registry

Discussion in 'Malware Help (A Specialist Will Reply)' started by jaz123, Apr 30, 2006.

  1. jaz123

    jaz123 Private E-2

    How do I delete the following registry entries
    they are from - cool web search or surf side kick bho -

    I have following spyware installed,

    Ad-Aware SE 1.06
    CWShredder 2.19.
    SpywareBlaster 3.5.1
    SpyBot Search & Destroy 1.4

    when runing spybot the following 2 two registry items will not delete.


    Hkey_local_machine\system\controlset001\service\cmd service
    Hkey_local_machine\system\currentcontrolset\service\cmd service
     
    jaz123, Apr 30, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    I believe you mean cmdservice without the space!
    Also it is services not service! You must make sure that you always give correct information!! Attaching the logs from the tools that found it would be the safest things to do.

    This problem often has multiple other registry keys involved and Spybot does not always find all of them. Also it sometime includes a running NT service that must be removed. I will give you a quick registry patch for just the two keys you mentioned however this normally will not work due to other issues.

    Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.
    If the above does not work, you really should run our full cleaning procedure and attach the requested logs. I will give the steps below. You may also want to read the below thread:

    http://forums.majorgeeks.com/showthread.php?t=86695

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
    chaslang, May 1, 2006
    #2
  3. jaz123

    jaz123 Private E-2

    Thanks chaslang

    Will try this.
     
    jaz123, May 1, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! Let us know the results.
     
    chaslang, May 1, 2006
    #4
  5. jaz123

    jaz123 Private E-2

    Sorry for delay problem with ISP

    Hijackthis log file


    EDIT: attached inline HJT log
     
    Last edited by a moderator: May 7, 2006
    jaz123, May 7, 2006
    #5
  6. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    I have attached your log as per the guide, BUT I would advise that you re-read the guide and follow the steps outlined as they are very specific in the steps to be taken to sucessfully remove any malware you have.

    plus you have missed some of the logs that the Malware specialists will need.
     
    DavidGP, May 7, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Looks like Halo forgot to attach your inline HJT log; however, you need to follow all the steps I gave you. There is a whole lot to be done before getting to a HijackThis log. HJT is the last in the procedure and the two online scanner logs from step 6 must be ATTACHED prior to using HijackThis.

    Also you gave no information on any of the steps I asked you to run. Did they fix your problems, does Spybot still show the same problem?
     
    chaslang, May 7, 2006
    #7
  8. jaz123

    jaz123 Private E-2

    I have been through "READ & RUN ME FIRST Before Asking for Support"

    Below are all the log files:

    BitDefender Online Scanner
    Scan report generated at: Mon, May 08, 2006 - 14:52:57
    Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;
    Statistics
    Time
    01:15:10
    Files
    537333
    Folders
    2296
    Boot Sectors
    6
    Archives
    3444
    Packed Files
    75059
    Results
    Identified Viruses
    3
    Infected Files
    3
    Suspect Files
    0
    Warnings
    0
    Disinfected
    0
    Deleted Files
    3
    Engines Info
    Virus Definitions
    373721
    Engine build
    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
    Scan plugins
    13
    Archive plugins
    39
    Unpack plugins
    4
    E-mail plugins
    6
    System plugins
    1
    Scan Settings
    First Action
    Disinfect
    Second Action
    Delete
    Heuristics
    Yes
    Enable Warnings
    Yes
    Scanned Extensions
    *;
    Exclude Extensions
    Scan Emails
    Yes
    Scan Archives
    Yes
    Scan Packed
    Yes
    Scan Files
    Yes
    Scan Boot
    Yes
    Scanned File
    Status
    E:\SAJ Files\My Webs\thefast.exe=>wise0018
    Detected with: Application.Adware.NewDotNet.Dropper
    E:\SAJ Files\My Webs\thefast.exe=>wise0018
    Deleted
    E:\SAJ Files\My Webs\thefast.exe
    Update failed
    E:\SAJ Files\Sanj backups\iMeshV3.exe=>wise0026=>(ZIP Sfx s)=>cd_htm.dll
    Detected with: Adware.CyDoor
    E:\SAJ Files\Sanj backups\iMeshV3.exe=>wise0026=>(ZIP Sfx s)=>cd_htm.dll
    Disinfection failed
    E:\SAJ Files\Sanj backups\iMeshV3.exe=>wise0026=>(ZIP Sfx s)=>cd_htm.dll
    Deleted
    E:\SAJ Files\Sanj backups\iMeshV3.exe=>wise0026=>(ZIP Sfx s)
    Updated
    E:\SAJ Files\Sanj backups\iMeshV3.exe=>wise0026
    Update failed
    F:\_Restore\EXTRACT\A0076046.CPY=>wise0019=>(ZIP Sfx s)=>cd_htm.dll
    Detected with: Adware.CyDoor
    F:\_Restore\EXTRACT\A0076046.CPY=>wise0019=>(ZIP Sfx s)=>cd_htm.dll
    Disinfection failed
    F:\_Restore\EXTRACT\A0076046.CPY=>wise0019=>(ZIP Sfx s)=>cd_htm.dll
    Deleted
    F:\_Restore\EXTRACT\A0076046.CPY=>wise0019=>(ZIP Sfx s)
    Updated
    F:\_Restore\EXTRACT\A0076046.CPY=>wise0019
    Update failed

