Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware infection-HELP!


  • Please log in to reply

#1
dalejrfan5874

dalejrfan5874

    New Member

  • Member
  • Pip
  • 5 posts
When I go into Add/Remove programs, my remove buttons are gone. When I try to uninstall a program from the program files, I get an error. My antivirus gets an error when updating. I use AVG. System is running slow. Please see my logs below. :)

Malwarebytes' Anti-Malware 1.11
Database version: 717

Scan type: Quick Scan
Objects scanned: 34260
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





SUPERAntiSpyware Scan Log
Generated 05/05/2008 at 05:51 AM

Application Version : 3.6.1000

Core Rules Database Version : 3452
Trace Rules Database Version: 1444

Scan type : Complete Scan
Total Scan Time : 01:55:53

Memory items scanned : 559
Memory threats detected : 0
Registry items scanned : 7004
Registry threats detected : 0
File items scanned : 157116
File threats detected : 17

Adware.Tracking Cookie
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][3].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt




Panda Active Scan
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-05-06 23:21:59
PROTECTIONS: 1
MALWARE: 35
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][8].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP232\A0025957.exe[smitRem/Process.exe]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][5].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][3].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected]e[2].txt.msd
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][4].txt.msd
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][4].txt.msd
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][8].txt.msd
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][5].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][3].txt
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location ?
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description ?
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:33 AM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\hzrTray.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\hzrController.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\hzrService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\1197692180\ee\aolsoftware.exe
c:\program files\common files\aol\1197692180\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1197692180\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071212
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://middlegeorgia.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071212
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Hazard Shield] C:\WINDOWS\system32\hzrTray.exe
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,[email protected]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://www.bestmark....ort/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1197693557968
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinn...h/dinerdash.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: HazardShield - Unknown owner - C:\WINDOWS\system32\hzrController.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12702 bytes




Uninstall List

AI RoboForm (All Users)
Baseball Mogul 2007
Easy Uninstaller
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.0 Service Pack 1
Panda ActiveScan 2.0
SUPERAntiSpyware Free Edition
Update for Windows XP (KB920342)
Windows Presentation Foundation

Edited by dalejrfan5874, 07 May 2008 - 06:12 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP