Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

Win32.Agent.Gvu help needed

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 26th March 2008   #1
Inactive
 
Profile:
Join Date: Mar 2008
Posts: 1
Computer Experience:
Beginner
Platnex Reputation Level
Win32.Agent.Gvu help needed
I ran spybot and got the above virus pop up my computer, even though I tried to remove it it didnt delete.

here is the Dss log

Deckard's System Scanner v20071014.68
Run by Justin on 2008-03-26 15:32:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2008-03-26 15:32:27 UTC - RP126 - Deckard's System Scanner Restore Point
28: 2008-03-25 02:06:32 UTC - RP125 - System Checkpoint
27: 2008-03-22 21:03:52 UTC - RP124 - System Checkpoint
26: 2008-03-21 20:01:42 UTC - RP123 - System Checkpoint
25: 2008-03-20 11:18:49 UTC - RP122 - Before Alto


-- First Restore Point --
1: 2008-02-17 19:32:09 UTC - RP98 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-26 15:34:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\DOCUME~1\JUSTIN~1.COM\LOCALS~1\Temp\Rar$EX00.375\fanspeedNT.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\RedLine\taskbar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\RedLine\GameUtil.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Justin.COMPANY-0247C64\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.knights-templar-guild.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9A1EF21C-B0D4-4EB0-894F-CBAE2F4D0A82} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RedLine Taskbar] C:\Program Files\RedLine\Taskbar.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7982] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3303] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9924] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5192] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5341] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9067] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4978] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4482] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9581] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8146] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB5073] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3271] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3476] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9025] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3479] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1646] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9548] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4829] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8286] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7311] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: gameutil.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://mail.google.com (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} () - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Regi...18/flashax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FanSpeedNT Service - Unknown owner - C:\DOCUME~1\JUSTIN~1.COM\LOCALS~1\Temp\Rar$EX00.375\fanspeedNT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe


--
End of file - 10739 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 fspio - c:\windows\system32\drivers\fspio.sys
R3 Probe - c:\windows\system32\drivers\probe.sys <Not Verified; Byron Montgomerie; Probe>

S1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 FanSpeedNT Service - "c:\docume~1\justin~1.com\locals~1\temp\rar$ex00.375\fanspeednt.exe" (file missing)

S3 SandraDataSrv (SiSoftware Database Agent Service) - c:\program files\sisoftware\sisoftware sandra lite xi.sp4a\win32\rpcdatasrv.exe (file missing)
S3 SandraTheSrv (SiSoftware Sandra Agent Service) - c:\program files\sisoftware\sisoftware sandra lite xi.sp4a\rpcsandrasrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-18 07:25:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-26 and 2008-03-26 -----------------------------

2008-03-26 15:08:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-03-26 12:21:52 0 d-------- C:\Logs
2008-03-24 01:17:01 0 d-------- C:\Poker
2008-03-20 11:19:48 0 d-------- C:\Program Files\AltoMP3 Gold
2008-03-20 08:03:05 286720 --a------ C:\WINDOWS\iun503.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2008-03-20 08:01:32 0 d-------- C:\Program Files\Virtua Fighter 2
2008-03-18 19:04:07 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\dvdcss
2008-03-18 10:05:19 0 d-------- C:\Program Files\Songs
2008-03-17 14:19:14 0 d-------- C:\Program Files\Counter-Strike Source
2008-03-11 04:35:04 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\mIRC
2008-03-11 04:35:03 0 d-------- C:\Program Files\mIRC
2008-03-11 01:44:45 0 d-------- C:\Program Files\PartyGaming
2008-03-10 01:48:42 0 d-------- C:\Program Files\Cedelia
2008-03-06 16:08:12 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Camfrog
2008-03-06 16:07:37 0 d-------- C:\Program Files\Camfrog
2008-03-04 15:20:14 0 d-------- C:\Fraps
2008-03-04 06:41:09 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Apple Computer
2008-03-04 06:40:47 0 d-------- C:\Program Files\iPod
2008-03-04 06:40:40 0 d-------- C:\Program Files\iTunes
2008-03-04 06:40:24 0 d-------- C:\Program Files\Bonjour
2008-03-04 06:39:38 0 d-------- C:\Program Files\QuickTime
2008-03-04 06:39:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-03-04 06:39:18 0 d-------- C:\Program Files\Apple Software Update
2008-03-04 06:38:37 0 d-------- C:\Program Files\Common Files\Apple
2008-03-04 06:38:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-03-03 01:42:18 0 d-------- C:\Program Files\PokerStars
2008-03-02 16:06:20 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Media Player Classic
2008-03-02 15:40:32 0 d-------- C:\Program Files\StepMania
2008-03-02 03:25:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MGS
2008-03-02 03:25:08 0 d-------- C:\MicroGaming
2008-02-29 11:50:42 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\skypePM
2008-02-29 11:50:42 32 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-02-29 11:49:28 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Skype
2008-02-29 11:49:21 0 d-------- C:\Program Files\Skype
2008-02-29 11:49:21 0 d-------- C:\Program Files\Common Files\Skype
2008-02-29 11:48:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-02-29 11:21:39 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Xfire
2008-02-29 08:48:37 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Xfire
2008-02-29 08:48:35 0 d-------- C:\Program Files\Xfire


