Plese Help Me.

rick24
rick24
in Malware talk

I have 119 infections that are listed with No Possible Action. Below is what I have done and some information on the infections. Please help me. I am unable to fix this on my own.


I have removed superantispyware since some of the listing showed they were in superantispyware. The number of infections dropped. I had nearly 200 before.


I also removed spybot. Same reason and results.


I have disabled system restore. Same reason and results


Each one of the above steps helped to get rid of some infections.


Before removing spybot and superantispyware I ran them in Safe Mode. A couple of infections were found and fixed. Only about 8 between the 2 scans. I could not get Bitdefender to run in Safe Mode last night so I ran a online scan at TrendMicro. 2 or 3 infections fixed


So now I am left with the 119 infections that I can not remove. I have taken screenshots of the Bitdefender list. I have tried to attach them but 2 tries were un-successful. I am also going to try to post a highjackthis log as well. Please let me know what other information that would help you to help me and I will try to get it to you.


Please help me fix my computer. Thank You!


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 5:32:30 PM, on 12/20/2007


Platform: Windows Vista (WinNT 6.00.1904)


MSIE: Internet Explorer v7.00 (7.00.6000.16575)


Boot mode: Normal


Running processes:


C:\Windows\system32\taskeng.exe


C:\Windows\system32\Dwm.exe


C:\Windows\Explorer.EXE


C:\Windows\RtHDVCpl.exe


C:\Windows\zHotkey.exe


C:\Windows\ModPS2Key.exe


C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe


C:\Windows\GWHotKey.exe


C:\Program Files\Comodo\CBOClean\BOC425.EXE


C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe


C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe


C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe


C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


C:\Program Files\Windows Sidebar\sidebar.exe


C:\Program Files\Desktop Alert\desktopalert_2966922.exe


C:\Program Files\Trillian\trillian.exe


C:\Program Files\Windows Sidebar\sidebar.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5472


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5472


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GM5472


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;192.168.0.*;<local>


F3 - REG:win.ini: load=


F3 - REG:win.ini: run=


O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll


O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll


O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll


O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll


O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe


O4 - HKLM\..\Run: [CHotkey] zHotkey.exe


O4 - HKLM\..\Run: [showWnd] ShowWnd.exe


O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe


O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe


O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"


O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"


O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot


O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"


O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"


O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe


O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe


O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash


O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"


O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun


O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')


O4 - Startup: Desktop Alert.lnk = C:\Program Files\Desktop Alert\desktopalert_2966922.exe


O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe


O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present


O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe


O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL


O13 - Gopher Prefix:


O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab


O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab


O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab


O16 - DPF: {88650482-3892-11D5-8997-00104BD12D94} - http://support.gateway.com/support/profiler/PCPitStop.CAB


O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll


O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe


O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe


O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe


O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe


O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


--


End of file - 8671 bytes

Comments

  • alexcrist
    alexcrist

    Hello rick24,


    Please post a BitDefender scan log.


    Also, there are some things in the HijackThis! which require fixing, but I don't quite have time right now to carefully look over it. I'll post tomorrow what you need to fix.


    Cris.

  • rick24
    rick24
    Hello rick24,


    Please post a BitDefender scan log.


    Also, there are some things in the HijackThis! which require fixing, but I don't quite have time right now to carefully look over it. I'll post tomorrow what you need to fix.


    Cris.


    Here is the log you requested. I look forward to your reply tomorrow.


    BitDefender Log File !!!!!


    Product : BitDefender Total Security 2008


    Version : BitDefender UIScanner v.11


    Log date : 16:55:13 21/12/2007


    Log path : C:\ProgramData\BitDefender\Desktop\Profiles\Logs\deep_scan\1198274113_1_02.xml


    Scan Paths:Path0000: C:\


    Path0001: D:\


    Scan Options:Scan for viruses : Yes


    Scan for adware : Yes


    Scan for spyware : Yes


    Scan for applications : Yes


    Scan for dialers : Yes


    Scan for rootkits : Yes


    Target selection options:Scan registry keys : Yes


    Scan cookies : Yes


    Scan boot sectors : Yes


    Scan memory processes : Yes


    Scan archives : Yes


    Scan runtime packers : Yes


    Scan emails : Yes


    Scan all files : Yes


    Heuristic Scan : Yes


    Scanned extensions :


    Excluded extensions :


