I got a VIRUS and i need help removing it [RESOLVED] |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
  |
 Nov 1 2008, 09:34 PM
Post
#1
|
|
|
Member  Posts: 62 From: Colton OS: Windows xp  |
i got a virus well i think it is because i cant get in my internet connection in order to protect against a crash or virus threat....i also saw something that said trojan so i dont really know what it is
i was recommonded byhfcg and i need step by step help to romove the nasty malware. i would thank you for your help  if u need any more info I would be happy to give it to you This post has been edited by Flakko: Nov 1 2008, 09:42 PM |
 |
 
|
|
Nov 2 2008, 05:11 PM
Post
#2
|
|
 Trusted Helper  Posts: 4,592 From: London, UK OS: XP |
Hi Flakko
welcome to the malware forums  ok, without an internet connection this could be tricky unless you are able to download programs to another computer and transfer them across. assuming you can then lets get a basic log up and running to see where we stand: Click here to download HJTInstall.exe
andrewuk |
|
|
|
|
Nov 2 2008, 06:19 PM
Post
#3
|
|
|
Member Posts: 62 From: Colton OS: Windows xp |
Well I try to get on the internet with the computer with the malware and it doesnt let me it says continue unprotected and i click on it but it doesnt let me.....the other option it has is to get Anti-spyware Xp 2009......but ummm if download HJTInstall.exe could i put it on a blank cd and transport it to the computer with the malware?
|
|
|
|
|
Nov 2 2008, 06:56 PM
Post
#4
|
|
|
Trusted Helper Posts: 4,592 From: London, UK OS: XP |
QUOTE but ummm if download HJTInstall.exe could i put it on a blank cd and transport it to the computer with the malware? yes, you will need to do that.dont go for the Anti-spyware Xp 2009 - it is bad. and whilst you are at it, download these programs (but dont run them yet) - i suspect we will be needing them: Please download ATF Cleaner by Atribune. Please download Malwarebytes' Anti-Malware from Here or Here Download SUPERAntiSpyware Download ComboFix from one of these locations: Link 1 Link 2 Link 3 andrewuk This post has been edited by andrewuk: Nov 2 2008, 06:57 PM |
|
|
|
|
Nov 2 2008, 07:04 PM
Post
#5
|
|
|
Member Posts: 62 From: Colton OS: Windows xp |
Well Yeah I kinda Of notice that it was bad.....But um Is it Bad if its already on my Dektop as A shortcut? ANd pops up when my computer starts up?
Ok ill Download All those programs |
|
|
|
|
Nov 2 2008, 07:26 PM
Post
#6
|
|
|
Member Posts: 62 From: Colton OS: Windows xp |
OK I Burned the programs into the cd and then i put the cd into the infected computer and i clicked on install then i clicked on ok and it made another shortcut but it didnt launch?? I Double Click on it and it Still Doesnt Launch??
|
|
|
|
|
Nov 2 2008, 07:48 PM
Post
#7
|
|
|
Trusted Helper Posts: 4,592 From: London, UK OS: XP |
you need to move the hijackthis program from the cd onto your desktop of the infected computer - and then double click it.
dont try and run anything from your cd. and dont try and run any of the other programs at this stage. andrewuk |
|
|
|
|
Nov 2 2008, 09:07 PM
Post
#8
|
|
|
Member Posts: 62 From: Colton OS: Windows xp |
Yea i did that i Got the program from the CD and Copied it to the Desktop and did the intstructions you gave me but still no luck??
Is there anything that might be stopping it? I think I know what Could be stopping it.....well do you know how you said that AntiSpyware Xp 2009 is bad...I went to my program files and it says its installed... then i tried to remove it and i cant it says program is Already Installed when i dont want to install i want to remove it? Do you think that Antspyware Xp is causing the PRoblem? |
|
|
|
|
Nov 3 2008, 01:33 AM
Post
#9
|
|
|
Trusted Helper Posts: 4,592 From: London, UK OS: XP |
it may be blocking it, though normally it does that by preventing the download.
out of interest, are you able to run any programs from your desktop by doubleclicking them? the malware may have disabled this ability to run programs. also, remember that when you download the program to your CD, dont install it at that stage but copy the program over to your infected PC desktop and install it from there (apologies if i am sounding simple, but too much text is better than too little). try copying the Malwarebytes program from your CD onto your desktop and then running it, full instructions are below: Double Click mbam-setup.exe to install the application.
