Jump to content

Slashatme

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Spyware Guard 2008 appears to be on my computer and won't go away with any basic scan it would seem. Other things appear to be hidden as well which forces me to run in safe mode otherwise my computer slows down so much that it eventually freezes up. Performing quick scans with Malwarebytes' shows an infected registry key or something that can't be deleted, and 2 other infections that say they are successfully deleted but always reappear directly afterward. Malwarebytes' Anti-Malware 1.31 Database version: 1550 Windows 5.1.2600 Service Pack 2 12/27/2008 4:19:48 AM mbam-log-2008-12-27 (04-19-48).txt Scan type: Full Scan (C:\|) Objects scanned: 163718 Time elapsed: 41 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 61 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP837\A0179156.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP840\A0179317.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP842\A0179462.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP846\A0181704.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP846\A0181706.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP846\A0181708.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP846\A0181710.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP846\A0181712.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP846\A0181721.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP846\A0181804.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP846\A0181821.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP846\A0181850.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP847\A0181877.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP847\A0181878.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP847\A0183860.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP847\A0184860.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP847\A0184883.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0184911.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0184915.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0184916.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0184917.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185000.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185018.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185060.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185148.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185192.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185193.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185194.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185195.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185311.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185315.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185320.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185481.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0186503.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0188524.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0191524.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0193524.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0194538.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0194540.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0194544.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0194548.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0194556.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0195566.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196586.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196587.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196588.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196589.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196590.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196591.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196592.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196593.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196594.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196595.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196596.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196597.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196598.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196599.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196600.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196601.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196614.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196615.dll (Trojan.Vundo) -> Quarantined and deleted successfully. ;**************************************************************************** ANALYSIS: 2008-12-27 05:38:21 PROTECTIONS: 2 MALWARE: 18 SUSPECTS: 0 ;**************************************************************************** PROTECTIONS Description Version Active Updated ;=========================================================== Panda Antivirus WebAdmin 3.01.00 No No Windows Defender 1.1.4104.0 No No ;=========================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=========================================================== HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar 00046160 adware/searchexe Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar 00046160 adware/searchexe Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar 00048327 adware/startpage.na Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL 00048327 adware/startpage.na Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar 00048327 adware/startpage.na Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.doubleclick.net/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.atdmt.com/] 00141390 adware/cws.008k Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar 00141390 adware/cws.008k Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page 00141390 adware/cws.008k Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.tribalfusion.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.com.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.bs.serving-sys.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.advertising.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.zedo.com/] 00185663 HackTool/NetCat.A HackTools No 0 No No C:\Documents and Settings\Alex\Desktop\CryptLoad_1.1.5.rar[router\FRITZ!Box\nc.exe] 00185663 HackTool/NetCat.A HackTools No 0 Yes No C:\Documents and Settings\Alex\Desktop\CryptLoad_1.1.5\router\FRITZ!Box\nc.exe 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.adultfriendfinder.com/] 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\na684jwb.default\cookies.txt[.target.com/] 03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\userinit.exe 03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\dllcache\userinit.exe 03738741 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Alex\Desktop\CryptLoad_1.1.5.rar[ocr\netload.in\asmCaptcha\test.exe] 03738741 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Alex\Desktop\CryptLoad_1.1.5\ocr\netload.in\asmCaptcha\test.exe 04472478 Adware/WebSearch Adware No 0 Yes No C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0196585.dll 04472478 Adware/WebSearch Adware No 0 Yes No C:\System Volume Information\_restore{54C86084-7FFC-4B91-8490-871C8454285F}\RP848\A0185323.dll ;=========================================================== SUSPECTS Sent Location 9 ;=========================================================== ;=========================================================== VULNERABILITIES Id Severity Description 9 ;=========================================================== 108742 MEDIUM MS06-006 9 ;=========================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:44:30 AM, on 12/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcclub.com R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file) O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [spybotDeletingA2149] command /c del "C:\WINDOWS\system32\bb1.dat" O4 - HKLM\..\RunOnce: [spybotDeletingC2531] cmd /c del "C:\WINDOWS\system32\bb1.dat" O4 - HKLM\..\RunOnce: [spybotDeletingA2276] command /c del "C:\WINDOWS\system32\cookie1.dat" O4 - HKLM\..\RunOnce: [spybotDeletingC6526] cmd /c del "C:\WINDOWS\system32\cookie1.dat" O4 - HKLM\..\RunOnce: [spybotDeletingA2192] command /c del "C:\WINDOWS\system32\uniq.tll" O4 - HKLM\..\RunOnce: [spybotDeletingC9226] cmd /c del "C:\WINDOWS\system32\uniq.tll" O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunOnce: [spybotDeletingB826] command /c del "C:\WINDOWS\system32\bb1.dat" O4 - HKCU\..\RunOnce: [spybotDeletingD1014] cmd /c del "C:\WINDOWS\system32\bb1.dat" O4 - HKCU\..\RunOnce: [spybotDeletingB6524] command /c del "C:\WINDOWS\system32\cookie1.dat" O4 - HKCU\..\RunOnce: [spybotDeletingD9500] cmd /c del "C:\WINDOWS\system32\cookie1.dat" O4 - HKCU\..\RunOnce: [spybotDeletingB6780] command /c del "C:\WINDOWS\system32\uniq.tll" O4 - HKCU\..\RunOnce: [spybotDeletingD328] cmd /c del "C:\WINDOWS\system32\uniq.tll" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\docume~1\alex\locals~1\temp\ntdll64.dll' missing O14 - IERESET.INF: START_PAGE_URL=http://www.pcclub.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\mozuzolo.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda anti-virus driver (PAVDRV) - Unknown owner - C:\WINDOWS\system32\Drivers\pavdrv51.sys (file missing) O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Sr\Compnts\Vr\pavsrv51.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7217 bytes Thanks in advance for any help anyone could give me.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.