elements 1.0\MediaIO\writers\WinMediaWriter.japanese
Adware:Adware/Transponder No disinfected C:\WINDOWS\kydcrzs.exe
Adware:Adware/PsGuard No disinfected D:\Alun\Easy_cd_backup\program files\Roxio\Easy Media Creator 7\Player\French\PlayerRes.dll
Adware:Adware/PsGuard No disinfected D:\Alun\Easy_cd_backup\program files\Roxio\Easy Media Creator 7\Player\German\PlayerRes.dll
Adware:Adware/PsGuard No disinfected D:\Alun\Easy_cd_backup\program files\Roxio\Easy Media Creator 7\Player\Japanese\PlayerRes.dll
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Codecs\WMSDKACodec.French
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Codecs\WMSDKACodec.German
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Codecs\WMSDKACodec.Italian
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Codecs\WMSDKACodec.Japanese
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Codecs\WMSDKACodec.Spanish
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Codecs\WMSDKVCodec.French
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Codecs\WMSDKVCodec.German
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Codecs\WMSDKVCodec.Italian
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Codecs\WMSDKVCodec.Japanese
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Codecs\WMSDKVCodec.Spanish
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Writers\RealMediaWriter.french
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Writers\RealMediaWriter.german
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Writers\RealMediaWriter.italian
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Writers\RealMediaWriter.japanese
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Writers\RealMediaWriter.spanish
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Writers\WinMediaWriter.French
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Writers\WinMediaWriter.German
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Writers\WinMediaWriter.Italian
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Writers\WinMediaWriter.japanese
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After Effects 6.5\Support Files\Plug-ins\Standard\Format\MediaIO\Writers\WinMediaWriter.Spanish
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WMSDKACodec.French.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WMSDKACodec.German.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WMSDKACodec.Italian.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WMSDKACodec.Japanese.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WMSDKACodec.Spanish.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WMSDKVCodec.French.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WMSDKVCodec.German.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WMSDKVCodec.Italian.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WMSDKVCodec.Japanese.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WMSDKVCodec.Spanish.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][RealMediaWriter.french.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][RealMediaWriter.german.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][RealMediaWriter.italian.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][RealMediaWriter.japanese.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][RealMediaWriter.spanish.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WinMediaWriter.French.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WinMediaWriter.German.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WinMediaWriter.Italian.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WinMediaWriter.japanese.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\AfterEffects_6_5_Tryout.zip[SUB_PL~1.cab][WinMediaWriter.Spanish.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WMSDKACodec.French.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WMSDKACodec.German.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WMSDKACodec.Italian.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WMSDKACodec.Japanese.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WMSDKACodec.Spanish.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WMSDKVCodec.French.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WMSDKVCodec.German.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WMSDKVCodec.Italian.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WMSDKVCodec.Japanese.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WMSDKVCodec.Spanish.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[RealMediaWriter.french.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[RealMediaWriter.german.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[RealMediaWriter.italian.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[RealMediaWriter.japanese.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[RealMediaWriter.spanish.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WinMediaWriter.French.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WinMediaWriter.German.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WinMediaWriter.Italian.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WinMediaWriter.japanese.FA730683_9CD6_4333_B97F_6256CC511180]
Adware:Adware/PsGuard No disinfected G:\Program Files\Adobe\After_Effects_DEMO\SUB_PL~1.cab[WinMediaWriter.Spanish.FA730683_9CD6_4333_B97F_6256CC511180]

-=-=-=-=-=-
hijack-this log in next posting
=-=-=-=-=-=-=-=-=-
 

Alun

Thread Starter
Joined
Jun 22, 2005
Messages
6
-=-=-=-=-=-=-

Logfile of HijackThis v1.99.1
Scan saved at 2:30:36 PM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
g:\program files\mac_opener\FORMATM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
G:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
G:\Program Files\iTunes\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio

Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator

6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator

6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] G:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup

.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -

http://www.live365.com/players/play365.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - G:\Program

Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: DefWatch - Symantec Corporation -

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security

suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - G:\Program

Files\iTunes\bin\iPodService.exe
O23 - Service: MacFormatService - Unknown owner - g:\program files\mac_opener\FORMATM.EXE"

/SERVICE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation -

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown

owner - G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe


Cheers!
Alun
 
Joined
Jul 26, 2002
Messages
46,353
I really don't know what to make of all those files it detected ans PSGuard in the G:\Program Files\Adobe folder. I suspect that is a false positive there.


* Click Here and download Killbox and save it to your desktop.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Documents and Settings\Alun Thomas\Application Data\Sskknwrd.dll

C:\Documents and Settings\Alun Thomas\Application Data\Sskuknwrd.dll

C:\Documents and Settings\User #2\Local Settings\Temp\i1.tmp

C:\Documents and Settings\User #2\Local Settings\Temp\i3.tmp


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Go here and do an online virus scan.

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
 

Alun

Thread Starter
Joined
Jun 22, 2005
Messages
6
Thank you very much for your excellent advice, obviously I would never have managed to work out such a complex "cure" without your guidance.
I appreciate your thouroughness and the time you have invested in this solution.
I will certainly be making a "pay-pal" donation and reccommending your site to everyone I know.
I've also learned a lot in the process.
Thanks again,
Alun


Logfile of HijackThis v1.99.1
Scan saved at 10:49:14 AM, on 6/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
g:\program files\mac_opener\FORMATM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
G:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
G:\Program Files\iTunes\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] G:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - G:\Program Files\iTunes\bin\iPodService.exe
O23 - Service: MacFormatService - Unknown owner - g:\program files\mac_opener\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe


Cheers!
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
I have had a word with one of the Panda guys who deal with the online scanner to alert of the possible FP's with the adobe listings
 
Joined
Jul 26, 2002
Messages
46,353
Thanks Derek! (y)

Alun

Your log is clean now, but one thing that I nitice is that you have Norton, but Autoprotect and email scanning are not enabled. You need to enable all protection in Norton then restart your computer. Right now you are not protected at all.


Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Just heard back from Panda and they were FP's and were fixed on the day we reported.
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top