-- Find3M Report ---------------------------------------------------------------

2008-03-20 10:09:01 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\AVG7
2008-03-17 14:19:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-04 06:38:37 0 d-------- C:\Program Files\Common Files
2008-02-28 14:30:53 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Real
2008-02-24 19:42:53 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Ventrilo
2008-02-24 19:42:10 0 d-------- C:\Program Files\Ventrilo
2008-02-24 19:41:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 06:10:24 0 d-------- C:\Program Files\Windows Live
2008-02-22 14:20:59 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-22 14:07:35 0 d-------- C:\Program Files\DivX
2008-02-22 11:04:16 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment.temp
2008-02-22 10:51:27 0 d-------- C:\Program Files\Netopia
2008-02-21 13:49:38 0 d-------- C:\Program Files\FlashFXP
2008-02-21 09:07:32 0 d-------- C:\Program Files\ASUS
2008-02-17 20:20:46 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\OtakuSoftware
2008-02-17 16:12:26 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\.purple
2008-02-17 16:08:47 0 d-------- C:\Program Files\Common Files\GTK
2008-02-17 15:54:43 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-17 01:57:06 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\FlashFXP
2008-02-16 16:48:46 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\OpenOffice.org2
2008-02-09 02:39:15 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Microgaming
2008-01-28 21:31:22 4096 --a------ C:\WINDOWS\system32\crash


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A1EF21C-B0D4-4EB0-894F-CBAE2F4D0A82}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 11:35]
"RedLine Taskbar"="C:\Program Files\RedLine\Taskbar.exe" [09/02/2003 16:56]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [28/12/2007 20:07]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [31/01/2008 23:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB5073"=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest"
"SpybotDeletingD3271"=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest"
"SpybotDeletingB3476"=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js"
"SpybotDeletingD9025"=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js"
"SpybotDeletingB3479"=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf"
"SpybotDeletingD1646"=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf"
"SpybotDeletingB9548"=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc"
"SpybotDeletingD4829"=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc"
"SpybotDeletingB8286"=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt"
"SpybotDeletingD7311"=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA7982"=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest"
"SpybotDeletingC3303"=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest"
"SpybotDeletingA9924"=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js"
"SpybotDeletingC5192"=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js"
"SpybotDeletingA5341"=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf"
"SpybotDeletingC9067"=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf"
"SpybotDeletingA4978"=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc"
"SpybotDeletingC4482"=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc"
"SpybotDeletingA9581"=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt"
"SpybotDeletingC8146"=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt"

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
gameutil.exe.lnk - C:\Program Files\redline\gameutil.exe [10/07/2003 14:04:14]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawser vice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\Name]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\Name- Commandos Antologia]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\_Autorun\DefaultIcon]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\_Autorun\DefaultIcon- E:\commandos.ico]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\_Autorun\DefaultLabel]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\_Autorun\DefaultLabel- Commandos Antologia]




-- Hosts -----------------------------------------------------------------------

127.0.0.1 mpa.one.microsoft.com


-- End of Deckard's System Scanner: finished at 2008-03-26 15:35:23 ------------
Platnex is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 27th March 2008   #2
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Welcome to WindowsBBS Platnex

If you have not already rebooted the machine since running Spybot, please do so now. Then run anothe scan and let me know what, if anything, it finds. Please give exact details, eg; filename and path, registry path, etc.

Then, please create a new Deckards log and post it here.
noahdfear is offline   Reply With Quote
Reply

« Unknown Trojan attacking computer--please help! | Worm.Win32.NetSky »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
When are these files needed Sportsaholic Windows 95/98/Me/NT 2 16th May 2007 20:41
how to ID which drivers are needed on a Compaq 5008CA rebecca Hardware 6 30th November 2005 19:03
Windows won't startup. [load needed DLLs for kernel] supafry Windows XP 21 3rd August 2005 12:13
Advice needed on repair of XP r.leale Windows XP 2 13th October 2003 00:33
Urgent help needed to recover windows98 Lim Gim Leong Windows 95/98/Me/NT 8 3rd March 2003 07:30


All times are GMT +1. The time now is 04:08.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32