|
|
|
|
|
Nov 3 2008, 06:58 PM
Post
#10
|
|
|
Member Posts: 62 From: Colton OS: Windows xp |
ok il do it rite now
This post has been edited by Flakko: Nov 3 2008, 07:02 PM |
|
|
|
|
Nov 3 2008, 07:02 PM
Post
#11
|
|
|
Member Posts: 62 From: Colton OS: Windows xp |
Malwarebytes' Anti-Malware 1.30
Database version: 1306 Windows 5.1.2600 Service Pack 3 11/3/2008 4:36:04 PM mbam-log-2008-11-03 (16-36-04).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 169882 Time elapsed: 4 hour(s), 44 minute(s), 3 second(s) Memory Processes Infected: 1 Memory Modules Infected: 3 Registry Keys Infected: 175 Registry Values Infected: 9 Registry Data Items Infected: 1 Folders Infected: 60 Files Infected: 173 Memory Processes Infected: C:\Program Files\AntiSpywareXP2009\antispywarexp2009.exe (Rogue.AntispywareXP) -> Unloaded process successfully. Memory Modules Infected: C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Delete on reboot. C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Delete on reboot. C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\urlsearchhook.softomateurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\urlsearchhook.softomateurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{96E6B1C3-B5D0-89CC-4909-92D85A48B1A0} (Rogue.SpyHeal) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{a0442dfa-1f7e-4dce-b75c-a90993d6e7fc} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{268706f0-841c-446a-b757-8c1ef84527dc} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{32fd16dc-537c-4186-9bd6-c718a308342b} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{27861bda-a645-491d-8599-dcab5969dc34} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4cf05127-d66d-4125-b2d9-15909b83842a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{475a8380-dc57-448b-8d9f-5600df0a8476} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\getsn32.msiesn (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acpiz (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acup (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\acup (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acup (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: msansspc.dll -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\contexts (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Games (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\JokeSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Movies (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Pranks (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\SmileyTown (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Games (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\JokeSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Movies (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Pranks (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\SmileyTown (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347 (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Configurator (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\EntertainmentMarketingSP (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Games (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\JokeSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Layouts (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Manager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Movies (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Pranks (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Toolbar (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully. This post has been edited by Flakko: Nov 3 2008, 07:11 PM |
|
|
|
|
Nov 3 2008, 07:06 PM
Post
#12
|
|
|
Member Posts: 62 From: Colton OS: Windows xp |
Files Infected:
C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot. C:\WINDOWS\faceback.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\JAN3TT\Local Settings\Temp\ICD1.tmp\f3Setup1.exe (Adware.Funweb) -> Quarantined and deleted successfully. C:\Documents and Settings\Tick' BEaSTlY LaDIeZ\Local Settings\Temp\mmmatt.exe (Spyware.Banker) -> Quarantined and deleted successfully. C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\Tem1BC.tmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\jokesearch.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\pranks.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\smiley.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\buttons\smileyxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.cfg (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\JokeSearch\JokeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Pranks\PranksOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Pranks\PranksOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\SmileyTown\SmileyTownOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\JokeSearch\JokeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Pranks\PranksOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Pranks\PranksOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\SmileyTown\SmileyTownOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Pranks\PranksOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Pranks\PranksOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Flakko\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\k86.bin (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\browser.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msansspc.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv934.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\getsn32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully. C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smwin32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wini10803.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\JAN3TT\Desktop\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\JAN3TT\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Tick' BEaSTlY LaDIeZ\~.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSarxx.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSdxcp.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSnvuo.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSoitt.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSvoqm.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSwuus.log (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSxhyf.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\acpiz.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\acup.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\TDSSpxst.sys (Rootkit.Agent) -> Delete on reboot. |
|
|
|
|
Nov 4 2008, 02:20 AM
Post
#13
|
|
|
Trusted Helper Posts: 4,592 From: London, UK OS: XP |
ok, that cleaned out alot. im guessing you have (hopefully) rebooted your machine.
