Jump to content
hyattjon

......\Run\Computer Driver (Backdoor.Bot)

Recommended Posts

Each and every reboot the below is detected and I remove it.

Is it malware, or a false positive?

If it's malware I need advice to remove it permanently please.

I had 'antivirus 2009' and now this is all that's left I think....

***************************

Malwarebytes' Anti-Malware 1.28

Database version: 1209

Windows 6.0.6001 Service Pack 1

27/09/2008 01:05:32

mbam-log-2008-09-27 (01-05-25).txt

Scan type: Quick Scan

Objects scanned: 47118

Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Computer Driver (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301414438586445483634456446343641424738615

24839535634513861467468838084807185615674796980888461368683837079855570838474807

9

6151867993368078818685708301378374877083]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:42:15, on 27/09/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\WirelessMon\WirelessMon.exe

C:\Program Files\WirelessMon\WirelessMon.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\system32\mmc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [Transparent] C:\Program Files\TweakNow WinSecret\Transparent.exe 192 192

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Copy Location - C:\Windows\WEB\graburl.htm

O8 - Extra context menu item: &Document Tree - C:\Windows\web\tree.htm

O8 - Extra context menu item: &Highlight - C:\Windows\WEB\highlight.htm

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: &Links List - C:\Windows\WEB\urllist.htm

O8 - Extra context menu item: &Web Search - C:\Windows\WEB\selsearch.htm

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: I&mages List - C:\Windows\Web\imglist.htm

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O8 - Extra context menu item: Open Frame in &New Window - C:\Windows\WEB\frm2new.htm

O8 - Extra context menu item: View Partial So&urce - C:\Windows\web\source.htm

O8 - Extra context menu item: Zoom &In - C:\Windows\WEB\zoomin.htm

O8 - Extra context menu item: Zoom O&ut - C:\Windows\WEB\zoomout.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\Windows\web\tree.htm

O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\Windows\web\tree.htm

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\Windows\system32\webzone.dll

O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\Windows\system32\webzone.dll

O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\Windows\system32\webzone.dll

O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\Windows\system32\webzone.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\Windows\system32\oline.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10781 bytes

I don't see anything new.

Looking in Services, I appear to have one rogue, file missing, "Crskasiins" (disabled)

Share this post


Link to post
Share on other sites

Computer driver is not listed in your log , I need a log where you have not removed it yet so I can see the target and then have you retrieve the file for me .

Please reboot and then make a new hijackthis log .

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.28

Database version: 1209

Windows 6.0.6001 Service Pack 1

27/09/2008 17:17:58

mbam-log-2008-09-27 (17-17-54).txt

Scan type: Quick Scan

Objects scanned: 46454

Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Computer Driver (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301414438586445483634456446343641424738615

24839535634513861467468838084807185615674796980888461368683837079855570838474807

9

6151867993368078818685708301378374877083]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

**********************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:16:21, on 27/09/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [Transparent] C:\Program Files\TweakNow WinSecret\Transparent.exe 192 192

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Copy Location - C:\Windows\WEB\graburl.htm

O8 - Extra context menu item: &Document Tree - C:\Windows\web\tree.htm

O8 - Extra context menu item: &Highlight - C:\Windows\WEB\highlight.htm

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: &Links List - C:\Windows\WEB\urllist.htm

O8 - Extra context menu item: &Web Search - C:\Windows\WEB\selsearch.htm

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: I&mages List - C:\Windows\Web\imglist.htm

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O8 - Extra context menu item: Open Frame in &New Window - C:\Windows\WEB\frm2new.htm

O8 - Extra context menu item: View Partial So&urce - C:\Windows\web\source.htm

O8 - Extra context menu item: Zoom &In - C:\Windows\WEB\zoomin.htm

O8 - Extra context menu item: Zoom O&ut - C:\Windows\WEB\zoomout.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\Windows\web\tree.htm

O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\Windows\web\tree.htm

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\Windows\system32\webzone.dll

O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\Windows\system32\webzone.dll

O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\Windows\system32\webzone.dll

O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\Windows\system32\webzone.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\Windows\system32\oline.dll

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10683 bytes

****************

OK, I rebooted and I ram MBAM just after Hijack this.....

Share this post


Link to post
Share on other sites

Untill I have this file path sorted I need for you to not run MBAM again .

Please reboot and then download , unzip and run the attached file .

Press ESC to cancel the first run .

Click options and put check marks in the following boxes :

Verify Code Signatures

Hide Signed Microsoft Entries

After this close and relaunch the appication .

Once the scan is finished click file , export and then save the log to your desktop .

Please paste the contents of the log to your next post .