    Target ProcessingDefault action for infected objects : Disinfect


    Default action for suspicious objects : None


    Default action for hidden objects : None


    Scan engines summaryNumber of virus signatures : 961826


    Archive plugins : 41


    Email plugins : 6


    Scan plugins : 12


    Archive plugins : 41


    System plugins : 4


    Unpack plugins : 7


    Overall scan summaryScanned items : 291633


    Infected items : 0


    Suspicious items : 0


    Resolved items : 0


    Individual viruses found : 0


    Scanned directories : 12925


    Scanned boot sectors : 3


    Scanned archives : 4244


    Input-output errors : 51


    Scan time : 00:00:28:01


    Files per second : 173


    Scanned processes summaryScanned : 61


    Infected : 0


    Scanned registry keys summaryScanned : 392


    Infected : 0


    Scanned cookies summaryScanned : 0


    Infected : 0


    Remaining issues:Object Name Threat Name Final Status


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t.zip=]TVicHW64.sys Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t1.zip=]TVICHW32.VXD Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t1.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t2.zip=]npagent.dll Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t2.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t3.zip=]TVicHW32.sys Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t3.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop.zip=]sbRecovery.reg Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop1.zip=]sbRecovery.reg Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop1.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop2.zip=]sbRecovery.reg Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop2.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop3.zip=]sbRecovery.reg Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop3.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop4.zip=]sbRecovery.reg Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop4.zip=]sbRecovery.ini Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-14-2007 - 18-15-15.SBU=]{DE2F28C6-9349-4E1F-8D55-02517B31C403} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-14-2007 - 18-15-15.SBU=]{EA6B85E3-C3CE-4A6F-BD92-CDB85228028A} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-14-2007 - 18-15-15.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{2A1C7A21-C0C2-4C69-8F59-FCE36ADC8EAE} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{35887DF7-7C10-4569-ADC9-2C676E09D38D} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{3F75980C-F888-43EC-9CFB-4D635EC04DFD} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{5643D4FF-CAE2-4EBD-AD52-B9769C5FD266} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{65CD7151-24C9-4C90-A161-56BE5D9482EB} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{D48A1C99-F18C-44DD-B605-47FEB216A62E} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8J1MQI\Backup files 2.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-21-2007 - 18-30-27.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-22-2007 - 14-28-55.SBU=]{0C7E4DF9-EE6A-48AF-9F62-80FE9941D728} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-22-2007 - 14-28-55.SBU=]{3E5154BF-8073-46AF-80C7-193EE5CC7CF5} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-22-2007 - 14-28-55.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-28-2007 - 15-10-16.SBU=]{858536F6-ACA3-4B75-A51A-CFAFDF7BD6A9} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-28-2007 - 15-10-16.SBU=]{C1529C66-D6AF-4F4A-996F-B1B836FFE2FE} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-28-2007 - 15-10-16.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-01-2007 - 11-41-11.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-03-2007 - 14-30-05.SBU=]{41264515-3D91-46CC-A41A-1032935C32D3} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-03-2007 - 14-30-05.SBU=]{628C222D-DDDD-4BDB-B75A-79B7DAC46154} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-03-2007 - 14-30-05.SBU=]{B4FE5A70-081F-44B7-AB9F-057880C82C51} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-03-2007 - 14-30-05.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{32576699-DDF8-4944-A37F-AEA1AA4A7A62} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{3F5401C1-08F7-4DE2-88FB-A2AB959B9845} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{5BB36E46-542C-41F6-8E6D-094C013124D6} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{72F528BB-FFA1-44BD-BBF4-876F4CDA5848} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{7572F618-EA04-4341-A986-0774AE11AEEC} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{837F22FE-872C-4B5C-B0E3-1417F6112E5D} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{84D782C0-4A70-4031-A27E-F212F0B3781D} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{A6656C5C-11FE-46D7-8339-C4CC6889DEFE} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{D79FE34F-CC88-4A97-91D3-80A4B9F2245B} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-27-2007 - 10-52-35.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]{0481432C-74C0-45AA-85F9-CADF7501954A} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]{1F735E77-1381-48E9-B19C-F248AF19DFB6} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]{494FC18B-929F-42F3-B235-F50F04B5F44D} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]{A7475081-5277-4201-B0F0-B76F90239D83} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]{C66004AF-F547-4057-BB08-3EA5599263BD} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]backup.db Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]agntcons.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]agntlang.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]comctl.lpk Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]config.ini Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]pbar.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]UnInsStr.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]uninst.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]uninstall.htm Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]agntcons.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]agntlang.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]comctl.lpk Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]config.ini Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]pbar.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]UnInsStr.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]uninst.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]uninstall.htm Password-Protected Items No action was possible


    Resolved issues:Object Name Threat Name Final Status

  • alexcrist
    alexcrist
    edited December 2007

    Hello rick24,


    In HijackThis!, fix the following lines:


    F3 - REG:win.ini: load=
    F3 - REG:win.ini: run=
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O13 - Gopher Prefix:


    However, these are only leftovers, probably from a previous infection, cleaned by what you previously used.


    The rest of the infected files...you don't have to worry about them. See this topic for details: http://forum.bitdefender.com/index.php?showtopic=3584


    Cris.

  • rick24
    rick24
    Hello rick24,


    In HijackThis!, fix the following lines:


    F3 - REG:win.ini: load=
    F3 - REG:win.ini: run=
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O13 - Gopher Prefix:


    However, these are only leftovers, probably from a previous infection, cleaned by what you previously used.


    The rest of the infected files...you don't have to worry about them. See this topic for details: http://forum.bitdefender.com/index.php?showtopic=3584


    Cris.


    Cris, I have removed the 5 items using Hijackthis. I also read the thread with the question about why all thses files still show up in our Bitdefender log. That feature concerns me as well. For me anything I see in my log, I feel it needs to be removed. I understand that we are not supposed to worry about them.


    Now for a different direction.


    Can I find these achieved files in superantispyware and delete them? I have already tried to uninstall and reinstall superantispyware and that did not fix the programs files. So my question is how do I dump these files that Bitdefender is picking up?


    One other question. Recently when I start my computer I get this black screen with 3 options to start up. One is Windows Vista and I use that one. However there are 2 more options. Why am I getting that now? It almost looks like a Safe Mode window. Black screen and I have to use my arrow keys to make the choice. There is a timer there that will start in the Window Vista choice automatically if I don't choose one. I believe those options are correct. If that does not sound right let me know and I will make further notes to describe it better.

  • rick24
    rick24
    Cris, I have removed the 5 items using Hijackthis. I also read the thread with the question about why all thses files still show up in our Bitdefender log. That feature concerns me as well. For me anything I see in my log, I feel it needs to be removed. I understand that we are not supposed to worry about them.


    Now for a different direction.


    Can I find these achieved files in superantispyware and delete them? I have already tried to uninstall and reinstall superantispyware and that did not fix the programs files. So my question is how do I dump these files that Bitdefender is picking up?


    One other question. Recently when I start my computer I get this black screen with 3 options to start up. One is Windows Vista and I use that one. However there are 2 more options. Why am I getting that now? It almost looks like a Safe Mode window. Black screen and I have to use my arrow keys to make the choice. There is a timer there that will start in the Window Vista choice automatically if I don't choose one. I believe those options are correct. If that does not sound right let me know and I will make further notes to describe it better.


    Cris, I just ran another scan. My infections actally went up to 93 from 73. Below I am providing another Bitdefender scan as well as a Hijackthis log. Please also, if you can, tell me how to dump my superantispyware logs so they don't get picked up by Bitdefender.


    BitDefender Log File !!!!!


    Product : BitDefender Total Security 2008


    Version : BitDefender UIScanner v.11


    Log date : 10:47:02 22/12/2007


    Log path : C:\ProgramData\BitDefender\Desktop\Profiles\Logs\deep_scan\1198338422_1_02.xml


    Scan Paths:Path0000: C:\


    Path0001: D:\


    Scan Options:Scan for viruses : Yes


    Scan for adware : Yes


    Scan for spyware : Yes


    Scan for applications : Yes


    Scan for dialers : Yes


    Scan for rootkits : Yes


    Target selection options:Scan registry keys : Yes


    Scan cookies : Yes


    Scan boot sectors : Yes


    Scan memory processes : Yes


    Scan archives : Yes


    Scan runtime packers : Yes


    Scan emails : Yes


    Scan all files : Yes


    Heuristic Scan : Yes


    Scanned extensions :


    Excluded extensions :


