Ok Recently I've been getting randomly logged off my e-mail an my World of Warcraft account has been hacked twice. I'm guessing I have a key logger... fun. I did a few scans an I was able to resolve almost all of the found problems except for my last.
I used Symantic Security check an had a small list of problems, after cleaning up a bit I rescanned an got this.
C:\Windows\System32\net.net is infected with Trojan.Adclicker
C:\Users\Daniel\AppData\Local\VirtualStore\Windows\System32\net.net is infected with Trojan.Adclicker
I am able to follow either of the problems for a lil bit into my computer files. On the first I get as far as C:\Windows\System32 an then nothing, second I get to C:\Users\Daniel\AppData\Local an then nothing. [Aka No items match your search.] I can delete the whole file but I didn't know if that would cause problems or if this was a file require on my computer. There is another file C:\Windows\twain_32 if that has any relation to the problem.
I also Have SpyBot (Search an Destroy) On my computer. I did a scan there an fixed some more problems but I was left with 71 problems in my Registry.
--- Search result list ---
Zango: [SBI $EC65F658] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDic
Zango: [SBI $EC65F658] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDic.1
Zango: [SBI $EC65F658] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDic.1
Zango: [SBI $EC65F658] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDic
Zango: [SBI $F6958EFF] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDisp
Zango: [SBI $F6958EFF] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDisp.1
Zango: [SBI $F6958EFF] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDisp.1
Zango: [SBI $F6958EFF] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDisp
Zango: [SBI $D6578954] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.HtmlMenuUI
Zango: [SBI $D6578954] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.HtmlMenuUI.1
Zango: [SBI $D6578954] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.HtmlMenuUI.1
Zango: [SBI $D6578954] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.HtmlMenuUI
Zango: [SBI $97CF1A76] Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim
Zango.WeatherDPA: [SBI $5306C64A] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeatherDPA.WeatherController
Zango.WeatherDPA: [SBI $5306C64A] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeatherDPA.WeatherController.1
Zango.WeatherDPA: [SBI $5306C64A] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeatherDPA.WeatherController.1
Zango.WeatherDPA: [SBI $5306C64A] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeatherDPA.WeatherController
Hotbar: [SBI $39AE85A0] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbCoreSrv.DynamicProp
Hotbar: [SBI $39AE85A0] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1
Hotbar: [SBI $39AE85A0] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1
Hotbar: [SBI $39AE85A0] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbCoreSrv.DynamicProp
Hotbar: [SBI $B62869CA] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wallpaper.WallpaperManager
Hotbar: [SBI $B62869CA] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wallpaper.WallpaperManager.1
Hotbar: [SBI $B62869CA] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wallpaper.WallpaperManager.1
Hotbar: [SBI $B62869CA] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wallpaper.WallpaperManager
Zango: [SBI $188DD5F3] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.CoreServices
Zango: [SBI $188DD5F3] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.CoreServices.1
Zango: [SBI $188DD5F3] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.CoreServices.1
Zango: [SBI $188DD5F3] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.CoreServices
Zango: [SBI $C44935D5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.LfgAx
Zango: [SBI $C44935D5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.LfgAx.1
Zango: [SBI $C44935D5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.LfgAx.1
Zango: [SBI $C44935D5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.LfgAx
Zango: [SBI $0B31E420] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.MailAnim
Zango: [SBI $0B31E420] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.MailAnim.1
Zango: [SBI $0B31E420] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.MailAnim.1
Zango: [SBI $0B31E420] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.MailAnim
Zango: [SBI $29DEC567] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hbr.HbMain
Zango: [SBI $29DEC567] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hbr.HbMain.1
Zango: [SBI $29DEC567] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hbr.HbMain.1
Zango: [SBI $29DEC567] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hbr.HbMain
Zango: [SBI $65E97118] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Srv.CoreServices
Zango: [SBI $65E97118] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Srv.CoreServices.1
Zango: [SBI $65E97118] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Srv.CoreServices.1
Zango: [SBI $65E97118] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Srv.CoreServices
Zango: [SBI $804BA76C] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.ToolbarCtl
Zango: [SBI $804BA76C] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.ToolbarCtl.1
Zango: [SBI $804BA76C] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.ToolbarCtl.1
Zango: [SBI $804BA76C] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.ToolbarCtl
Zango: [SBI $AF46ABDC] Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim
Zango: [SBI $5251BB5B] Interface (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\[email protected]
Zango: [SBI $F7DB92E5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.WebmailSend
Zango: [SBI $F7DB92E5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.WebmailSend.1
Zango: [SBI $F7DB92E5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.WebmailSend.1
Zango: [SBI $F7DB92E5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.WebmailSend
Zango: [SBI $4133524C] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostIE.Bho
Zango: [SBI $4133524C] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostIE.Bho.1
Zango: [SBI $4133524C] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostIE.Bho.1
Zango: [SBI $4133524C] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostIE.Bho
Zango: [SBI $95FFC26D] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZangoAX.ClientDetector
Zango: [SBI $95FFC26D] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZangoAX.ClientDetector.1
Zango: [SBI $95FFC26D] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZangoAX.ClientDetector.1
Zango: [SBI $95FFC26D] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZangoAX.ClientDetector
Zango: [SBI $B6761D1D] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HBMain.CommBand
Zango: [SBI $B6761D1D] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HBMain.CommBand.1
Zango: [SBI $B6761D1D] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HBMain.CommBand.1
Zango: [SBI $B6761D1D] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HBMain.CommBand
Zango: [SBI $5A6A2BC5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZangoAX.UserProfiles
Zango: [SBI $5A6A2BC5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZangoAX.UserProfiles.1
Zango: [SBI $5A6A2BC5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZangoAX.UserProfiles.1
Zango: [SBI $5A6A2BC5] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZangoAX.UserProfiles
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2010-06-22 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-16 Includes\Adware.sbi (*)
2010-06-16 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-06-15 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-06-15 Includes\HijackersC.sbi (*)
2010-06-02 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-06-15 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-06-15 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-06-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-06-15 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-16 Includes\Spyware.sbi (*)
2010-06-16 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-06-01 Includes\Trojans.sbi (*)
2010-06-08 Includes\TrojansC-02.sbi (*)
2010-06-15 Includes\TrojansC-03.sbi (*)
2010-06-15 Includes\TrojansC-04.sbi (*)
2010-06-15 Includes\TrojansC-05.sbi (*)
2010-06-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
Now I tried to have Spybot Fix thease but I get the message
[ This action may not be performed completely since you are not an adminisrator. If you want to perform this for all users, please run this application elevated as an administrator.]
Now that message struck me as odd because this is my personal Laptop, with only 2 user's one that I set up but have never used for guest's. There should be no reason for this profile not to have administrative power unless it is something that I need to manually turn on (I honestly do not know). I can Delete the guest profile if that would help, or I can go into the actual Registry Editor and Delete those files. Spybot gives me the option to see the corrupted/maleware files location but I was worried that in deleteing them from my registry that I might get rid of something that the computer needs to run. Sorry I know this is a large post but I'm in need of some advice. If at all possible please let me know if I can just delete the files in question C:\Windows\System32 an the Registry Keys. Thankyou for takeing the time to read this and I hope some1 understands what I wrote I tend to be confuseing.
EDIT For - Just checked my UAC [User Account Control] Is active, so I should be able to delete those files on spybot but I still cannot.
Edited by Danny1987, 22 June 2010 - 09:46 PM.