|
| |||||||
| Computer Juice raffle - Win PC hardware of your choice worth £500 / €680 / $1000 - Enter HERE! |
| |
Computer Juice - Forums - message alerts spyware |
 |
| | Thread Tools |
|
#1
13-04-2008, 01:20 PM
| ||||
| ||||
 message alerts spywareInurgently need help here ,my pc keep bringing up these messages i recently did alot of Hijack this scans for malware with help from this forum,all was well till 2-3 days ago. In bottom left corner of pc the shiled icon with the blues question mark its says in the balloon system alert.sytem has detected a number of actice spyware applications that may impact the performance of your computer.Click the icon to get rid of unwanted spyware by downloanding an up -to-date antispyware solution. If i click on the ballon a window opens for "Virus Heat anti-spyware protection" Is this reliable should i do the free scan or download? Also there was an internet explorer Alert saying pc is infected with adware or spyware that displays advertisements while browsing the internet would i like to download additional software to remove malware. Also i was runnig a scan earlier today using avast anti virus and when i cam back to my pc it had prnographic images on the screen. I have young children that use the pc for school but i have asked them not to use pc till this is sorted out. Thanks any hep would be greatly appreciated.       |
| |
|
#2
13-04-2008, 02:02 PM
| ||||
| ||||
message alerts spywareGo <Link hidden. Register for free to see this link!> and run the Superantispyware, Malwarebytes and Hijackthis scans. Post the logs when complete.
__________________ .  Never argue with an idiot. They'll bring you down to their level, then beat you with experience. . . |
|
#3
14-04-2008, 07:30 PM
| ||||
| ||||
message alerts spywareheres tthe log for the superantiSpyware scan SUPERAntiSpyware Scan Log <Link hidden. Register for free to see this link!> Generated 04/14/2008 at 05:50 PM Application Version : 4.0.1154 Core Rules Database Version : 3437 Trace Rules Database Version: 1429 Scan type : Complete Scan Total Scan Time : 00:29:27 Memory items scanned : 604 Memory threats detected : 3 Registry items scanned : 4738 Registry threats detected : 36 File items scanned : 65417 File threats detected : 102 Trojan.FakeAlert-Gen/Variant C:\WINDOWS\SYSTEM32\RKVDR.DLL C:\WINDOWS\SYSTEM32\RKVDR.DLL Trojan.Media-Codec/V5 C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE C:\PROGRAM FILES\NETPROJECT\SBSM.EXE C:\PROGRAM FILES\NETPROJECT\SBSM.EXE [start] C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE C:\Program Files\NetProject HKU\S-1-5-21-457436756-1333367681-2824026873-1006\Software\NetProject HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Service#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Service#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing#UninstallString Trojan.Smitfraud Variant HKLM\Software\Classes\CLSID\{65bbf06c-ea06-4818-92a3-f3550d0e1004} HKCR\CLSID\{65BBF06C-EA06-4818-92A3-F3550D0E1004} HKCR\CLSID\{65BBF06C-EA06-4818-92A3-F3550D0E1004}\InProcServer32 HKCR\CLSID\{65BBF06C-EA06-4818-92A3-F3550D0E1004}\InProcServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler#{65bbf06c-ea06-4818-92a3-f3550d0e1004} Trojan.Media-Codec/V4 HKLM\Software\Classes\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88} HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88} HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}#xxx HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}\InprocServer32 HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}\InprocServer32#ThreadingModel C:\PROGRAM FILES\NETPROJECT\SBMDL.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\explorer\run#some [ C:\Program Files\NetProject\scit.exe ] HKCR\videoPl.chl HKCR\videoPl.chl\CLSID Trojan.Smitfraud Variant/IE Anti-Spyware HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} Adware.Tracking Cookie C:\Documents and Settings\Nazia\Cookies\nazia@scan.malwarrior[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.antispyshield[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@rdr.hitmngr[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@doubleclick[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@ads.pointroll[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@questionmarket[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@antispywaremaster[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@tribalfusion[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@mediaplex[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@bluestreak[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@sale.antispywaremaste r[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.winspykiller[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.virusheat[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@antispykit[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@serving-sys[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.malwarecore[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.virusranger[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@atdmt[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.antispykit[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@bs.serving-sys[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@virusranger[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@msnportal.112.2o7[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@adopt.euroclick[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@advancedcleaner[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@ad.yieldmanager[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@ad.zanox[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@adrevolver[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@adrevolver[3].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@advertising[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@anad.tacoda[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@atdmt[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@bs.serving-sys[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@burstnet[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@casalemedia[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@cz7.clickzs[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@e-2dj6wjl4cpcpceo.stats.esomniture[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@fastclick[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@gtmedia.us.intellit xt[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@kontera[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@media.adrevolver[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@mediaplex[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@msnaccountservices. 112.2o7[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@msnportal.112.2o7[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@mywebsearch[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@paypal.112.2o7[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@revsci[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@serving-sys[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@tacoda[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@te.kontera[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@www.burstbeacon[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@www.burstnet[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@www.topsexywomen[1].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@atdmt[2].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@doubleclick[1].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@ehg-autotrader.hitbox[1].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@hitbox[2].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@msnportal.112.2o7[1].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@server.iad.liveperson[2].txt Malware.SpyLocked HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Windows Safety Alert HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Windows Safety Alert#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Windows Safety Alert#UninstallString Rogue.VirusHeat HKLM\Software\VirusHeat 4.3 HKLM\Software\VirusHeat 4.3#refid HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#NSIS:StartMenuDir HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#URLInfoAbout HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#Publisher C:\Program Files\VirusHeat 4.3\blacklist.txt C:\Program Files\VirusHeat 4.3\Lang\English.ini C:\Program Files\VirusHeat 4.3\Lang C:\Program Files\VirusHeat 4.3\Logs C:\Program Files\VirusHeat 4.3\msvcp71.dll C:\Program Files\VirusHeat 4.3\Quarantine C:\Program Files\VirusHeat 4.3\uninst.exe C:\Program Files\VirusHeat 4.3\vht.dat C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.url C:\Program Files\VirusHeat 4.3 C:\Documents and Settings\Nazia\Start Menu\Programs\VirusHeat 4.3\Uninstall VirusHeat 4.3.lnk C:\Documents and Settings\Nazia\Start Menu\Programs\VirusHeat 4.3\VirusHeat 4.3 Website.lnk C:\Documents and Settings\Nazia\Start Menu\Programs\VirusHeat 4.3\VirusHeat 4.3.lnk C:\Documents and Settings\Nazia\Start Menu\Programs\VirusHeat 4.3 Rogue.NetProject-Installer C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP182\A0036890.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP182\A0036910.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP182\A0036931.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP183\A0037011.EXE Trojan.Unclassified-Packed/Suspicious C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP183\A0036998.DLL Trace.Known Threat Sources C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\btn_uci_yes[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\footer_gray_bg[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\topframe_bg[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\zango_logo[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\CAMBC963.php C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\minify[1].php C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\zango_bg[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\topframe_close_btn[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\Maria_Sharapova_Bikini_ Shoot_medium[1].png C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\btn_uci_no[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\EulaGateway[1].htm C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\lc[1].js C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\CAO1MN4L.htm C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\DetectEnvironment[1].js C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\index[1].htm C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\seekmo_logo[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\contentAccess_eula_top[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\Maria_Sharapova_Bikini_ Shoot[1].jpg C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\ncp[1].css C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\minify[2].php Will end copy and paste next log soon. |
|
#4
14-04-2008, 08:41 PM
| ||||
| ||||
message alerts spywareHere is the log for the Malwarebytes Anti Malware SUPERAntiSpyware Scan Log <Link hidden. Register for free to see this link!> Generated 04/14/2008 at 05:50 PM Application Version : 4.0.1154 Core Rules Database Version : 3437 Trace Rules Database Version: 1429 Scan type : Complete Scan Total Scan Time : 00:29:27 Memory items scanned : 604 Memory threats detected : 3 Registry items scanned : 4738 Registry threats detected : 36 File items scanned : 65417 File threats detected : 102 Trojan.FakeAlert-Gen/Variant C:\WINDOWS\SYSTEM32\RKVDR.DLL C:\WINDOWS\SYSTEM32\RKVDR.DLL Trojan.Media-Codec/V5 C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE C:\PROGRAM FILES\NETPROJECT\SBSM.EXE C:\PROGRAM FILES\NETPROJECT\SBSM.EXE [start] C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE C:\Program Files\NetProject HKU\S-1-5-21-457436756-1333367681-2824026873-1006\Software\NetProject HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Service#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Service#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing#UninstallString Trojan.Smitfraud Variant HKLM\Software\Classes\CLSID\{65bbf06c-ea06-4818-92a3-f3550d0e1004} HKCR\CLSID\{65BBF06C-EA06-4818-92A3-F3550D0E1004} HKCR\CLSID\{65BBF06C-EA06-4818-92A3-F3550D0E1004}\InProcServer32 HKCR\CLSID\{65BBF06C-EA06-4818-92A3-F3550D0E1004}\InProcServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler#{65bbf06c-ea06-4818-92a3-f3550d0e1004} Trojan.Media-Codec/V4 HKLM\Software\Classes\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88} HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88} HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}#xxx HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}\InprocServer32 HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}\InprocServer32#ThreadingModel C:\PROGRAM FILES\NETPROJECT\SBMDL.