    Target ProcessingDefault action for infected objects : Disinfect


    Default action for suspicious objects : None


    Default action for hidden objects : None


    Scan engines summaryNumber of virus signatures : 961857


    Archive plugins : 41


    Email plugins : 6


    Scan plugins : 12


    Archive plugins : 41


    System plugins : 4


    Unpack plugins : 7


    Overall scan summaryScanned items : 290842


    Infected items : 20


    Suspicious items : 0


    Resolved items : 20


    Individual viruses found : 16


    Scanned directories : 12869


    Scanned boot sectors : 3


    Scanned archives : 4244


    Input-output errors : 51


    Scan time : 00:00:32:52


    Files per second : 147


    Scanned processes summaryScanned : 62


    Infected : 0


    Scanned registry keys summaryScanned : 391


    Infected : 0


    Scanned cookies summaryScanned : 0


    Infected : 0


    Remaining issues:Object Name Threat Name Final Status


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t.zip=]TVicHW64.sys Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t1.zip=]TVICHW32.VXD Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t1.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t2.zip=]npagent.dll Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t2.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t3.zip=]TVicHW32.sys Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\eSupportFFBio###t3.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop.zip=]sbRecovery.reg Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop1.zip=]sbRecovery.reg Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop1.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop2.zip=]sbRecovery.reg Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop2.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop3.zip=]sbRecovery.reg Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop3.zip=]sbRecovery.ini Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop4.zip=]sbRecovery.reg Password-Protected Items No action was possible


    C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop4.zip=]sbRecovery.ini Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-14-2007 - 18-15-15.SBU=]{DE2F28C6-9349-4E1F-8D55-02517B31C403} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-14-2007 - 18-15-15.SBU=]{EA6B85E3-C3CE-4A6F-BD92-CDB85228028A} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-14-2007 - 18-15-15.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{2A1C7A21-C0C2-4C69-8F59-FCE36ADC8EAE} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{35887DF7-7C10-4569-ADC9-2C676E09D38D} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{3F75980C-F888-43EC-9CFB-4D635EC04DFD} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{5643D4FF-CAE2-4EBD-AD52-B9769C5FD266} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{65CD7151-24C9-4C90-A161-56BE5D9482EB} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]{D48A1C99-F18C-44DD-B605-47FEB216A62E} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R7XQ3XW\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-25-2007 - 19-21-42.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8J1MQI\Backup files 2.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-21-2007 - 18-30-27.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-22-2007 - 14-28-55.SBU=]{0C7E4DF9-EE6A-48AF-9F62-80FE9941D728} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-22-2007 - 14-28-55.SBU=]{3E5154BF-8073-46AF-80C7-193EE5CC7CF5} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-22-2007 - 14-28-55.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-28-2007 - 15-10-16.SBU=]{858536F6-ACA3-4B75-A51A-CFAFDF7BD6A9} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-28-2007 - 15-10-16.SBU=]{C1529C66-D6AF-4F4A-996F-B1B836FFE2FE} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-28-2007 - 15-10-16.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGQUMRP\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-01-2007 - 11-41-11.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-03-2007 - 14-30-05.SBU=]{41264515-3D91-46CC-A41A-1032935C32D3} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-03-2007 - 14-30-05.SBU=]{628C222D-DDDD-4BDB-B75A-79B7DAC46154} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-03-2007 - 14-30-05.SBU=]{B4FE5A70-081F-44B7-AB9F-057880C82C51} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-03-2007 - 14-30-05.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{32576699-DDF8-4944-A37F-AEA1AA4A7A62} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{3F5401C1-08F7-4DE2-88FB-A2AB959B9845} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{5BB36E46-542C-41F6-8E6D-094C013124D6} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{72F528BB-FFA1-44BD-BBF4-876F4CDA5848} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{7572F618-EA04-4341-A986-0774AE11AEEC} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{837F22FE-872C-4B5C-B0E3-1417F6112E5D} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{84D782C0-4A70-4031-A27E-F212F0B3781D} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{A6656C5C-11FE-46D7-8339-C4CC6889DEFE} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]{D79FE34F-CC88-4A97-91D3-80A4B9F2245B} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-18-2007 - 13-08-14.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-27-2007 - 10-52-35.SBU=]backup.db Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]{0481432C-74C0-45AA-85F9-CADF7501954A} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]{1F735E77-1381-48E9-B19C-F248AF19DFB6} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]{494FC18B-929F-42F3-B235-F50F04B5F44D} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]{A7475081-5277-4201-B0F0-B76F90239D83} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]{C66004AF-F547-4057-BB08-3EA5599263BD} Password-Protected Items No action was possible


    D:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$RGUQGJE\Backup files 1.zip=]C\Users\Ricky\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-01-2007 - 12-32-51.SBU=]backup.db Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]agntcons.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]agntlang.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]comctl.lpk Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]config.ini Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]pbar.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]UnInsStr.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]uninst.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001004\Apps\MSC\msclgmis.cab=]screm.ui=]uninstall.htm Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]agntcons.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]agntlang.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]comctl.lpk Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]config.ini Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]pbar.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]UnInsStr.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]uninst.vbs Password-Protected Items No action was possible


    D:\i386\Apps\App001886\Apps\MSC\msclgmis.cab=]screm.ui=]uninstall.htm Password-Protected Items No action was possible


    Resolved issues:Object Name Threat Name Final Status


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]Jumper/jumper.exe Application.Demo.Leaktest.H Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]PCFlank/pcflank.exe Application.Demo.Leaktest.I Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]AWFT/setup.exe Application.Demo.Leaktest.J Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]DNStester/dnstester.exe Application.Demo.Leaktest.J Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$ROMOM9N.zip=]AWFT/setup.exe Application.Demo.Leaktest.J Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]Surfer/surfer.exe Application.Demo.Leaktest.M Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]CPIL/cpil.exe Application.Demo.Leaktest.O Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]TooLeaky/tooleaky.exe Application.Leaktest.A Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]pcAudit2/pcaudit2.exe Application.Pcaudit.I Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]pcAudit/pcaudit.exe Application.Spyware.Pcinetpatrol.AN Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]YALTA/Yalta.exe Application.Yalta.B Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]DNStest/dnstest.exe BehavesLike:Win32.ExplorerHijack Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]Thermite/thermite.exe BehavesLike:Win32.ExplorerHijack Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]Breakout/breakout-mz.exe Trojan.Agent.OC Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]Breakout2/breakout-wp.exe Trojan.Agent.OC Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]Breakout/breakout-ie.exe Trojan.Clicker.Small.IP Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]Ghost/Ghost.exe Trojan.Exploit.Ghost.B Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]FireHole/firehole.exe Trojan.FireHole.1.0.1 Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]ZAbypass/zabypass.exe Trojan.Hacktool.Fwbypass.A Deleted


    C:\$RECYCLE.BIN\S-1-5-21-3145862903-2119528392-1372316911-1001\$R8BVHOK.zip=]CopyCat/copycat.exe Virtool.Breaker.SN Deleted


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 10:59:08 AM, on 12/22/2007


    Platform: Windows Vista (WinNT 6.00.1904)


    MSIE: Internet Explorer v7.00 (7.00.6000.16575)


    Boot mode: Normal


    Running processes:


    C:\Windows\system32\taskeng.exe


    C:\Windows\system32\Dwm.exe


    C:\Windows\Explorer.EXE


    C:\Windows\RtHDVCpl.exe


    C:\Windows\zHotkey.exe


    C:\Windows\ModPS2Key.exe


    C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe


    C:\Windows\GWHotKey.exe


    C:\Program Files\Comodo\CBOClean\BOC425.EXE


    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe


    C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe


    C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe


    C:\Program Files\Windows Sidebar\sidebar.exe


    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


    C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


    C:\Program Files\Desktop Alert\desktopalert_2966922.exe


    C:\Program Files\Trillian\trillian.exe


    C:\Program Files\Windows Sidebar\sidebar.exe


    C:\Program Files\Mozilla Firefox\firefox.exe


    C:\Program Files\Internet Explorer\IEUser.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5472


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5472


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GM5472


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;192.168.0.*;<local>


    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll


    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll


    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe


    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe


    O4 - HKLM\..\Run: [showWnd] ShowWnd.exe


    O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe


    O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe


    O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot


    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"


    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"


    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe


    O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe


    O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"


    O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"


    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash


    O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"


    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun


    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')


    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')


    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')


    O4 - Startup: Desktop Alert.lnk = C:\Program Files\Desktop Alert\desktopalert_2966922.exe


    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe


    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present


    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe


    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL


    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


    O13 - Gopher Prefix:


    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB


    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab


    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab


    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab


    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab


    O16 - DPF: {88650482-3892-11D5-8997-00104BD12D94} - http://support.gateway.com/support/profiler/PCPitStop.CAB


    O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab


    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab


    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll


    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe


    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe


    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe


    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    --


    End of file - 9549 bytes

  • alexcrist
    alexcrist

    About the reported files: I talked to TechSupport today. They said that these reports should have been removed after the yesterday's Product Update. However, they weren't removed, so they will have to double-check it.