i want now to copy over and run the combofix program - you have several infections on your machine which we can now tackle, and we will also try and see if we can copy over and run the hijackthis program: Copy over the combofix program to your infected machine. * IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. and a new hijackthis log please (follow my prior instructions for the hijackthis program). andrewuk |
|
|
|
|
Nov 4 2008, 12:27 PM
Post
#14
|
|
|
Member Posts: 62 From: Colton OS: Windows xp |
ComboFix 08-11-03.06 - JAN3TT 2008-11-04 10:04:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.118 [GMT -8:00] Running from: c:\documents and settings\JAN3TT\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Flakko\Application Data\FunWebProducts c:\documents and settings\Flakko\Application Data\FunWebProducts\Data\Flakko\avatar.dat c:\documents and settings\Flakko\Application Data\FunWebProducts\Data\Flakko\register.dat c:\documents and settings\JAN3TT\Cookies\ihelawy.lib c:\documents and settings\JAN3TT\Cookies\isuzumyw.ban c:\documents and settings\JAN3TT\Local Settings\Temporary Internet Files\inuvo.scr c:\documents and settings\JAN3TT\Local Settings\Temporary Internet Files\usoqywoho._sy c:\windows\IE4 Error Log.txt c:\windows\system32\av.dat c:\windows\system32\TDSSmtve.dat c:\windows\wiaservv.log D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 ))))))))))))))))))))))))))))))) . 2008-11-04 09:55 . 2008-11-04 09:55 <DIR> d-------- c:\program files\FrostWire 2008-11-04 09:55 . 2008-11-04 09:55 <DIR> d-------- c:\program files\AskSBar 2008-11-03 11:37 . 2008-11-03 11:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-03 11:37 . 2008-11-03 11:37 <DIR> d-------- c:\documents and settings\JAN3TT\Application Data\Malwarebytes 2008-11-03 11:37 . 2008-11-03 11:37 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-03 11:37 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-03 11:37 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-02 17:20 . 2008-11-02 17:20 <DIR> d-------- c:\program files\Trend Micro 2008-11-02 16:48 . 2008-10-25 17:26 8,560 --a------ c:\windows\system32\drivers\mr97310v.sys 2008-10-29 12:27 . 2008-08-14 02:11 2,189,184 --a------ c:\windows\system32\ntoskrnl.exe 2008-10-29 12:27 . 2008-08-14 01:33 2,066,048 --a------ c:\windows\system32\ntkrnlpa.exe 2008-10-26 17:13 . 2008-10-26 18:06 <DIR> d-------- c:\program files\Enigma Software Group 2008-10-26 16:55 . 2008-10-26 16:55 <DIR> d-------- c:\program files\Common Files\InstallShield 2008-10-26 14:56 . 2008-05-15 15:15 53,168 --a------ c:\windows\system32\drivers\MpFilter.sys 2008-10-26 14:43 . 2008-10-26 16:47 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live 2008-10-26 14:14 . 2008-10-26 14:14 75 --a------ c:\windows\st_affiliate.ini 2008-10-26 13:25 . 2008-10-26 13:25 19,786 --a------ c:\windows\system32\otityja.dll 2008-10-26 13:25 . 2008-10-26 13:25 19,185 --a------ c:\windows\buzeke.exe 2008-10-26 13:25 . 2008-10-26 13:25 17,754 --a------ c:\documents and settings\JAN3TT\Application Data\doqatuha.bat 2008-10-26 13:25 . 2008-10-26 13:25 17,348 --a------ c:\windows\ihaqeco.sys 2008-10-26 13:25 . 2008-10-26 13:25 14,360 --a--c--- c:\documents and settings\All Users\Application Data\qacice.vbs 2008-10-26 13:25 . 2008-10-26 13:25 14,054 --a------ c:\windows\system32\xeculydi.db 2008-10-26 13:25 . 2008-10-26 13:25 13,492 --a------ c:\windows\qelywe.inf 2008-10-26 13:25 . 2008-10-26 13:25 13,155 --a------ c:\windows\kuloma.sys 2008-10-26 13:25 . 2008-10-26 13:25 12,403 --a------ c:\windows\otera.exe 2008-10-26 13:25 . 2008-10-26 13:25 12,277 --a------ c:\documents and settings\JAN3TT\Application Data\hehowony.dat 2008-10-26 13:25 . 2008-10-26 13:25 10,547 --a------ c:\windows\eqipemiwym.dl 2008-10-25 17:57 . 2008-10-27 13:42 7 --a------ c:\windows\system32\axt.bin 2008-10-25 17:27 . 2008-10-25 17:27 88,502 --a------ c:\windows\system32\rfs.bin 2008-10-25 17:26 . 2008-10-25 17:26 8,560 --a------ c:\windows\system32\drivers\EagleNT.sys 2008-10-24 04:35 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-22 08:35 . 2008-10-22 08:35 <DIR> d-------- c:\windows\system32\scripting 2008-10-22 08:35 . 2008-10-22 08:35 <DIR> d-------- c:\windows\system32\en 2008-10-22 08:35 . 2008-10-22 08:35 <DIR> d-------- c:\windows\system32\bits 2008-10-22 08:35 . 2008-10-22 08:35 <DIR> d-------- c:\windows\l2schemas 2008-10-22 08:31 . 