EDIT :

Sorry about the edit , post sent the first time before I had finished .

as.zip

as.zip

Share this post


Link to post
Share on other sites

Your site has almost ground to a halt here....

*********************************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ HSON HotStartOn (Verified) TOSHIBA CORPORATION c:\program files\toshiba\tbs\hson.exe

+ McAfee Backup McAfee Data Backup (Verified) McAfee, Inc. c:\program files\mcafee\mbk\mcafeedatabackup.exe

+ mcagent_exe McAfee Integrated Security Platform (Verified) McAfee, Inc. c:\program files\mcafee.com\agent\mcagent.exe

+ McENUI EasyNetwork User Interface (Verified) McAfee, Inc. c:\program files\mcafee\mhn\mcenui.exe

+ QuickTime Task QuickTime Task (Not verified) Apple Inc. c:\program files\quicktime\qttask.exe

+ StartCCC c:\program files\ati technologies\ati.ace\core-static\clistart.exe

+ TMRUBottedTray (Verified) Trend Micro, Inc. c:\program files\trend micro\rubotted\tmrubottedtray.exe

+ TPwrMain TOSHIBA Power Saver (Verified) TOSHIBA CORPORATION c:\program files\toshiba\power saver\tpwrmain.exe

+ Transparent c:\program files\tweaknow winsecret\transparent.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ SpybotSD TeaTimer System settings protector (Verified) Safer Networking Ltd. c:\program files\spybot - search & destroy\teatimer.exe

+ SUPERAntiSpyware SUPERAntiSpyware Application (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\superantispyware.exe

HKLM\SOFTWARE\Classes\Protocols\Handler

+ siteadvisor SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\siteadv.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ SABShellExecuteHook Class ShellExecuteHook (Not verified) SuperAdBlocker.com c:\program files\superantispyware\sasseh.dll

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers

+ Adobe.Acrobat.ContextMenu Adobe Acrobat Context Menu (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll

+ CuteFTP 8 Professional CuteFTP Shell Integration Module (Not verified) GlobalSCAPE Texas, LP. c:\program files\globalscape\cuteftp 8 professional\cuteshell.dll

+ McCtxMenu McAfee VirusScan - Context Menu (Verified) McAfee, Inc. c:\program files\mcafee\virusscan\mcctxmnu.dll

+ NBShellHook Class Nero BackItUp (Verified) Nero AG c:\program files\nero\nero8\nero backitup\nbshell.dll

+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll

+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll

+ Washer Window Washer Shredding Shell Extension (Verified) Webroot Software, Inc. c:\program files\common files\webroot shared\shellwash.dll

+ WinRAR c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers

+ MBAMShlExt Malwarebytes' Anti-Malware (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\mbamext.dll

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

+ CuteFTP 8 Professional CuteFTP Shell Integration Module (Not verified) GlobalSCAPE Texas, LP. c:\program files\globalscape\cuteftp 8 professional\cuteshell.dll

+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll

+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll

+ Washer Window Washer Shredding Shell Extension (Verified) Webroot Software, Inc. c:\program files\common files\webroot shared\shellwash.dll

+ WinRAR c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers

+ WinRAR c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell Extension PDF Shell Extension (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers

+ Adobe.Acrobat.ContextMenu Adobe Acrobat Context Menu (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll

+ MBAMShlExt Malwarebytes' Anti-Malware (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\mbamext.dll

+ McCtxMenu McAfee VirusScan - Context Menu (Verified) McAfee, Inc. c:\program files\mcafee\virusscan\mcctxmnu.dll

+ NBShellHook Class Nero BackItUp (Verified) Nero AG c:\program files\nero\nero8\nero backitup\nbshell.dll

+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll

+ WinRAR c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers

+ ACE ACE Context Menu c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web Folders c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Adobe.Acrobat.ContextMenu Adobe Acrobat Context Menu (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll

+ Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll

+ NetFerret c:\windows\system32\netferret.dll

+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll

+ UnlockerShellExtension c:\program files\unlocker\unlockercom.dll

+ Window Washer Shredding Utility Window Washer Shredding Shell Extension (Verified) Webroot Software, Inc. c:\program files\common files\webroot shared\shellwash.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Adobe PDF Conversion Toolbar Helper Adobe PDF Toolbar for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll

+ Adobe PDF Link Helper Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll

+ McAfee Phishing Filter McAfee Phishing BHO (Verified) McAfee, Inc. c:\program files\mcafee\msk\mcapbho.dll

+ scriptproxy VSCore Script Scanner (Verified) McAfee, Inc. c:\program files\mcafee\virusscan\scriptsn.dll

+ SmartSelect Class Adobe PDF Toolbar for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll

+ Spybot-S&D IE Protection SBSD IE Protection (Verified) Safer Networking Ltd. c:\program files\spybot - search & destroy\sdhelper.dll

+ SSVHelper Class Java Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_07\bin\ssv.dll

+ {089FD14D-132B-48FC-8861-0048AE113215} SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\siteadv.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ Adobe PDF Adobe PDF Toolbar for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll

+ McAfee SiteAdvisor SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\siteadv.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &Document Tree c:\windows\web\tree.htm

Task Scheduler

+ \McDefragTask QuickClean Console Application (Verified) McAfee, Inc. c:\program files\mcafee\mqc\qcconsol.exe

+ \McQcTask QuickClean Console Application (Verified) McAfee, Inc. c:\program files\mcafee\mqc\qcconsol.exe

+ \WebReg Deskjet F4100 series WebReg application (Verified) Hewlett Packard c:\program files\hp\digital imaging\bin\hpqwrg.exe

HKLM\System\CurrentControlSet\Services

+ ConfigFree Service You can't stop this service, if you want to keep ConfigFree functionality fine. (Not verified) TOSHIBA CORPORATION c:\program files\toshiba\configfree\cfsvcs.exe

+ hpqddsvc This service detects and monitors CUE devices on the system. (Not verified) Hewlett-Packard Co. c:\program files\hp\digital imaging\bin\hpqddsvc.dll

+ MBackMonitor MBackMonitor (Verified) McAfee, Inc. c:\program files\mcafee\mbk\mbackmonitor.exe

+ mcmscsvc McAfee Protection Manager (Verified) McAfee, Inc. c:\program files\mcafee\msc\mcmscsvc.exe

+ McNASvc Allows McAfee applications to communicate securely on the local network. (Verified) McAfee, Inc. c:\program files\common files\mcafee\mna\mcnasvc.exe

+ McProxy McAfee Proxy Service (Verified) McAfee, Inc. c:\program files\common files\mcafee\mcproxy\mcproxy.exe

+ McShield Scans files for viruses and other threats when they are accessed by this computer. (Verified) McAfee, Inc. c:\program files\mcafee\virusscan\mcshield.exe

+ MpfService Helps protect your computer from intrusion and let's you manage your computer's trusted programs. (Verified) McAfee, Inc. c:\program files\mcafee\mpf\mpfsrv.exe

+ MSK80Service This service filters e-mail messages on your computer (Verified) McAfee, Inc. c:\program files\mcafee\msk\msksrver.exe

+ Nero BackItUp Scheduler 3 Nero BackItUp Scheduler 3 is responsible to control all jobs created using Nero BackItUp 3. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP. (Verified) Nero AG c:\program files\nero\nero8\nero backitup\nbservice.exe

+ Net Driver HPZ12 Dot4Net Module (Not verified) Hewlett-Packard c:\windows\system32\hpzinw12.dll

+ o2flash O2 Flash Memory Service (Not verified) O2Micro International c:\program files\o2micro flash memory card driver\o2flash.exe

+ PLFlash DeviceIoControl Service PLFlash DeviceIoControl Service (Not verified) Prolific Technology Inc. c:\windows\system32\ioctlsvc.exe

+ Pml Driver HPZ12 PmlDrv Module (Not verified) Hewlett-Packard c:\windows\system32\hpzipm12.dll

+ RUBotted Show Trend Micro RUBotted warnings (Verified) Trend Micro, Inc. c:\program files\trend micro\rubotted\tmrubotted.exe

+ SbieSvc Sandboxie Service (Not verified) tzuk c:\program files\sandboxie\sbiesvc.exe

+ SBSDWSCService Spybot-S&D Security Center integration (Verified) Safer Networking Ltd. c:\program files\spybot - search & destroy\sdwinsec.exe

+ SiteAdvisor Service Provides low-level support for McAfee SiteAdvisor (Verified) McAfee, Inc. c:\program files\siteadvisor\6261\saservice.exe

+ TNaviSrv TOSHIBA Navi Support Service (Verified) TOSHIBA CORPORATION c:\program files\toshiba\toshiba dvd player\tnavisrv.exe

+ TODDSrv TDCSrv Application (Verified) TOSHIBA CORPORATION c:\windows\system32\toddsrv.exe

+ TosCoSrv TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped. (Verified) TOSHIBA CORPORATION c:\program files\toshiba\power saver\toscosrv.exe

+ TOSHIBA Bluetooth Service File not found: c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

+ TOSHIBA SMART Log Service TosIPCSrv.exe (Not verified) TOSHIBA Corporation c:\program files\toshiba\smartlogservice\tosipcsrv.exe

+ wwEngineSvc Window Washer Cleaning Service (Verified) Webroot Software, Inc. c:\program files\webroot\washer\washersvc.exe

HKLM\System\CurrentControlSet\Services

+ ElbyCDFL ElbyCDIO Filter Driver (Verified) SlySoft Inc. c:\windows\system32\drivers\elbycdfl.sys

+ ElbyCDIO ElbyCD Windows NT/2000/XP I/O driver (Verified) Elaborate Bytes AG c:\windows\system32\drivers\elbycdio.sys

+ mfeavfk Anti-Virus File System Filter Driver (Verified) McAfee, Inc. c:\windows\system32\drivers\mfeavfk.sys

+ mfebopk Buffer Overflow Protection Driver (Verified) McAfee, Inc. c:\windows\system32\drivers\mfebopk.sys

+ mfehidk Host Intrusion Detection Link Driver (Verified) McAfee, Inc. c:\windows\system32\drivers\mfehidk.sys

+ mferkdk VSCore Code Analysis Driver (Verified) McAfee, Inc. c:\windows\system32\drivers\mferkdk.sys

+ mfesmfk System Monitor Filter Driver (Verified) McAfee, Inc. c:\windows\system32\drivers\mfesmfk.sys

+ MPFP McAfee Personal Firewall Plus Driver (Verified) McAfee, Inc. c:\windows\system32\drivers\mpfp.sys

+ NETw5v32 Intel

Share this post


Link to post
Share on other sites

The value for

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Computer Driver

is empty, the key reappears on each boot, but there is nothing in it...

I use autoruns often, there is nothing new in it.

Share this post


Link to post
Share on other sites

Having now run 6 spyware and malware removers and 3 AV programs and finding nothing, I am minded to ignore this result.

The fact that it reappears is a problem, but as the registry key appears to both contain and do nothing it is not an apparent threat to this machine.

I thank you for taking the time to look at it. If there was an easy fix, or a false positive, it would have presented itself by now.

As it is, I am impressed with your product and will continue to use it.

I will watch this thread for a while longer to see if anything develops....

Share this post


Link to post
Share on other sites

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Here is your problem , wish I had seen that sooner .

You are preventing the removal of this registry object .

Share this post


Link to post
Share on other sites

Outstanding.

Problem solved, thank you.

I must have added the key to the S&D Whitelist by mistake.

oops....

Ok, I just paid for your Anti-Malware, how do I put in the new, genuine registration key that I received?

I have already used another key to register it to try it out....

Share this post


Link to post
Share on other sites

Hyattjon,

If you are using McAfee 2007 as your primary antivirus program, you will want to uninstall Spybot Search & Destroy, any CA products you have, Windows Washer, and any other of these you find in this list:

http://service.mcafee.com/FAQDocument.aspx...064&lc=1033

If you are running 2007, I would uninstall Spybot, and any others from that list. I would then run the McAfee Removal Tool, then reinstall McAfee.

Don't forget to run McAfee immediately and then click on FIX. :)

If you have your media, or a purchase order from an online purchase, so you can redownload - reinstalls are rather painless, and can be done in under 30 minutes.

McAfee won't let you install if any of those programs are installed before it, but it will let you install them after it is installed.

McAfee will trigger various alerts and messages -- and you may allow them because you know you're installing a "trusted" application.

I've had to repair quiet a few of these, literally on a daily basis. I've seen Site Advisor offer no protection against phishing sites, and the Firewall go into complete lockdown. All traffic stopped.

Checking that list, I've found anywhere from 2-3 incompatibles installed. Spybot, McAfee, Norton, Spy Sweeper all on one machine -- oh my!! Can we say power struggle?

PC makers bundle packages sometimes too - and you get that "Broken out of the box experience."

Share this post


Link to post
Share on other sites

My laptop came with a Norton trial. During the trial I sert up the machine how I wanted, including Spybot etc. I had no problems, but decided that I would use Macafee instead of norton as I had a paid copy. I simply uninstalled Nortons and installed Macafee with all the others running.

I had no problem installing and running Macafee, in fact it works very well in tandem with S&D. I use it on open wifi all over the country and have never had anything get in through the firewall etc etc.

The only problem I ever had was of my own making, by using P2P to download a dodgy keygen and forgetting to run it in sandboxie.

AFAIK all AV products say to install on a clean system, even Norton states "Because Symantec cannot guarantee compatibility with other security products, we recommend that you uninstall other security programs before you install your Norton 2007/8 product. "

IMO you just have to know how to configure them correctly....

But hey, what do I know, I came here to get help with a simple user error that I had caused by not configuring S&D correctly LOL

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.