    ---------------------------------

    CLEANING COMPLETE - (13.378 secs)
    ------------------------------------------------------------------------------------------
    350.2MB removed.
    ------------------------------------------------------------------------------------------

    Details of files deleted
    ------------------------------------------------------------------------------------------
    IE Temporary Internet Files (1818 files) 21.0MB
    Cookie:j sidhu@kmpads.com/(&H100001) 582 bytes
    Cookie:j sidhu@www.google.com/accounts(&H100001) 241 bytes
    Cookie:j sidhu@microsoft.com/(&H100001) 264 bytes
    Cookie:j sidhu@ad.uk.tangozebra.com/a(&H100001) 94 bytes
    Cookie:j sidhu@majorgeeks.com/(&H100001) 81 bytes
    Cookie:j sidhu@ccleaner.com/(&H100001) 337 bytes
    Cookie:j sidhu@rn11.com/(&H100001) 273 bytes
    Cookie:j sidhu@carphonewarehouse.com/(&H100001) 125 bytes
    Cookie:j sidhu@dist.belnk.com/(&H100001) 189 bytes
    Cookie:j sidhu@office.microsoft.com/(&H100001) 372 bytes
    Cookie:j sidhu@www.download.com/(&H100001) 112 bytes
    Cookie:j sidhu@www.speedguide.net/(&H100001) 96 bytes
    Cookie:j sidhu@forums.majorgeeks.com/(&H100001) 375 bytes
    Cookie:j sidhu@serviceswitching.metaservices.microsoft.com/serviceswitching/(&H100001) 150 bytes
    Cookie:j sidhu@burstnet.com/(&H100001) 148 bytes
    Cookie:j sidhu@www.carphonewarehouse.com/(&H100001) 467 bytes
    Cookie:j sidhu@m.webtrends.com/(&H100001) 181 bytes
    Cookie:j sidhu@errorsafe.com/(&H100001) 143 bytes
    Cookie:j sidhu@ad.yieldmanager.com/(&H100001) 488 bytes
    Cookie:j sidhu@www.errorsafe.com/(&H100001) 303 bytes
    Cookie:j sidhu@casino.com/(&H100001) 366 bytes
    Cookie:j sidhu@revsci.net/(&H100001) 412 bytes
    Cookie:j sidhu@yahoo.com/(&H100001) 157 bytes
    Cookie:j sidhu@download.com/(&H100001) 94 bytes
    Cookie:j sidhu@roportal.ro/(&H100001) 361 bytes
    Cookie:j sidhu@stats1.reliablestats.com/(&H100001) 546 bytes
    Cookie:j sidhu@com.com/(&H100001) 162 bytes
    Cookie:j sidhu@belnk.com/(&H100001) 94 bytes
    Cookie:j sidhu@ebayobjects.com/(&H100001) 95 bytes
    Cookie:j sidhu@www.majorgeeks.com/(&H100001) 84 bytes
    Cookie:j sidhu@speedguide.net/(&H100001) 166 bytes
    Cookie:j sidhu@www.utarget.co.uk/(&H100001) 181 bytes
    Cookie:j sidhu@www.xctrk.com/(&H100001) 302 bytes
    Cookie:j sidhu@adopt.hbmediapro.com/(&H100001) 447 bytes
    Cookie:j sidhu@www.casino.com/(&H100001) 145 bytes
    C:\Documents and Settings\J Sidhu\Local Settings\History\History.IE5\desktop.ini 113 bytes
    Marked for deletion: C:\Documents and Settings\J Sidhu\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    Marked for deletion: C:\Documents and Settings\J Sidhu\Cookies\index.dat
    Marked for deletion: C:\Documents and Settings\J Sidhu\Local Settings\History\History.IE5\index.dat
    C:\WINDOWS\TEMP\History\History.IE5\index.dat 16.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\2E41C.dmp 0 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\48c01.mst 61.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\8A56EAB7.TMP 122 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\alert-bk.jpg 7.82KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\alert-content.html 598 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\app-policy.jpg 1.42KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\avg7inst.log 0.23MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\AVRES_OPTRF_LiveUpdate.dat 124 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\Cookies\index.dat 16.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm1.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm122.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm123.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm196.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm197.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm2.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm23.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm48.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm4D.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm54.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm5A.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm5B.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm5C.