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\explorer\run#some [ C:\Program Files\NetProject\scit.exe ] HKCR\videoPl.chl HKCR\videoPl.chl\CLSID Trojan.Smitfraud Variant/IE Anti-Spyware HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} Adware.Tracking Cookie C:\Documents and Settings\Nazia\Cookies\nazia@scan.malwarrior[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.antispyshield[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@rdr.hitmngr[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@doubleclick[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@ads.pointroll[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@questionmarket[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@antispywaremaster[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@tribalfusion[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@mediaplex[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@bluestreak[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@sale.antispywaremaste r[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.winspykiller[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.virusheat[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@antispykit[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@serving-sys[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.malwarecore[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.virusranger[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@atdmt[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@www.antispykit[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@bs.serving-sys[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@virusranger[2].txt C:\Documents and Settings\Nazia\Cookies\nazia@msnportal.112.2o7[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@adopt.euroclick[1].txt C:\Documents and Settings\Nazia\Cookies\nazia@advancedcleaner[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@ad.yieldmanager[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@ad.zanox[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@adrevolver[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@adrevolver[3].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@advertising[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@anad.tacoda[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@atdmt[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@bs.serving-sys[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@burstnet[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@casalemedia[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@cz7.clickzs[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@e-2dj6wjl4cpcpceo.stats.esomniture[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@fastclick[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@gtmedia.us.intellit xt[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@kontera[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@media.adrevolver[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@mediaplex[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@msnaccountservices. 112.2o7[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@msnportal.112.2o7[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@mywebsearch[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@paypal.112.2o7[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@revsci[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@serving-sys[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@tacoda[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@te.kontera[2].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@www.burstbeacon[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@www.burstnet[1].txt C:\Documents and Settings\Nadeem\Cookies\nadeem@www.topsexywomen[1].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@atdmt[2].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@doubleclick[1].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@ehg-autotrader.hitbox[1].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@hitbox[2].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@msnportal.112.2o7[1].txt C:\Documents and Settings\Nadeem\Local Settings\Temp\Cookies\nadeem@server.iad.liveperson[2].txt Malware.SpyLocked HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Windows Safety Alert HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Windows Safety Alert#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Windows Safety Alert#UninstallString Rogue.VirusHeat HKLM\Software\VirusHeat 4.3 HKLM\Software\VirusHeat 4.3#refid HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#NSIS:StartMenuDir HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#URLInfoAbout HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\VirusHeat 4.3#Publisher C:\Program Files\VirusHeat 4.3\blacklist.txt C:\Program Files\VirusHeat 4.3\Lang\English.ini C:\Program Files\VirusHeat 4.3\Lang C:\Program Files\VirusHeat 4.3\Logs C:\Program Files\VirusHeat 4.3\msvcp71.dll C:\Program Files\VirusHeat 4.3\Quarantine C:\Program Files\VirusHeat 4.3\uninst.exe C:\Program Files\VirusHeat 4.3\vht.dat C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.url C:\Program Files\VirusHeat 4.3 C:\Documents and Settings\Nazia\Start Menu\Programs\VirusHeat 4.3\Uninstall VirusHeat 4.3.lnk C:\Documents and Settings\Nazia\Start Menu\Programs\VirusHeat 4.3\VirusHeat 4.3 Website.lnk C:\Documents and Settings\Nazia\Start Menu\Programs\VirusHeat 4.3\VirusHeat 4.3.lnk C:\Documents and Settings\Nazia\Start Menu\Programs\VirusHeat 4.3 Rogue.NetProject-Installer C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP182\A0036890.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP182\A0036910.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP182\A0036931.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP183\A0037011.EXE Trojan.Unclassified-Packed/Suspicious C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP183\A0036998.DLL Trace.Known Threat Sources C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\btn_uci_yes[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\footer_gray_bg[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\topframe_bg[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\zango_logo[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\CAMBC963.php C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\minify[1].php C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\zango_bg[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\topframe_close_btn[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\Maria_Sharapova_Bikini_ Shoot_medium[1].png C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\btn_uci_no[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\EulaGateway[1].htm C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\lc[1].js C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\CAO1MN4L.htm C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\DetectEnvironment[1].js C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\index[1].htm C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\seekmo_logo[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\contentAccess_eula_top[1].gif C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\Maria_Sharapova_Bikini_ Shoot[1].jpg C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\ncp[1].css C:\Documents and Settings\Nadeem\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\minify[2].php |
|
#5
14-04-2008, 08:55 PM
| ||||
| ||||
message alerts spywareThat was another Superantispyware log. Open Malwarebytes and click the logs tab to open the log and post it. Then post a fresh Hijackthis log.
__________________ . Never argue with an idiot. They'll bring you down to their level, then beat you with experience. . . |
|
#6
15-04-2008, 04:09 PM
| ||||
| ||||
message alerts spywareRegistry Malwarebytes' Anti-Malware 1.07 Database version: 461 Scan type: Full Scan (C:\|D:\|) Objects scanned: 107855 Time elapsed: 22 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 10 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 66 Files Infected: 127 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\program files\msn messenger\msimg32.dll (Adware.MyWebSearch) -> Unloaded module successfully. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully. C:\Program Files\Starware316 (Adware.Starware) -> Quarantined and deleted successfully. C:\Program Files\Starware316\bin (Adware.Starware) -> Quarantined and deleted successfully. C:\Program Files\Starware316\icons (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\contexts (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\Games (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\images (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\Movies (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\Games\images (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\im ages (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\im ages\active (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\im ages\default (Adware.Starware) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\bin (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\Ready (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\temp (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\Upload (Adware.Comet) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Configurator (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Games (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Layouts (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Manager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Movies (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Reference (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Screensavers (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Toolbar (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Weather (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Configurator (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Games (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Layouts (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Manager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Movies (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Reference (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Screensavers (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Toolbar (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Weather (Adware.Starware) -> Quarantined and deleted successfully. Files Infected: c:\program files\msn messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully. C:\Program Files\Starware316\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Program Files\Starware316\Starware316Config.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Program Files\Starware316\Starware316Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully. C:\Program Files\Starware316\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Error.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\images\clear.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\images\foggy.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\images\nclear.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\images\nfoggy.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\images\nmcloud.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\images\npcloud.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\images\nrain.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\images\pcloud.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\im ages\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConf ig.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConf ig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.x ml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.x ml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.x ml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.x ml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\bin\iebyterange.xml (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\bin\iebyterange.xml .backup (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.b ackup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Configurator\Configurator.xml.bac kup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xm l (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xm l.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Layouts\PitchLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Layouts\PitchLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Layouts\WeatherLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Layouts\WeatherLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Reference\ReferenceOptions.xml.ba ckup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\RelatedSearch\RelatedSearchOption s.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\RelatedSearch\RelatedSearchOption s.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Screensavers\ScreensaversOptions. xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Screensavers\ScreensaversOptions. xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\SearchAssistPlus\SearchAssistPlus Options.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\SearchAssistPlus\SearchAssistPlus Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\SearchMatch\SearchMatchOptions.xm l (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\SearchMatch\SearchMatchOptions.xm l.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Toolbar\TBProductsOptions.xml.bac kup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xm l (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xm l.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ToolbarSearch\ToolbarSearchOption s.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\ToolbarSearch\ToolbarSearchOption s.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\TravelSearch\TravelSearchOptions. xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\TravelSearch\TravelSearchOptions. xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Starware316\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.b ackup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Configurator\Configurator.xml.bac kup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xm l (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xm l.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Reference\ReferenceOptions.xml.ba ckup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\RelatedSearch\RelatedSearchOption s.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\RelatedSearch\RelatedSearchOption s.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Screensavers\ScreensaversOptions. xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Screensavers\ScreensaversOptions. xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\SearchAssistPlus\SearchAssistPlus Options.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\SearchAssistPlus\SearchAssistPlus Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\SearchMatch\SearchMatchOptions.xm l (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\SearchMatch\SearchMatchOptions.xm l.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Toolbar\TBProductsOptions.xml.bac kup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xm l (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xm l.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ToolbarSearch\ToolbarSearchOption s.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\ToolbarSearch\ToolbarSearchOption s.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\TravelSearch\TravelSearchOptions. xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\TravelSearch\TravelSearchOptions. xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Nadeem\Application Data\Starware316\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. |
|
#7
15-04-2008, 04:10 PM
| ||||
| ||||
message alerts spywareMalwarebytes' Anti-Malware 1.11 Database version: 627 Scan type: Full Scan (C:\|D:\|E:\|F:\|) Objects scanned: 95476 Time elapsed: 15 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\215651 (Trojan.BHO) -> Quarantined and deleted successfully. Files Infected: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP184\A0037046.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Start Menu\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Desktop\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully. C:\Documents and Settings\Nazia\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully. Hope i got it right this time! |
|
#8
15-04-2008, 04:11 PM
| ||||
| ||||
message alerts spywareLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:14:53, on 15/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DE.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\AOL 9.0\aoltray.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <Link hidden. Register for free to see this link!> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <Link hidden. Register for free to see this link!> R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = <Link hidden. Register for free to see this link!> R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = <Link hidden. Register for free to see this link!> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\s wg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DE.EXE /P26 "EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - <Link hidden. Register for free to see this link!> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - <Link hidden. Register for free to see this link!> O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe -- End of file - 12029 bytes |