2008-10-22 08:35 <DIR> d-------- c:\windows\ServicePackFiles 2008-10-22 08:20 . 2008-10-22 08:20 <DIR> d-------- c:\windows\EHome 2008-10-20 16:37 . 2008-10-27 10:15 <DIR> d-------- c:\program files\iPod 2008-10-20 16:37 . 2008-10-20 16:38 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-20 16:27 . 2008-10-26 13:44 <DIR> d-------- c:\program files\QuickTime 2008-10-20 14:54 . 2008-04-13 16:12 741,376 --a--c--- c:\windows\system32\dllcache\sapi.dll 2008-10-20 14:53 . 2008-04-13 16:12 3,558,912 --a--c--- c:\windows\system32\dllcache\moviemk.exe 2008-10-20 14:52 . 2004-08-03 21:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys 2008-10-20 14:51 . 2008-04-13 16:11 1,888,992 --------- c:\windows\system32\ati3duag.dll 2008-10-20 14:08 . 2008-09-08 02:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-20 14:07 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-20 14:06 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-20 14:06 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-20 14:06 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-20 14:06 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-20 14:02 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-10-20 11:07 . 2007-01-31 07:58 6,246 --a------ c:\windows\atty.ico 2008-10-17 11:58 . 2008-10-17 11:59 <DIR> d-------- c:\documents and settings\JAN3TT\Application Data\CyberLink 2008-10-10 17:14 . 2008-10-10 17:14 <DIR> d-------- c:\program files\BroadJump 2008-10-09 19:10 . 2007-01-31 07:58 6,345 -ra------ c:\windows\system32\DevMngr.vxd 2008-10-09 19:09 . 2007-01-31 07:58 266,240 --------- c:\windows\SBCDSL.exe 2008-10-05 19:25 . 2008-10-20 09:57 54,156 --ah----- c:\windows\QTFont.qfn 2008-10-05 19:25 . 2008-10-05 19:25 1,409 --a------ c:\windows\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-27 18:15 --------- d-----w c:\program files\iTunes 2008-10-26 21:45 --------- d-----w c:\program files\Viewpoint 2008-10-26 21:45 --------- d-----w c:\program files\SBC LightSpeed Self Support Tool 2008-10-26 21:41 --------- d-----w c:\program files\Microsoft Works 2008-10-26 21:41 --------- d-----w c:\program files\Microsoft ActiveSync 2008-10-26 21:41 --------- d-----w c:\program files\McAfee 2008-10-26 21:41 --------- d-----w c:\program files\Logitech 2008-10-26 21:41 --------- d-----w c:\program files\Java 2008-10-26 21:40 --------- d-----w c:\program files\Common Files\AOL 2008-10-26 21:40 --------- d-----w c:\program files\Common Files\Adobe 2008-10-26 21:40 --------- d-----w c:\program files\Canon 2008-10-26 02:03 --------- d-----w c:\documents and settings\JAN3TT\Application Data\LimeWire 2008-10-24 18:14 --------- d-----w c:\documents and settings\JAN3TT\Application Data\Yahoo! 2008-10-24 02:34 3,888 ----a-w c:\documents and settings\JAN3TT\Application Data\wklnhst.dat 2008-10-10 03:08 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-01-18 21:07 7,532 -c--a-w c:\documents and settings\Flakko\Application Data\wklnhst.dat 2006-06-04 03:46 272 -c--a-w c:\documents and settings\Guest\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="1" [X] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-07-26 405583] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "MSACM.CEGSM"= mobilev.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mr97310v.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=c:\windows\pss\BigFix.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2005-09-18 08:32 7204864 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2005-09-18 08:32 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a--c--- 2002-09-13 22:42 212992 c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] --a--c--- 2005-02-25 17:24 966656 c:\windows\creator\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a--c--- 2005-09-14 11:38 69632 c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] --a--c--- 2004-12-08 17:57 550912 c:\windows\zHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --a------ 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2005-09-18 08:32 1519616 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a--c--- 2005-09-14 11:38 14820864 c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PrismXL"=2 (0x2) "ose"=3 (0x3) "MskService"=2 (0x2) "MpfService"=2 (0x2) "mcupdmgr.exe"=3 (0x3) "McTskshd.exe"=2 (0x2) "McShield"=2 (0x2) "McDetect.exe"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) "AOL ACS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2004-05-07 164256] R1 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2008-10-25 8560] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S0 bejm;bejm;c:\windows\system32\drivers\Ilfo.sys [ ] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [ ] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [ ] S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [ ] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50020e81-926d-11da-94a8-806d6172696f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1126662-a79e-11dc-9959-00161731e62f}] \Shell\AutoRun\command - F:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] 2008-10-23 c:\windows\Tasks\ErrorSmart Scheduled Scan.job - c:\program files\ErrorSmart\ErrorSmart.exe [] 2008-10-23 c:\windows\Tasks\ErrorSmart Scheduled Scan.job - c:\program files\ErrorSmart [] 2008-11-04 c:\windows\Tasks\{9E0B783F-6B05-48EB-8244-6D59A5F92893}_ZUNIGA_Owner.job - c:\windows\system32\mobsync.exe [2008-04-13 16:12] 2008-10-24 c:\windows\Tasks\{EED0D698-B732-496E-A471-304295089182}_ZUNIGA_Owner.job - c:\windows\system32\mobsync.exe [2008-04-13 16:12] . - - - - ORPHANS REMOVED - - - - HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe HKCU-Run-Power2GoExpress - (no file) HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe HKLM-Run-TosGbWatcher - c:\program files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe HKLM-Run-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe HKLM-Run-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe HKLM-Run-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe SafeBoot-acup.sys MSConfigStartUp-AOL Fast Start - c:\program files\America Online 9.0\AOL.EXE MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1138722192\EE\AOLHostManager.exe MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe MSConfigStartUp-McafWelcome - c:\progra~1\mcafee.com\agent\mcwelcom.exe MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe MSConfigStartUp-MSKDetectorExe - c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe MSConfigStartUp-readericon - c:\program files\Digital Media Reader\readericon45G.exe MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms} R0 -: HKLM-Main,Start Page = hxxp://www.google.com R0 -: HKLM-Main,Search Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: Photobucket Publisher - hxxp://s59.photobucket.com/csve/ie_plugin.php c:\windows\Downloaded Program Files\OSDE2C.OSD c:\windows\Downloaded Program Files\flixctrl.dll O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf c:\windows\Downloaded Program Files\OberonGameHost.dll O16 -: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab c:\windows\Downloaded Program Files\imikimi_cab.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-04 10:12:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\corel\Graphics8\Programs\MFIndexer.exe c:\program files\Logitech\Video\FxSvr2.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\Internet Explorer\iexplore.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2008-11-04 10:25:39 - machine was rebooted [JAN3TT] ComboFix-quarantined-files.txt 2008-11-04 18:25:34 Pre-Run: 54,510,985,216 bytes free Post-Run: 77,965,950,976 bytes free 286 --- E O F --- 2008-10-26 22:40:10 |
|
|
|
|
Nov 4 2008, 12:29 PM
Post
#15
|
|
|
Member Posts: 62 From: Colton OS: Windows xp |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:12 AM, on 11/4/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Corel\Graphics8\Programs\MFIndexer.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 - DPF: Photobucket Publisher - http://s59.photobucket.com/csve/ie_plugin.php O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing) O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing) -- End of file - 5434 bytes |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
 |
1 / 281 | 13th June 2005 - 05:46 AM Mystiky started - last by Mystiky |
||||
|
9 / 792 | 26th December 2008 - 07:30 PM krankenstein started - last by greyknight17 |
|||||
 |
16 / 401 | 3rd May 2009 - 11:29 AM awakenedsleepingbeauty started - last by Rorschach112 |
|||||
|
2 / 229 | 7th June 2009 - 12:33 PM Aloysius_Jr started - last by skate_punk_21 |
|||||
|
Time is now: 21st November 2009 - 06:14 AM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising