Help - trying to remove BraveSentry etc

**StckFigure** · 05-11-2007, 03:57 PM

There was no Save Result to File from the anti-rootkit because it claimed to find no rootkits to remove! New avg and hjt logs coming asap from safemode.

**jholland1964** · 05-11-2007, 04:54 PM

Give me an uninstall list via HiJackThis;
To access the Uninstall Manager you would do the following:

Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply here.

After that then download the Free Trial of Trojan Hunter.
Update it, then reboot into safe mode and run the program.

**StckFigure** · 05-11-2007, 06:01 PM

Is this in addition to the AVG and HJT logs you want otherwise, or instead of? The AVG is running now and is probably about 1/3rd done, but if this is instead of, I can cancel it and get to the new things much more quickly. If it's in addition, then you'll be getting it all

**jholland1964** · 05-11-2007, 07:03 PM

In addition to...you have multiple trojans on the system, and more seem to appear with each scan. We have to find some way to get rid of them. Are you running a firewall? Also cannot understand why the AVG scan would take 7 hours, that is the longest one I ever heard of, was this in SAFE MODE?

**StckFigure** · 05-11-2007, 07:06 PM

I am running the Windows firewall, though it's spotty. I don't know why the AVG scan takes so long either... it is in safe mode, and it's scanning through memory and two relatively big hard drives, but it still seems to be extremely too long. It's still running now, of course; it seems like it might be going a little bit faster this time, so it might only take five or six hours. One can hope.

**jholland1964** · 05-11-2007, 08:36 PM

I didn't realize it was going through two hard drives, that would increase the time I would think.

**StckFigure** · 05-11-2007, 11:18 PM

At last, here are all the latest logs:

First, the newest AWG log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:03:20 PM 5/11/2007

+ Scan result:

C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180769.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180770.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180771.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180765.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180766.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180767.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180768.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180776.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180774.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180772.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180772.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180772.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180775.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180773.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180777.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\uzcx.exe -> Downloader.Nurech.bh : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180779.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180780.dll -> Not-A-Virus.Downloader.Win32.PopCap.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0180778.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\WINDOWS\new_drv.sys -> Rootkit.Agent.ef : Cleaned with backup (quarantined).

::Report end

-------------------------------

Next, HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:09:35 PM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Documents and Settings\Owner\Desktop\hjkths1991.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFast Schedule] C:\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIMACE] MACE.exe
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKLM\..\Run: [soft2] C:\WINDOWS\96796.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173467735984
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/act...cheManager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsezu.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi8625.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

