PDA

View Full Version : Help. More problems.


patriots88888
18-10-08, 22:37
I have been receiving a Windows Security Alert for the past several days now and I can't resolve the issue. :( Windows Firewall has detected activity of harmful software: Trojan-Clicker.Win43.Tiny.h

Windows Defender doesn't resolve the issue for me. :confused: Is there free software for spyware removal so I can finally be rid of this annoyance? I downloaded several spyware removal programs but none would let me remove the Trojan. I can't use system restore either because I have disabled it for now. Please help if you can. Thanks in advance.

Nerd For Life
18-10-08, 22:49
Did you try Ad-Aware yet?

Titanium
18-10-08, 22:51
www.lavasoft.com - Ad-Aware
www.safer-networking.org - Spybot Search and Destroy.

patriots88888
18-10-08, 23:01
Did you try Ad-Aware yet?

www.lavasoft.com - Ad-Aware
www.safer-networking.org - Spybot Search and Destroy.

Are these truly free? I downloaded the Spybot Search and Destroy free trial and while it detected the spyware, it wouldn't let me remove it. I already have Windows Defender which is supposed to resolve the issue but for whatever reason, wouldn't. I don't want to spend money on something that won't help me with this.

What do they mean, Complete one offer, for the Ad-Aware program? Is it going to cost me anything or require a credit card?

Titanium
18-10-08, 23:26
Are these truly free? I downloaded the Spybot Search and Destroy free trial and while it detected the spyware, it wouldn't let me remove it. I already have Windows Defender which is supposed to resolve the issue but for whatever reason, wouldn't. I don't want to spend money on something that won't help me with this.

What do they mean, Complete one offer, for the Ad-Aware program? Is it going to cost me anything or require a credit card?

Spybot is completely free. The only time it shouldnt delete something is when its having problems deleting the infection.

Ad-Aware has a free version.

http://www.lavasoft.com/single/trialpay.php

Trialpay is optional, the link that says Download will take you to download.com where the free version is. :)

patriots88888
19-10-08, 00:43
Spybot is completely free. The only time it shouldnt delete something is when its having problems deleting the infection.

Ad-Aware has a free version.

http://www.lavasoft.com/single/trialpay.php

Trialpay is optional, the link that says Download will take you to download.com where the free version is. :)

OK. I just downloaded the Ad-Aware program and completed a Smart Scan with it and removed the infections. However, as soon as I did so, the Windows Firewall warning about the Trojan popped up on my screen again. I guess it's back to the drawing board again. :( Thanks for the help though. It is much appreciated. :)

spikejones
19-10-08, 02:02
please run and post the results of ARdiag.exe (http://www.tombraiderhub.com/download/ardiag.exe)

then wait for someone to come along and tell you what you need to delete. You will use the application autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx), so you might as well go ahead and download that as well.

patriots88888
19-10-08, 02:59
Program:
N/A
Publisher:
"(Verified) Lavasoft AB"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry name:
lsdelete
Program path & name:
"c:\windows\system32\lsdelete.exe"
Enabled: [V]


Program:
"Ad-Aware service"
Publisher:
"(Verified) Lavasoft AB"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aawservice
Program path & name:
"c:\program files\lavasoft\ad-aware\aawservice.exe"
Enabled: [V]


Program:
"Connectivity engine for America Online"
Publisher:
"(Verified) America Online Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AOL ACS
Program path & name:
"c:\program files\common files\aol\acs\aolacsd.exe"
Enabled: [V]


Program:
"Manages the scheduling of Automatic LiveUpdate sessions"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Automatic LiveUpdate Scheduler
Program path & name:
"c:\program files\symantec\liveupdate\aluschedulersvc.exe"
Enabled: [V]


Program:
"Event propagation and logging service"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ccEvtMgr
Program path & name:
"c:\program files\common files\symantec shared\ccsvchst.exe"
Enabled: [V]


Program:
"Settings storage and management service"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ccSetMgr
Program path & name:
"c:\program files\common files\symantec shared\ccsvchst.exe"
Enabled: [V]


Program:
"Symantec Lic NetConnect Service"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
CLTNetCnService
Program path & name:
"c:\program files\common files\symantec shared\ccsvchst.exe"
Enabled: [V]


Program:
"Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work."
Publisher:
"(Not verified) Hewlett-Packard Company"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LightScribeService
Program path & name:
"c:\program files\common files\lightscribe\lssrvc.exe"
Enabled: [V]


Program:
"Manages Norton product notices."
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LiveUpdate Notice Ex
Program path & name:
"c:\program files\common files\symantec shared\ccsvchst.exe"
Enabled: [V]


Program:
"Manages Norton product notices"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LiveUpdate Notice Service
Program path & name:
"c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe"
Enabled: [V]


Program:
"Symantec Application Service"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SymAppCore
Program path & name:
"c:\program files\common files\symantec shared\appcore\appsvc32.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ATIXPGAA
Program path & name:
File not found: C:\Program Files\PC-Doctor 5 for Windows\ATIXPGAA.SYS"
Enabled: [V]


Program:
"CD/DVD Class Filter Driver"
Publisher:
"(Verified) GEAR Software Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
GEARAspiWDM
Program path & name:
"c:\windows\system32\drivers\gearaspiwdm.sys"
Enabled: [V]


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V]


Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]


Program:
"FrontLine Environment Driver"
Publisher:
"(Verified) Protection Technology Ltd."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sfdrv01
Program path & name:
"c:\windows\system32\drivers\sfdrv01.sys"
Enabled: [V]


Program:
"FrontLine Helper Driver"
Publisher:
"(Verified) Protection Technology Ltd."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sfhlp02
Program path & name:
"c:\windows\system32\drivers\sfhlp02.sys"
Enabled: [V]


Program:
"Symantec AutoProtect"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SRTSPL
Program path & name:
"c:\windows\system32\drivers\srtspl.sys"
Enabled: [V]


Program:
"Symantec AutoProtect"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SRTSPX
Program path & name:
"c:\windows\system32\drivers\srtspx.sys"
Enabled: [V]


Program:
"DNS Filter Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMDNS
Program path & name:
"c:\windows\system32\drivers\symdns.sys"
Enabled: [V]


Program:
"Firewall Filter Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMFW
Program path & name:
"c:\windows\system32\drivers\symfw.sys"
Enabled: [V]


Program:
"IDS Filter Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMIDS
Program path & name:
"c:\windows\system32\drivers\symids.sys"
Enabled: [V]


Program:
"NDIS Filter Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMNDISV
Program path & name:
"c:\windows\system32\drivers\symndisv.sys"
Enabled: [V]


Program:
"Redirector Filter Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMREDRV
Program path & name:
"c:\windows\system32\drivers\symredrv.sys"
Enabled: [V]


Program:
"Network Dispatch Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMTDI
Program path & name:
"c:\windows\system32\drivers\symtdi.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
C:\Program
Program path & name:
File not found: C:\Program"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
Files\RelevantKnowledge\rlai.dll
Program path & name:
File not found: Files\RelevantKnowledge\rlai.dll"
Enabled: [V]


Program:
"hpsysdrv"
Publisher:
"(Not verified) Hewlett-Packard Company"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
hpsysdrv
Program path & name:
"c:\hp\support\hpsysdrv.exe"
Enabled: [V]


Program:
"Symantec User Session"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ccApp
Program path & name:
"c:\program files\common files\symantec shared\ccapp.exe"
Enabled: [V]


Program:
"osCheck"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
osCheck
Program path & name:
"c:\program files\norton internet security\oscheck.exe"
Enabled: [V]


Program:
"AOL"
Publisher:
"(Verified) AOL LLC"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HostManager
Program path & name:
"c:\program files\common files\aol\1171763297\ee\aolsoftware.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Computer Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Computer Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\jusched.exe"
Enabled: [V]


Program:
"RealNetworks Scheduler"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
TkBellExe
Program path & name:
"c:\program files\common files\real\update_ob\realsched.exe"
Enabled: [V]


Program:
"HP DVDPlay Resident Program"
Publisher:
"(Not verified) CyberLink Corp."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
DPService
Program path & name:
"c:\program files\hp\dvdplay\dpservice.exe"
Enabled: [V]


Program:
"Catalyst® Control Center Launcher"
Publisher:
"(Not verified) Advanced Micro Devices Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
StartCCC
Program path & name:
"c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
Enabled: [V]


Program:
"LiveUpdate Notice Service"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Symantec PIF AlertEng
Program path & name:
"c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe"
Enabled: [V]


Program:
"Setup/Uninstall"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
Entry name:
InnoSetupRegFile.0000000001
Program path & name:
c:\windows\is-7e4sk.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
Entry name:
RealtekHDAUpgrade
Program path & name:
File not found: RealtekHDAUpgrade"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]


Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Not verified) Adobe Systems Incorporated"
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
Adobe Reader Speed Launch.lnk
Program path & name:
"c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe"
Enabled: [V]


Program:
"HP Connections"
Publisher:
"(Verified) Hewlett-Packard"
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
Compaq Connections.lnk
Program path & name:
"c:\program files\compaq connections\3572475\program\compaq connections.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
C:\Users\Todd\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup
Entry name:
Registration .LNK
Program path & name:
File not found: C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\support\Register\Reg.exe"
Enabled: [V]


Program:
"InstallShield Update Service Update Manager"
Publisher:
"(Not verified) InstallShield Software Corporation"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
ISUSPM Startup
Program path & name:
"c:\program files\common files\installshield\updateservice\isuspm.exe"
Enabled: [V]


Program:
"Adobe Update Manager"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
updateMgr
Program path & name:
"c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
DbSysMon
Program path & name:
c:\programdata\dbsysmon\rqxafmfi.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
NUZCwsjbIY
Program path & name:
File not found: C:\Users\Todd\Documents\My Downloads\New Folder (368)\AdobeFlashPlayerHD.exe"
Enabled: [V]


Program:
"CEEment"
Publisher:
"(Not verified) Hewlett-Packard"
Entry path:
Task Scheduler
Entry name:
HPCeeScheduleForTodd.job
Program path & name:
"c:\program files\hewlett-packard\sdp\ceement\hpcee.exe"
Enabled: [V]


Program:
"Norton AntiVirus Scanner Module"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
Task Scheduler
Entry name:
Norton Internet Security - Run Full System Scan - Todd.job
Program path & name:
"c:\program files\norton internet security\norton antivirus\navw32.exe"
Enabled: [V]


Program:
"Orbitcth"
Publisher:
"(Not verified) Orbitdownloader.com"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Octh Class
Program path & name:
"c:\program files\orbitdownloader\orbitcth.dll"
Enabled: [V]


Program:
"Adobe Acrobat IE Helper Version 7.0 for ActiveX"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
Enabled: [V]


Program:
"NcoBHO"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}
Program path & name:
"c:\program files\common files\symantec shared\coshared\browser\1.0\nppbho.dll"
Enabled: [V]


Program:
"Conduit Toolbar"
Publisher:
"(Verified) Conduit Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
myBabylon Toolbar
Program path & name:
"c:\program files\mybabylon\tbmyba.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\ssv.dll"
Enabled: [V]


Program:
"Mega Manager IE Click Catcher"
Publisher:
"(Not verified) Megaupload Limited"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IeMonitorBho Class
Program path & name:
"c:\program files\megaupload\mega manager\megaiemn.dll"
Enabled: [V]


Program:
"ShellvRTF"
Publisher:
"(Not verified) XSS"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ShellViewRTF
Program path & name:
"c:\windows\system32\shellvrtf.dll"
Enabled: [V]


Program:
"RealPlayer Shell Extensions"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Extensions for RealOne Player
Program path & name:
"c:\program files\real\realplayer\rpshell.dll"
Enabled: [V]


Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Computer Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"ACE Context Menu"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Catalyst Context Menu extension
Program path & name:
c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
Enabled: [V]


Program:
"Conduit Toolbar"
Publisher:
"(Verified) Conduit Ltd."
Entry path:
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name:
tbmyba.dll
Program path & name:
"c:\program files\mybabylon\tbmyba.dll"
Enabled: [V]


Program:
"UIBhoImpl"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
NCO Toolbar
Program path & name:
"c:\program files\common files\symantec shared\coshared\browser\1.0\uibho.dll"
Enabled: [V]


Program:
"Veoh Browser Plug-in"
Publisher:
"(Not verified) Veoh Networks Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
Veoh Video Finder
Program path & name:
"c:\program files\veoh networks\veoh\plugins\reg\veohtoolbar.dll"
Enabled: [V]


Program:
"Conduit Toolbar"
Publisher:
"(Verified) Conduit Ltd."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
myBabylon Toolbar
Program path & name:
"c:\program files\mybabylon\tbmyba.dll"
Enabled: [V]


Program:
"Download Manager and Stream Recorder"
Publisher:
"(Not verified) StreamingStar Technology Inc."
Entry path:
HKCU\Software\Microsoft\Internet Explorer\Extensions
Entry name:
HiDownload
Program path & name:
"c:\program files\hidownload\hidownload.exe"
Enabled: [V]



OK. I'll wait and see then. Thanks in advance. :)

EscondeR
19-10-08, 08:45
Boot in Safe Mode.
Run Autoruns, wait till it completes scanning.
Then kill the following entries (right click and select Delete):


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ATIXPGAA
Program path & name:
File not found: C:\Program Files\PC-Doctor 5 for Windows\ATIXPGAA.SYS"
Enabled: [V] - Dead link


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V] - Dead link


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V] - Dead link


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V] - Dead link


Program:
"FrontLine Environment Driver"
Publisher:
"(Verified) Protection Technology Ltd."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sfdrv01
Program path & name:
"c:\windows\system32\drivers\sfdrv01.sys"
Enabled: [V] - Crapware!


Program:
"FrontLine Helper Driver"
Publisher:
"(Verified) Protection Technology Ltd."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sfhlp02
Program path & name:
"c:\windows\system32\drivers\sfhlp02.sys"
Enabled: [V] - Crapware!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
c:\Program Files\RelevantKnowledge\rlai.dll
Program path & name:
File not found: c:\Program Files\RelevantKnowledge\rlai.dll"
Enabled: [V] - Dead link


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Computer Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\jusched.exe"
Enabled: [V]


Program:
"RealNetworks Scheduler"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
TkBellExe
Program path & name:
"c:\program files\common files\real\update_ob\realsched.exe"
Enabled: [V]


Program:
"Setup/Uninstall"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
Entry name:
InnoSetupRegFile.0000000001
Program path & name:
c:\windows\is-7e4sk.exe"
Enabled: [V] - Malware or trojan!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
Entry name:
RealtekHDAUpgrade
Program path & name:
File not found: RealtekHDAUpgrade"
Enabled: [V] - Dead link


Program:
N/A
Publisher:
N/A
Entry path:
C:\Users\Todd\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup
Entry name:
Registration .LNK
Program path & name:
File not found: C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\support\Register\Reg.exe"
Enabled: [V] - Dead link


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
DbSysMon
Program path & name:
c:\programdata\dbsysmon\rqxafmfi.exe"
Enabled: [V] - Crapware!


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
NUZCwsjbIY
Program path & name:
File not found: C:\Users\Todd\Documents\My Downloads\New Folder (368)\AdobeFlashPlayerHD.exe"
Enabled: [V]


Program:
"Orbitcth"
Publisher:
"(Not verified) Orbitdownloader.com"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Octh Class
Program path & name:
"c:\program files\orbitdownloader\orbitcth.dll"
Enabled: [V] - Malware or trojan!


Program:
"Conduit Toolbar"
Publisher:
"(Verified) Conduit Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
myBabylon Toolbar
Program path & name:
"c:\program files\mybabylon\tbmyba.dll"
Enabled: [V] - Crapware!


Program:
"Mega Manager IE Click Catcher"
Publisher:
"(Not verified) Megaupload Limited"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IeMonitorBho Class
Program path & name:
"c:\program files\megaupload\mega manager\megaiemn.dll"
Enabled: [V] - Malware!


Program:
"Conduit Toolbar"
Publisher:
"(Verified) Conduit Ltd."
Entry path:
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name:
tbmyba.dll
Program path & name:
"c:\program files\mybabylon\tbmyba.dll"
Enabled: [V] - Crapware!


Program:
"Veoh Browser Plug-in"
Publisher:
"(Not verified) Veoh Networks Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
Veoh Video Finder
Program path & name:
"c:\program files\veoh networks\veoh\plugins\reg\veohtoolbar.dll"
Enabled: [V] - Crapware!


Program:
"Conduit Toolbar"
Publisher:
"(Verified) Conduit Ltd."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
myBabylon Toolbar
Program path & name:
"c:\program files\mybabylon\tbmyba.dll"
Enabled: [V] - Crapware!


Program:
"Download Manager and Stream Recorder"
Publisher:
"(Not verified) StreamingStar Technology Inc."
Entry path:
HKCU\Software\Microsoft\Internet Explorer\Extensions
Entry name:
HiDownload
Program path & name:
"c:\program files\hidownload\hidownload.exe"
Enabled: [V] - Crapware!


BTW, the biggest Crapware on your PC is Norton, the PC got infected and it can do nothing about!