    You cannot do anything to remove those files, because it is the way SUPERAntiSpyware keeps it's Quarantine. Also, you may find other similar alerts in other applications that use the same method to protect it's files. The only thing you can do is wait for the next update which, hopefully, will remove these alerts.


    About the other issue...I don't know what could have caused it. In Windows XP, the fix was simple, but I don't know how it is in Vista. I'll check and get back to you.


    But first of all, we need to know if it is safe to fix it. What happens when you choose other options? Does it loa the same OS, or something else?


    Cris.

  • rick24
    rick24
    About the reported files: I talked to TechSupport today. They said that these reports should have been removed after the yesterday's Product Update. However, they weren't removed, so they will have to double-check it.


    You cannot do anything to remove those files, because it is the way SUPERAntiSpyware keeps it's Quarantine. Also, you may find other similar alerts in other applications that use the same method to protect it's files. The only thing you can do is wait for the next update which, hopefully, will remove these alerts.


    About the other issue...I don't know what could have caused it. In Windows XP, the fix was simple, but I don't know how it is in Vista. I'll check and get back to you.


    But first of all, we need to know if it is safe to fix it. What happens when you choose other options? Does it loa the same OS, or something else?


    Cris.


    Thanks for explaining to me about the update Bitdefender has planned. I feel that will benefit the average user such as myself. I kinda go into a little panic when something shows up. I don't want to see anything there. :) That is a great plan for a update to what is already a good product.


    I am not sure what would happen if I choose a diffent action upon startup. With all the issues I have going on right now I was not comfortable in trying any of them. I will try to write down the options I have. I will reboot and post back with those options.


    Now I am wondering why I got these infections in the first place. I use Firefox as my main browser. I rarely open IE7 at all. So the question becomes how did they get in? Do I not have Bitdefender locked down tight enough? You can see all the other programs I have running in my Hijackthis log as well. I thought I was good to go. I have spywareblaster, superantispyware, spybot, ccleaner, and PcPitsop for a checkup. So how to I tighten down Bitdefender to make it a fortress?

  • rick24
    rick24
    Thanks for explaining to me about the update Bitdefender has planned. I feel that will benefit the average user such as myself. I kinda go into a little panic when something shows up. I don't want to see anything there. :) That is a great plan for a update to what is already a good product.


    I am not sure what would happen if I choose a different action upon startup. With all the issues I have going on right now I was not comfortable in trying any of them. I will try to write down the options I have. I will reboot and post back with those options.


    Now I am wondering why I got these infections in the first place. I use Firefox as my main browser. I rarely open IE7 at all. So the question becomes how did they get in? Do I not have Bitdefender locked down tight enough? You can see all the other programs I have running in my Hijackthis log as well. I thought I was good to go. I have spywareblaster, superantispyware, spybot, ccleaner, and PcPitsop for a checkup. So how to I tighten down Bitdefender to make it a fortress without making surfing a headache with all the prompts I may get?


    Ok here are the options I have. As I said it has the appearance of Safe Mode. Black and you have to use the arrow keys to make your choice.


    Recovery Manager


    Microsoft Windows Vista


    Earlier Version of Windows


    To specify an advanced option press F8


    Those are the options. Now I have no idea why the option for "Earlier Version of Windows" is in there at all. I bought this machine at Best Buy with Vista installed. I have never had any other OS other than Vista. I always choose Microsoft Windows Vista. the only time I know of that Recovery Manager was used was when I was chatting with Gateway, my computer manufacture. He took control of my machine and did some things. He used the Gateway Recovery Program to make those changes.


    It does seem to start up just fine after making that choice. It just was never there before and now, for a week or so, it is always there. Just annoying.


    Thank you for helping me. I appreciate your time and advise.

  • alexcrist
    alexcrist

    Hello rick24,


    I don't yet have an answer for you about the above issue.


    But I wanted to say sorry for the big delay. I was gone for a few days, but I didn't forget about this topic. I'll try, in the next days, to find a solution. :)


    If you fixed it, please let me know (and also, please post the solution :) ).


    Cris.

  • rick24
    rick24
    Hello rick24,


    I don't yet have an answer for you about the above issue.


    But I wanted to say sorry for the big delay. I was gone for a few days, but I didn't forget about this topic. I'll try, in the next days, to find a solution. :)


    If you fixed it, please let me know (and also, please post the solution :) ).


    Cris.


    Thanks for checking back in with my issue Cris. Nothing has changed with my issue.

All Time Leaders

Categories

Defenders of the month