1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Win32.Agent.Gvu help needed

Discussion in 'Malware and Virus Removal Archive' started by Platnex, 2008/03/26.

  1. 2008/03/26
    Platnex

    Platnex Inactive Thread Starter

    Joined:
    2008/03/26
    Messages:
    1
    Likes Received:
    0
    I ran spybot and got the above virus pop up my computer, even though I tried to remove it it didnt delete.

    here is the Dss log

    Deckard's System Scanner v20071014.68
    Run by Justin on 2008-03-26 15:32:22
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    29: 2008-03-26 15:32:27 UTC - RP126 - Deckard's System Scanner Restore Point
    28: 2008-03-25 02:06:32 UTC - RP125 - System Checkpoint
    27: 2008-03-22 21:03:52 UTC - RP124 - System Checkpoint
    26: 2008-03-21 20:01:42 UTC - RP123 - System Checkpoint
    25: 2008-03-20 11:18:49 UTC - RP122 - Before Alto


    -- First Restore Point --
    1: 2008-02-17 19:32:09 UTC - RP98 - Software Distribution Service 3.0


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-03-26 15:34:13
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\DOCUME~1\JUSTIN~1.COM\LOCALS~1\Temp\Rar$EX00.375\fanspeedNT.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\RedLine\taskbar.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\RedLine\GameUtil.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Justin.COMPANY-0247C64\Desktop\dss.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.knights-templar-guild.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9A1EF21C-B0D4-4EB0-894F-CBAE2F4D0A82} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
    O4 - HKLM\..\Run: [RedLine Taskbar] C:\Program Files\RedLine\Taskbar.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7982] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest "
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3303] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest "
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9924] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js "
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5192] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js "
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5341] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf "
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9067] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf "
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4978] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc "
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4482] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc "
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9581] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt "
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8146] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt "
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5073] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest "
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3271] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest "
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3476] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js "
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9025] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js "
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3479] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf "
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1646] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf "
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9548] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc "
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4829] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc "
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8286] command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt "
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7311] cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt "
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: gameutil.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://mail.google.com (HKCU)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} () - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FanSpeedNT Service - Unknown owner - C:\DOCUME~1\JUSTIN~1.COM\LOCALS~1\Temp\Rar$EX00.375\fanspeedNT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe


    --
    End of file - 10739 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R3 fspio - c:\windows\system32\drivers\fspio.sys
    R3 Probe - c:\windows\system32\drivers\probe.sys <Not Verified; Byron Montgomerie; Probe>

    S1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
    S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
    R2 FanSpeedNT Service - "c:\docume~1\justin~1.com\locals~1\temp\rar$ex00.375\fanspeednt.exe" (file missing)

    S3 SandraDataSrv (SiSoftware Database Agent Service) - c:\program files\sisoftware\sisoftware sandra lite xi.sp4a\win32\rpcdatasrv.exe (file missing)
    S3 SandraTheSrv (SiSoftware Sandra Agent Service) - c:\program files\sisoftware\sisoftware sandra lite xi.sp4a\rpcsandrasrv.exe (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-03-18 07:25:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-02-26 and 2008-03-26 -----------------------------

    2008-03-26 15:08:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-03-26 12:21:52 0 d-------- C:\Logs
    2008-03-24 01:17:01 0 d-------- C:\Poker
    2008-03-20 11:19:48 0 d-------- C:\Program Files\AltoMP3 Gold
    2008-03-20 08:03:05 286720 --a------ C:\WINDOWS\iun503.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
    2008-03-20 08:01:32 0 d-------- C:\Program Files\Virtua Fighter 2
    2008-03-18 19:04:07 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\dvdcss
    2008-03-18 10:05:19 0 d-------- C:\Program Files\Songs
    2008-03-17 14:19:14 0 d-------- C:\Program Files\Counter-Strike Source
    2008-03-11 04:35:04 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\mIRC
    2008-03-11 04:35:03 0 d-------- C:\Program Files\mIRC
    2008-03-11 01:44:45 0 d-------- C:\Program Files\PartyGaming
    2008-03-10 01:48:42 0 d-------- C:\Program Files\Cedelia
    2008-03-06 16:08:12 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Camfrog
    2008-03-06 16:07:37 0 d-------- C:\Program Files\Camfrog
    2008-03-04 15:20:14 0 d-------- C:\Fraps
    2008-03-04 06:41:09 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Apple Computer
    2008-03-04 06:40:47 0 d-------- C:\Program Files\iPod
    2008-03-04 06:40:40 0 d-------- C:\Program Files\iTunes
    2008-03-04 06:40:24 0 d-------- C:\Program Files\Bonjour
    2008-03-04 06:39:38 0 d-------- C:\Program Files\QuickTime
    2008-03-04 06:39:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
    2008-03-04 06:39:18 0 d-------- C:\Program Files\Apple Software Update
    2008-03-04 06:38:37 0 d-------- C:\Program Files\Common Files\Apple
    2008-03-04 06:38:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
    2008-03-03 01:42:18 0 d-------- C:\Program Files\PokerStars
    2008-03-02 16:06:20 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Media Player Classic
    2008-03-02 15:40:32 0 d-------- C:\Program Files\StepMania
    2008-03-02 03:25:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MGS
    2008-03-02 03:25:08 0 d-------- C:\MicroGaming
    2008-02-29 11:50:42 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\skypePM
    2008-02-29 11:50:42 32 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
    2008-02-29 11:49:28 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Skype
    2008-02-29 11:49:21 0 d-------- C:\Program Files\Skype
    2008-02-29 11:49:21 0 d-------- C:\Program Files\Common Files\Skype
    2008-02-29 11:48:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
    2008-02-29 11:21:39 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Xfire
    2008-02-29 08:48:37 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Xfire
    2008-02-29 08:48:35 0 d-------- C:\Program Files\Xfire


    -- Find3M Report ---------------------------------------------------------------

    2008-03-20 10:09:01 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\AVG7
    2008-03-17 14:19:14 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-03-04 06:38:37 0 d-------- C:\Program Files\Common Files
    2008-02-28 14:30:53 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Real
    2008-02-24 19:42:53 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Ventrilo
    2008-02-24 19:42:10 0 d-------- C:\Program Files\Ventrilo
    2008-02-24 19:41:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-24 06:10:24 0 d-------- C:\Program Files\Windows Live
    2008-02-22 14:20:59 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2008-02-22 14:07:35 0 d-------- C:\Program Files\DivX
    2008-02-22 11:04:16 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment.temp
    2008-02-22 10:51:27 0 d-------- C:\Program Files\Netopia
    2008-02-21 13:49:38 0 d-------- C:\Program Files\FlashFXP
    2008-02-21 09:07:32 0 d-------- C:\Program Files\ASUS
    2008-02-17 20:20:46 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\OtakuSoftware
    2008-02-17 16:12:26 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\.purple
    2008-02-17 16:08:47 0 d-------- C:\Program Files\Common Files\GTK
    2008-02-17 15:54:43 0 d-------- C:\Program Files\Common Files\Adobe
    2008-02-17 01:57:06 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\FlashFXP
    2008-02-16 16:48:46 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\OpenOffice.org2
    2008-02-09 02:39:15 0 d-------- C:\Documents and Settings\Justin.COMPANY-0247C64\Application Data\Microgaming
    2008-01-28 21:31:22 4096 --a------ C:\WINDOWS\system32\crash


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A1EF21C-B0D4-4EB0-894F-CBAE2F4D0A82}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
    "StartCCC "= "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 11:35]
    "RedLine Taskbar "= "C:\Program Files\RedLine\Taskbar.exe" [09/02/2003 16:56]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [28/12/2007 20:07]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [31/01/2008 23:13]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "SpybotDeletingB5073 "=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest "
    "SpybotDeletingD3271 "=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest "
    "SpybotDeletingB3476 "=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js "
    "SpybotDeletingD9025 "=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js "
    "SpybotDeletingB3479 "=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf "
    "SpybotDeletingD1646 "=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf "
    "SpybotDeletingB9548 "=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc "
    "SpybotDeletingD4829 "=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc "
    "SpybotDeletingB8286 "=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt "
    "SpybotDeletingD7311 "=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "SpybotDeletingA7982 "=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest "
    "SpybotDeletingC3303 "=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest "
    "SpybotDeletingA9924 "=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js "
    "SpybotDeletingC5192 "=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js "
    "SpybotDeletingA5341 "=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf "
    "SpybotDeletingC9067 "=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf "
    "SpybotDeletingA4978 "=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc "
    "SpybotDeletingC4482 "=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc "
    "SpybotDeletingA9581 "=command /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt "
    "SpybotDeletingC8146 "=cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt "

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    gameutil.exe.lnk - C:\Program Files\redline\gameutil.exe [10/07/2003 14:04:14]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\Name]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\Name- Commandos Antologia]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\_Autorun\DefaultIcon]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\_Autorun\DefaultIcon- E:\commandos.ico]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\_Autorun\DefaultLabel]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72e138b7-a515-11dc-bc03-0011d8a4edbe}\_Autorun\DefaultLabel- Commandos Antologia]




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 mpa.one.microsoft.com


    -- End of Deckard's System Scanner: finished at 2008-03-26 15:35:23 ------------
     
    Platnex,
    #1
  2. 2008/03/26
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Platnex :)

    If you have not already rebooted the machine since running Spybot, please do so now. Then run anothe scan and let me know what, if anything, it finds. Please give exact details, eg; filename and path, registry path, etc.

    Then, please create a new Deckards log and post it here.
     
    noahdfear,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...