Search engine redirect and system tray icons not reappearing

msmall10 · Jan 8, 2011

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\matt small\Program Files\DNA\btdna.exe" [2009-11-07 323392]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-01 2397424]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-11 6703648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-27 1862144]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-11-25 1287120]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2010-05-05 77824]

c:\users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-7-18 576000]
MLB.TV NexDef Plug-in.lnk - c:\users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2010-5-13 802960]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-1-7 634880]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-5 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-13 800032]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-27 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
PHOTOfunSTUDIO 5.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-5-17 172544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-16 721904]
R1 SABKUTIL;SABKUTIL; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e2c2e102d9f;Google Update Service (gupdate1c9e2c2e102d9f);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
R2 TS_TFTP;TS TFTP;c:\program files\AnywhereTS\srv\srvstart.exe [2007-10-29 36864]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-06-19 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-19 29472]
R3 CFcatchme;CFcatchme;c:\users\MATTSM~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 218592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2008-09-25 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 MCEBuddy;MCEBuddy Service;c:\program files\Tyrell\MCEBuddy\MCEBuddySvc.exe [2010-01-24 20480]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2010-11-10 20704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 102448]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = https://secure.logmein.com/login.asp
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: webattend.com
Trusted Zone: webtrain.com
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} - hxxp://www.webattend.com/components/wt0523.cab
DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=cce877c8fbf127563&browserVersion=8.0
FF - ProfilePath - c:\users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\
FF - prefs.js: browser.startup.homepage - hxxp://facebook.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Personas Interactive: btpersonas@brandthunder.com - %profile%\extensions\btpersonas@brandthunder.com
FF - Ext: Fast Youtube Downloader: fastYoutubeDownloader@yevgenyandrov.net - %profile%\extensions\fastYoutubeDownloader@yevgenyandrov.net
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: MileWideBack: {dc0fa13c-3dae-73eb-e852-912722c852f9} - %profile%\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\matt small\AppData\Roaming\Move Networks
.
.
Completion time: 2011-01-08 00:50:30
ComboFix-quarantined-files.txt 2011-01-08 05:50
ComboFix2.txt 2011-01-07 16:29
ComboFix3.txt 2011-01-07 05:20
ComboFix4.txt 2011-01-06 17:18
ComboFix5.txt 2011-01-08 04:52

Pre-Run: 106,804,486,144 bytes free
Post-Run: 106,752,741,376 bytes free

- - End Of File - - 3599B66D661EB0D1E433A16A905FFC99

crunchie · Jan 8, 2011

Good. How are things now?

msmall10 · Jan 8, 2011

Everything seems to be working. Haven't had any problems yet. Thanks for all the help.

crunchie · Jan 8, 2011

No worries .

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

msmall10 · Jan 9, 2011

I'm still having some explorer.exe problems. The windows flicker and i can't click anything until its done. And then sometimes it stops responding and the exe has to restart.

crunchie · Jan 9, 2011

Do you have your Windows 7 CD?
Try running sfc /scannow as per these instructions;

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Let me know if there is an improvement.

msmall10 · Jan 9, 2011

It says "Windows Resource Protection did not find any integrity violations."

crunchie · Jan 9, 2011

Ok. Lets just run an on-line scan to see if there are any left-overs.

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

msmall10 · Jan 9, 2011

i can't run that site. it says the update is failing and the license is expired.

crunchie · Jan 9, 2011

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

You will need to use Internet Explorer to complete this scan.

You will need to temporarily Disable your current Anti-virus program.

Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.

When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Panda Active Scan
• Trend Micro HouseCall
• F-Secure Online Virus Scanner

msmall10 · Jan 10, 2011

C:\Documents and Settings\matt small\Documents\anywherets_installer\setup.EXE a variant of Win32/TFTPD32.B application
C:\Program Files\AnywhereTS\srv\tftpd32.exe a variant of Win32/TFTPD32.B application
C:\Users\matt small\Documents\anywherets_installer\setup.EXE a variant of Win32/TFTPD32.B application
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\ehep0.jar a variant of Java/TrojanDownloader.Agent.NAL trojan
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# plugin-container.exe=1.9.2.13
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=eb83c9ce817ac54ab89fa3e4d56f56ec
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-05 09:54:19
# local_time=2011-01-05 04:54:19 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 3726552 45740588 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=393459
# found=12
# cleaned=0
# scan_time=25463
C:\Documents and Settings\All Users\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\matt small\Downloads\registrybooster(2).exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Programs&Games\Microsoft Office 2010 Activator [KMS Activator] - www.GuruFuel.com.rar a variant of Win32/HackKMS.A application (unable to clean) 00000000000000000000000000000000 I
C:\Programs&Games\Sony Vegas Pro 9 + Crack and KeyGen.rar a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\matt small\Downloads\registrybooster(2).exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\ehep0.jar a variant of Java/TrojanDownloader.Agent.NAL trojan (unable to clean) 00000000000000000000000000000000 I
# version=7
# plugin-container.exe=1.9.2.13
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=eb83c9ce817ac54ab89fa3e4d56f56ec
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-10 10:58:35
# local_time=2011-01-10 05:58:35 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 4162992 46177028 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=410909
# found=4
# cleaned=0
# scan_time=24880
C:\Documents and Settings\matt small\Documents\anywherets_installer\setup.EXE a variant of Win32/TFTPD32.B application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AnywhereTS\srv\tftpd32.exe a variant of Win32/TFTPD32.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\matt small\Documents\anywherets_installer\setup.EXE a variant of Win32/TFTPD32.B application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\ehep0.jar a variant of Java/TrojanDownloader.Agent.NAL trojan (unable to clean) 00000000000000000000000000000000 I

crunchie · Jan 12, 2011

Looks like you have posted two logs there. The 2nd log is the latest.

Are you able to manually delete the files found?
If not, let me know and we will use one of the tools to delete them.

msmall10 · Jan 12, 2011

i deleted the last 4 things. Good so far.

crunchie · Jan 12, 2011

No worries. Just give it a couple of days then let me know how it is.

msmall10 · Jan 14, 2011

the explorer.exe crashed two times today.

crunchie · Jan 14, 2011

Had any other crashes since?

If you have you Windows 7 CD, try the following:

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

msmall10 · Jan 15, 2011

I wasn't on the computer yesterday, so no crashes i know of. I ran the scan, but it came up empty again.

crunchie · Jan 17, 2011

Sorry for the late reply. How is it going?

msmall10 · Jan 22, 2011

Nothing has crashed and it seems to be running fine. thanks again for the help and ill let you know if anything comes up.

crunchie · Jan 22, 2011

Good news .

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

TechSpot

Welcome to TechSpot

Search engine redirect and system tray icons not reappearing

msmall10 Newcomer, in training Posts: 44

crunchie Malware Helper Posts: 761

msmall10 Newcomer, in training Posts: 44

crunchie Malware Helper Posts: 761

msmall10 Newcomer, in training Posts: 44

crunchie Malware Helper Posts: 761

msmall10 Newcomer, in training Posts: 44

crunchie Malware Helper Posts: 761

msmall10 Newcomer, in training Posts: 44

crunchie Malware Helper Posts: 761

msmall10 Newcomer, in training Posts: 44

crunchie Malware Helper Posts: 761

msmall10 Newcomer, in training Posts: 44

crunchie Malware Helper Posts: 761

msmall10 Newcomer, in training Posts: 44

crunchie Malware Helper Posts: 761

msmall10 Newcomer, in training Posts: 44

crunchie Malware Helper Posts: 761

msmall10 Newcomer, in training Posts: 44

crunchie Malware Helper Posts: 761

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.