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm5D.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm5E.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm5F.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm60.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm61.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm62.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm63.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm64.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm65.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm66.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm67.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm68.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm69.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm6A.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm6B.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm6C.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm6D.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm6E.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm6F.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm70.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm71.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm72.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm73.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm74.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm75.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm76.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm77.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnm78.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnmA3.tmp 8.70MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\fnmA4.tmp 5.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\GLB60.tmp 70.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\GLC61.tmp 0.15MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\GLF63.tmp 0 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\History\History.IE5\desktop.ini 113 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\History\History.IE5\index.dat 48.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\icm-rgt\default.jpg 52.82KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\icm-rgt\icm.html 727 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\icm-rgt\icm.html.nxt.html 727 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\icm-upg\check.gif 442 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\icm-upg\icm.html 3.11KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\icm-upg\icm.html.nxt.html 3.11KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\IDSinst.LOG 1.46KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\IEC102.tmp 0.33MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\isA.tmp 0 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\isDel.bat 169 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\LSInstall.log 3.14KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\MSI1E.tmp 80.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\Norton Internet Security 4-28-2006 15h36m22s.log 3.68MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\Norton SystemWorks 2005 Premier 4-28-2006 15h53m29s.log 5.48MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\ar5523.bin 0.14MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\data1.cab 0.45MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\data1.hdr 23.54KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\data2.cab 3.61MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\detect2k.exe 28.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\detectxp.exe 28.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\ikernel.ex_ 0.33MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\layout.bin 499 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\Setup.exe 53.50KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\Setup.ini 115 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\Setup.inx 0.15MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\pft73~tmp\Disk1\wpn1119x.bin 0.14MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\plf71.tmp 4.42KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\protection-status.jpg 4.21KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\SB-CLSID-cache.dat 