-----------

finally, HJT Uninstall list

Ad-Aware SE Personal
ADDRESS ORGANIZER DELUXE (S)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.7
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.0
AIM 6.0
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI MCE Control Panel
Audacity 1.2.6
AVG Anti-Rootkit Free
AVG Anti-Spyware 7.5
Azureus
BigFix
Bink and Smacker
BitTornado 0.3.7
Boggle
BOINC
BOOK ORGANIZER DELUXE (S)
BookBag Plus
BUM
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
Chowder for Windows version 1.0
CloneDVD2
Collectorz.com Book Collector
Collectorz.com Game Collector
Collectorz.com Movie Collector
Collectorz.com MP3 Collector
Collectorz.com Music Collector
Command
Creative Jukebox Driver
Creative MediaSource
Creative NOMAD Jukebox Zen Xtra
Creative System Information
Digital Media Reader
DiscJuggler
DivX
DivX Player
D-link AirPlus G DWL-G120 Wireless USB Adapter
EA SPORTS online 2006
File Recover 6.0
Final Draft 7
Forté Agent
Gadwin PrintScreen
Gold Miner
Google Earth
Google SketchUp
Google Toolbar for Internet Explorer
Gpower 2.0i
GSpot Codec Information Appliance
Hidden Expedition Titanic (remove only)
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Deskjet 9800
HP Deskjet 9800 Series
ISI ResearchSoft - Export Helper
J2SE Runtime Environment 5.0 Update 2
Jeopardy! 2003
Jeopardy! 2nd Edition
Lexmark Software Uninstall
LimeWire PRO 4.12.6
Linksys EasyLink Advisor 1.5 (1045)
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Magic DVD Ripper V5.0
Magic ISO Maker v5.0 (build 0166)
Magic ISO Maker v5.3 (build 0229)
Magic Workstation 0.94f
Master of Orion II
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Works
mIRC
Move Networks Player for Internet Explorer
MSRedist
MSXML 4.0 SP2 (KB927978)
MTG GamePack for Magic Workstation
Multimedia Keyboard Driver
Mystery Case Files - Prime Suspects (remove only)
Mystery Case Files - Ravenhearst (remove only)
Mystery Case Files Huntsville
Napster Burn Engine
Nero 7 Demo
Network Monitor
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
Orb
Panda ActiveScan
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PowerDVD
PowerPlugs: Transitions and/or 3D Titles
QuickPar 0.9
QuickTime
RealPlayer
Realtek AC'97 Audio
Recover My Files
Reg Organizer 4.0
Rocket Mania 1.01
Roxio Easy Media Creator 8 Suite
SAS 9.1
SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.1)
Scrabble
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Shizmoo Web Games (Uproar)
Sid Meier's Civilization 4
SimCity 4
Slingo Deluxe
Snood Towers for Windows version 1.02
Snoodoku for Windows Version 1.1W
SoftV92 Data Fax Modem with SmartCP
Sony USB Driver
Sound Blaster Live! 24-bit
SPBBC
Spelling Dictionaries For Adobe Reader Package
SPSS 11.0 for Windows Student Version
Spy Sweeper
Spybot - Search & Destroy 1.4
Starcraft
Strike Ball
Super Collapse II
Super Text Twist
SureThing CD Labeler Deluxe 4
Symantec Script Blocking Installer
SymNet
Tiger Woods PGA TOUR 06
Travelogue 360 Paris (remove only)
Trillian
Ultima Online: Mondain's Legacy
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
UseNeXT
VideoLAN VLC media player 0.8.4a
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtools 3D Life Player
VPN Client
WinAVIVideoConverter
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
WinFast PVR
WinRAR archiver
XviD 1.1 final uninstall
Yahoo! Messenger
Yahoo! Widget Engine
Yahoo! Widget Engine
YOU DON'T KNOW JACK Volume 3

I am about to do the Trojan Hunter download and Safe Mode run. Is there a log that should go with this, or does it just run and is done?

**StckFigure** · 05-11-2007, 11:36 PM

I'm unable to update TrojanHunter because it's the free version -- apparently that's not a feature unless I buy it -- but I'm going to run the downloaded version in Safe Mode right now and if buying it for the updates is worth it (I think it's $30), then I'll do it to save my computer!

**jholland1964** · 05-11-2007, 11:42 PM

Don't worry about updating. Just do the scan as is and post the results. I don't want you purchasing something unneeded. Mainly I want to see what it finds. All these logs are going to take awhile, as is the Add/Remove...please bear with me. Also I would advise at this time you don't keep going online with this computer until you are told to do so, it appears to me that new entries are constantly appearing so wait until I can go through all this. Be sure to post back with the TrojanHunter info though.

**StckFigure** · 05-12-2007, 11:32 AM

And finally, here is the TrojanHunter log. I'll bear with you as long as it takes... please take your time!

I've also unplugged the computer from the Internet, though I did have to go back online to download TrojanHunter because I thought I'd need to update it. I unplugged again immediately, though, so it wasn't connected very *long*, whatever that's worth.

Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices\Windows Update

Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\Windows Update

Removed registry value HKEY_LOCAL_MACHINE\Software\Policies\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Removed registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\cmdService\Security
Removed registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\cmdService\Enum
Removed registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\cmdService

Unable to remove registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\Windows Update

Unable to remove registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices\Windows Update

Unable to remove registry key HKEY_LOCAL_MACHINE\Software\Policies\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Removed registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aspi113210\Security
Removed registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aspi113210\Enum
Removed registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aspi113210

Removed registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\soft2

Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}

Quarantined file C:\Orb Networks\Orb\bin\OrbTVBuffer.exe

Quarantined file C:\WINDOWS\OfB11_Setup.exe

Quarantined file F:\WINDOWS\fixreg.exe
Trojan cleaning finished.

Thread: Help - trying to remove BraveSentry etc

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions