Jump to content

--Dell D505 Virus/Infection Analysis request--


Recommended Posts

Start Run of 12162008 NotePad Log Files of Dell D505 Virus/Infection purge attempts & QwertyPop, new MWBytes member, following suggested MWBytes member "J.I.Montana" protocols.

Thank you to MWBytes members who have the time to respond with analysis.

**********************************************

**********************************

*************************

01. QwertyPop Malwarebytes' Anti-Malware 1.31 results after SpyBot's first clear-cutting was affirmed as "clear".

Malwarebytes' Anti-Malware 1.31

Database version: 1506

Windows 5.1.2600 Service Pack 1

12/16/2008 12:27:06 PM

mbam-log-2008-12-16 (12-27-06).txt

Scan type: Full Scan (C:\|)

Objects scanned: 99860

Time elapsed: 38 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

***********************************************************

***************************************************

********************************************

02. QwertyPop Panda Active Scan 2.0 results after Malwarebytes' Anti-Malware 1.31 second full-scan clear-cutting was affirmed as "clear".

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-16 21:34:18

PROTECTIONS: 0

MALWARE: 8

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@target[1].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location I\R

C5

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description I\R

C5

;===============================================================================

================================================================================

=

===================

133387 MEDIUM MS06-065 I\R

C5

133386 MEDIUM MS06-064 I\R

C5

133385 MEDIUM MS06-063 I\R

C5

133379 HIGH MS06-057 I\R

C5

131654 HIGH MS06-055 I\R

C5

129977 MEDIUM MS06-053 I\R

C5

129976 MEDIUM MS06-052 I\R

C5

126093 HIGH MS06-051 I\R

C5

126092 MEDIUM MS06-050 I\R

C5

126087 HIGH MS06-046 I\R

C5

126086 MEDIUM MS06-045 I\R

C5

126083 HIGH MS06-042 I\R

C5

126082 HIGH MS06-041 I\R

C5

126081 HIGH MS06-040 I\R

C5

123421 HIGH MS06-036 I\R

C5

123420 HIGH MS06-035 I\R

C5

120825 MEDIUM MS06-032 I\R

C5

120823 MEDIUM MS06-030 I\R

C5

120818 HIGH MS06-025 I\R

C5

120815 HIGH MS06-022 I\R

C5

120814 HIGH MS06-021 I\R

C5

117384 MEDIUM MS06-018 I\R

C5

114666 HIGH MS06-015 I\R

C5

114664 HIGH MS06-013 I\R

C5

111790 MEDIUM MS06-011 I\R

C5

108744 MEDIUM MS06-008 I\R

C5

108743 MEDIUM MS06-007 I\R

C5

108742 MEDIUM MS06-006 I\R

C5

104567 HIGH MS06-002 I\R

C5

104237 HIGH MS06-001 I\R

C5

101055 HIGH MS05-054 I\R

C5

96574 HIGH MS05-053 I\R

C5

93396 HIGH MS05-052 I\R

C5

93395 HIGH MS05-051 I\R

C5

93394 HIGH MS05-050 I\R

C5

93454 MEDIUM MS05-049 I\R

C5

;===============================================================================

================================================================================

=

===================

************************************************************

******************************

*********************

03. QwertyPop Trend Micro Hijick This results after Panda Active Scan 2.0's first clear-cutting was affirmed as "clear".

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:20:00 PM, on 12/16/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WDBtnMgr.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\System32\WLTRAY.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: (no name) - {2045E5B5-E7CA-48D1-ACFB-B98A7E91E214} - (no file)

O2 - BHO: (no name) - {358C4DD2-D329-4F32-A49D-213D287AF6E2} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {8BFC98B5-CEB9-4C6A-8118-A91C1D201C45} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: szhpdg.dll adnphz.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 6148 bytes

****************************************

*******************************

**************

End Run of 12162008 NotePad Log Files of Dell D505 Virus/Infection purge attempts & QwertyPop, new MWBytes member, following suggested MWBytes member "J.I.Montana" protocols.

...& Thank you to J.I.M. and MWBytes for the chance to solve with the help of others.

Link to post
Share on other sites

Sorry for the delay but the forum has been swamped with posts lately of many infected users.

If you still need assistance please post a reply and I'll assist you.

Start Run of 12232008 NotePad Log Files of Dell D505 Virus/Infection purge attempts & QwertyPop, new MWBytes member, following suggested MWBytes member "J.I.Montana" protocols.

Thank you, MWBytes member "Advan. Set.", if you have the time to respond with analysis. Please analyze at your convenience. My computer seems to be clear so far. I am hoping that I am "purged" but my Sys. Admin. friend has not had the time to analyze the logs herself.

**********************************************

**********************************

*************************

01. QwertyPop Malwarebytes' Anti-Malware 1.31 results after SpyBot's first clear-cutting was affirmed as "clear".

Malwarebytes' Anti-Malware 1.31

Database version: 1537

Windows 5.1.2600 Service Pack 1

12/23/2008 2:17:28 PM

mbam-log-2008-12-23 (14-17-28).txt

Scan type: Full Scan (C:\|)

Objects scanned: 101450

Time elapsed: 37 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*************************************************

**********************************

***********************

02. QwertyPop Panda Active Scan 2.0 results after SpyBot's clear-cutting was affirmed as "clear".

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-23 12:45:48

PROTECTIONS: 0

MALWARE: 10

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@target[1].txt

03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 3 for h-nik201.zip\h2o.rar[kontakt2_keygen.exe]

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location \C5

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description \C5

;===============================================================================

================================================================================

=

===================

133387 MEDIUM MS06-065 \C5

133386 MEDIUM MS06-064 \C5

133385 MEDIUM MS06-063 \C5

133379 HIGH MS06-057 \C5

131654 HIGH MS06-055 \C5

129977 MEDIUM MS06-053 \C5

129976 MEDIUM MS06-052 \C5

126093 HIGH MS06-051 \C5

126092 MEDIUM MS06-050 \C5

126087 HIGH MS06-046 \C5

126086 MEDIUM MS06-045 \C5

126083 HIGH MS06-042 \C5

126082 HIGH MS06-041 \C5

126081 HIGH MS06-040 \C5

123421 HIGH MS06-036 \C5

123420 HIGH MS06-035 \C5

120825 MEDIUM MS06-032 \C5

120823 MEDIUM MS06-030 \C5

120818 HIGH MS06-025 \C5

120815 HIGH MS06-022 \C5

120814 HIGH MS06-021 \C5

117384 MEDIUM MS06-018 \C5

114666 HIGH MS06-015 \C5

114664 HIGH MS06-013 \C5

111790 MEDIUM MS06-011 \C5

108744 MEDIUM MS06-008 \C5

108743 MEDIUM MS06-007 \C5

108742 MEDIUM MS06-006 \C5

104567 HIGH MS06-002 \C5

104237 HIGH MS06-001 \C5

101055 HIGH MS05-054 \C5

96574 HIGH MS05-053 \C5

93396 HIGH MS05-052 \C5

93395 HIGH MS05-051 \C5

93394 HIGH MS05-050 \C5

93454 MEDIUM MS05-049 \C5

;===============================================================================

================================================================================

=

===================

************************************************************

******************************

*********************

03. QwertyPop Trend Micro Hijick This results after SpyBot, Panda Active Scan 2.0's and MWBytes 1.31's first clear-cuttings was affirmed as "clear".

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:22:18 PM, on 12/23/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WDBtnMgr.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\System32\WLTRAY.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: (no name) - {2045E5B5-E7CA-48D1-ACFB-B98A7E91E214} - (no file)

O2 - BHO: (no name) - {358C4DD2-D329-4F32-A49D-213D287AF6E2} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {8BFC98B5-CEB9-4C6A-8118-A91C1D201C45} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: szhpdg.dll adnphz.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 5930 bytes

****************************************

*******************************

**************

End Run of 12232008 NotePad Log Files of Dell D505 Virus/Infection purge attempts & QwertyPop, new MWBytes member, following suggested MWBytes member "J.I.Montana" protocols.

...& Thank you to MWBytes member "Advan. Set.", J.I.M. and MWBytes for the chance to solve with the help of others.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.