5.27KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\scan-status.jpg 4.82KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\setb0.tmp 0.29MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\setb1.tmp 0.22MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\setb2.tmp 0.14MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\setb3.tmp 2.01MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\SNDunin.log 2.80KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\SNDUpdater54U.log 0.34MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\SSALiveUpdate.dat 124 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\status-applink.html 824 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\status-content.html 2.46KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\status-excl.jpg 1.85KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\status-ok.jpg 2.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\status-space.jpg 320 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\symcprop.dat 35.82KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\SYMEVENT.LOG 9.49KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\SymSCLiveUpdate.dat 316 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat 32.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\MBSV2X6V\desktop.ini 67 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UV8XSHCV\desktop.ini 67 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\X0HWDU26\desktop.ini 67 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\YZ134ZLD\desktop.ini 67 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\topbar-left-std.jpg 330 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\updates-status.jpg 4.76KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\upgrade-status.jpg 4.71KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\WER3.tmp 0 bytes
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\WER3.tmp.dir00\appcompat.txt 15.95KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Acrobat.bmp 31.52KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\AdobeIns.ini 6.11KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\BBrd1.BMP 0.12MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\BrwsrPI.dll 52.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\FileGrp\nppdf32.dll 100.92KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\IccTest.dll 0.12MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\License.txt 21.99KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Permission.dll 96.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ShFolder.Exe 0.11MB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\value.shl 5.41KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\~DF62AE.tmp 32.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\~DF69FC.tmp 16.00KB
    C:\DOCUME~1\JSIDHU~1\LOCALS~1\Temp\~DFB989.tmp 32.00KB
    C:\WINDOWS\system32\wbem\Logs\FrameWork.log 10.03KB
    C:\WINDOWS\system32\wbem\Logs\mofcomp.log 10.72KB
    C:\WINDOWS\system32\wbem\Logs\replog.log 400 bytes
    C:\WINDOWS\system32\wbem\Logs\setup.log 5.09KB
    C:\WINDOWS\system32\wbem\Logs\wbemcore.log 119 bytes
    C:\WINDOWS\system32\wbem\Logs\wbemess.log 13.27KB
    C:\WINDOWS\system32\wbem\Logs\wbemprox.log 2.23KB
    C:\WINDOWS\system32\wbem\Logs\WinMgmt.log 1.09KB
    C:\WINDOWS\system32\wbem\Logs\wmiadap.log 1.11KB
    C:\WINDOWS\system32\wbem\Logs\wmiprov.log 27.81KB
    C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64.08KB
    C:\WINDOWS\0.log 0 bytes
    C:\WINDOWS\cmsetacl.log 200 bytes
    C:\WINDOWS\comsetup.log 0.14MB
    C:\WINDOWS\Dir.log 583 bytes
    C:\WINDOWS\DirectX.log 73.09KB
    C:\WINDOWS\DtcInstall.log 360 bytes
    C:\WINDOWS\FaxSetup.log 0.37MB
    C:\WINDOWS\iis6.log 58.22KB
    C:\WINDOWS\imsins.log 1.32KB
    C:\WINDOWS\KB823559.log 25.07KB
    C:\WINDOWS\KB828741.log 34.86KB
    C:\WINDOWS\KB833407.log 24.09KB
    C:\WINDOWS\KB834707-IE6-20040929.115007.log 19.24KB
    C:\WINDOWS\KB835732.log 31.87KB
    C:\WINDOWS\KB842773.log 5.66KB
    C:\WINDOWS\KB873339.log 26.47KB
    C:\WINDOWS\KB885250.log 29.12KB
    C:\WINDOWS\KB885835.log 29.28KB
    C:\WINDOWS\KB885836.log 28.33KB
    C:\WINDOWS\KB886185.log 12.28KB
    C:\WINDOWS\KB887472.log 25.60KB
    C:\WINDOWS\KB887742.log 26.18KB
    C:\WINDOWS\KB888113.log 25.65KB
    C:\WINDOWS\KB888302.log 17.89KB
    C:\WINDOWS\KB890046.log 19.81KB
    C:\WINDOWS\KB890859.log 16.56KB
    C:\WINDOWS\KB891781.log 25.13KB
    C:\WINDOWS\KB893756.log 29.13KB
    C:\WINDOWS\KB893803v2.log 5.45KB
    C:\WINDOWS\KB894391.log 16.60KB
    C:\WINDOWS\KB896358.log 26.59KB
    C:\WINDOWS\KB896422.log 29.52KB
    C:\WINDOWS\KB896423.log 26.04KB
    C:\WINDOWS\KB896424.log 29.21KB
    C:\WINDOWS\KB896428.log 16.03KB
    C:\WINDOWS\KB898461.log 6.64KB
    C:\WINDOWS\KB899587.log 30.37KB
    C:\WINDOWS\KB899591.log 29.02KB
    C:\WINDOWS\KB900485.log 28.30KB
    C:\WINDOWS\KB900725.log 19.70KB
    C:\WINDOWS\KB901017.log 28.71KB
    C:\WINDOWS\KB901214.log 18.51KB
    C:\WINDOWS\KB902400.log 27.56KB
    C:\WINDOWS\KB904706.log 17.11KB
    C:\WINDOWS\KB905414.log 19.56KB
    C:\WINDOWS\KB905749.log 17.21KB
    C:\WINDOWS\KB908519.log 14.45KB
    C:\WINDOWS\KB908531.log 17.62KB
    C:\WINDOWS\KB910437.log 21.35KB
    C:\WINDOWS\KB911562.log 28.17KB
    C:\WINDOWS\KB911564.log 17.80KB
    C:\WINDOWS\KB911565.log 8.60KB
    C:\WINDOWS\KB911567.log 16.50KB
    C:\WINDOWS\KB911927.log 29.20KB
    C:\WINDOWS\KB912812.log 28.90KB
    C:\WINDOWS\KB912919.log 17.89KB
    C:\WINDOWS\KB913446.log 10.76KB
    C:\WINDOWS\msgsocm.log 19.43KB
    C:\WINDOWS\ntdtcsetup.log 83.45KB
    C:\WINDOWS\ocgen.log 0.18MB
    C:\WINDOWS\ocmsn.log 19.58KB
    C:\WINDOWS\Q323255.log 1.84KB
    C:\WINDOWS\Q329048.log 20.56KB
    C:\WINDOWS\Q329115.log 2.29KB
    C:\WINDOWS\Q329170.log 7.08KB
    C:\WINDOWS\Q329390.log 1.94KB
    C:\WINDOWS\Q329441.log 10.39KB
    C:\WINDOWS\Q329834.log 20.91KB
    C:\WINDOWS\Q810577.log 17.21KB
    C:\WINDOWS\Q810833.log 14.24KB
    C:\WINDOWS\Q811630.log 11.40KB
    C:\WINDOWS\Q817606.log 10.09KB
    C:\WINDOWS\regopt.log 2.10KB
    C:\WINDOWS\sessmgr.setup.log 1.25KB
    C:\WINDOWS\setupact.log 0.16MB
    C:\WINDOWS\setupapi.log 0.86MB
    C:\WINDOWS\setuperr.log 0 bytes
    C:\WINDOWS\spupdsvc.log 29.56KB
    C:\WINDOWS\Sti_Trace.log 0 bytes
    C:\WINDOWS\svcpack.log 0.40MB
    C:\WINDOWS\SYMEVENT.LOG 7.64KB
    C:\WINDOWS\tsoc.log 0.15MB
    C:\WINDOWS\updspapi.log 13.60KB
    C:\WINDOWS\vminst.log 2.03KB
    C:\WINDOWS\wiadebug.log 806 bytes
    C:\WINDOWS\wiaservc.log 47 bytes
    C:\WINDOWS\Windows Update.log 478 bytes
    C:\WINDOWS\WindowsUpdate.log 1.61MB
    C:\WINDOWS\wmsetup.log 43.93KB
    C:\WINDOWS\wmsetup10.log 234 bytes
    C:\WINDOWS\xpsp1hfm.log 27.30KB
    C:\WINDOWS\imsins.BAK 1.32KB
    C:\WINDOWS\{00000000-00000000-0000000F-00001102-00000004-00531102}.BAK 3.60MB
    C:\WINDOWS\ntbtlog.txt 0.21MB
    C:\WINDOWS\OEWABLog.txt 1.48KB
    C:\WINDOWS\setuplog.txt 0.69MB
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 0.50MB
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 48.37KB
    C:\WINDOWS\Debug\blastcln.log 1.04KB
    C:\WINDOWS\Debug\DCPROMO.LOG 4.58KB
    C:\WINDOWS\Debug\mrt.log 6.61KB
    C:\WINDOWS\Debug\NetSetup.LOG 2.40KB
    C:\WINDOWS\SchedLgU.Txt 20.18KB
    C:\WINDOWS\security\logs\backup.log 2.87KB
    C:\WINDOWS\security\logs\SceRoot.log 590 bytes
    C:\WINDOWS\security\logs\scesetup.log 0.11MB
    C:\WINDOWS\security\logs\update.log 7.02KB
    C:\WINDOWS\security\logs\scecomp.old 326 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Microsoft\Office\Recent\Desktop.ini 95 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Microsoft\Office\Recent\Dump.LNK 783 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Microsoft\Office\Recent\http.doc.LNK 874 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Microsoft\Office\Recent\http.LNK 874 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Microsoft\Office\Recent\https.doc.LNK 879 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Microsoft\Office\Recent\https.LNK 781 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Microsoft\Office\Recent\index.dat 150 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Microsoft\Office\Recent\JS.LNK 685 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Microsoft\Office\Recent\New Folder.LNK 827 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Microsoft\Office\Recent\surfsidekick.LNK 962 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Microsoft\Office\Recent\Why is.LNK 886 bytes
    C:\Documents and Settings\J Sidhu\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060302-1246.log 365 bytes
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060302-1247.log 544 bytes
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060302-1247.txt 3.19KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060302-1406.log 2.33KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060302-1412.txt 5.26KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060302-1418.log 1.06KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060302-1424.txt 2.83KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060302-1642.log 1.17KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060302-1651.txt 3.05KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060430-1309.log 809 bytes
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060430-1317.txt 2.28KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060430-1336.log 353 bytes
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060430-1343.txt 1.20KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060430-1345.log 409 bytes
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060430-1356.txt 1.31KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060505-1407.log 191 bytes
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060505-1407.txt 978 bytes
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060505-1504.log 559 bytes
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060505-1510.txt 1.62KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060506-1141.log 409 bytes
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060506-1150.txt 1.31KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060302-1247.txt 2.19KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060302-1413.txt 5.06KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060302-1424.txt 2.77KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060302-1651.txt 2.98KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060430-1317.txt 2.23KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060430-1343.txt 1.20KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060430-1356.txt 1.31KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060505-1521.txt 1.60KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060506-1151.txt 1.31KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Update downloads.log 4.48KB
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini 1.07KB
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref.old 0.53MB
    C:\Documents and Settings\J Sidhu\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-03-02 12-25-32.txt 73.84KB
    C:\Documents and Settings\J Sidhu\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-03-02 12-35-47.txt 33.78KB
    C:\Documents and Settings\J Sidhu\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-03-02 13-59-41.txt 31.83KB
    C:\Documents and Settings\J Sidhu\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-04-29 11-52-56.txt 23.77KB
    C:\Documents and Settings\J Sidhu\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-04-30 13-08-57.txt 18.97KB
    -----------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 15:19:51, on 08/05/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\progra~1\softwin\bitdef~1\bdnagent.exe
    C:\progra~1\softwin\bitdef~1\bdswitch.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    c:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141295026154
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141295017279
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    -------------------------------------------
    I still have the keys below in my registry, but they are not picked up by Spybot SD anymore.

    Hkey_local_machine\system\controlset001\service\cmdservice
    Hkey_local_machine\system\currentcontrolset\service\cmdservice
     
    jaz123, May 8, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read the instructions again!! NO logs are to be posted inline. ALL logs must be attachments to messages.

    We do not want or need a log from Ccleaner but we do request a log from PandaActiveScan in step 6 which you have not run. Please run Panda and attach the requested log.

    Did you use the registry patch that I gave to you? Did it say it was successfully added to the registry?
     
    chaslang, May 8, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds