Jump to content

QwertyPop

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Start Run of 12232008 NotePad Log Files of Dell D505 Virus/Infection purge attempts & QwertyPop, new MWBytes member, following suggested MWBytes member "J.I.Montana" protocols. Thank you, MWBytes member "Advan. Set.", if you have the time to respond with analysis. Please analyze at your convenience. My computer seems to be clear so far. I am hoping that I am "purged" but my Sys. Admin. friend has not had the time to analyze the logs herself. ********************************************** ********************************** ************************* 01. QwertyPop Malwarebytes' Anti-Malware 1.31 results after SpyBot's first clear-cutting was affirmed as "clear". Malwarebytes' Anti-Malware 1.31 Database version: 1537 Windows 5.1.2600 Service Pack 1 12/23/2008 2:17:28 PM mbam-log-2008-12-23 (14-17-28).txt Scan type: Full Scan (C:\|) Objects scanned: 101450 Time elapsed: 37 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ************************************************* ********************************** *********************** 02. QwertyPop Panda Active Scan 2.0 results after SpyBot's clear-cutting was affirmed as "clear". ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-23 12:45:48 PROTECTIONS: 0 MALWARE: 10 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@target[1].txt 03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 3 for h-nik201.zip\h2o.rar[kontakt2_keygen.exe] ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location \C5 ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description \C5 ;=============================================================================== ================================================================================ = =================== 133387 MEDIUM MS06-065 \C5 133386 MEDIUM MS06-064 \C5 133385 MEDIUM MS06-063 \C5 133379 HIGH MS06-057 \C5 131654 HIGH MS06-055 \C5 129977 MEDIUM MS06-053 \C5 129976 MEDIUM MS06-052 \C5 126093 HIGH MS06-051 \C5 126092 MEDIUM MS06-050 \C5 126087 HIGH MS06-046 \C5 126086 MEDIUM MS06-045 \C5 126083 HIGH MS06-042 \C5 126082 HIGH MS06-041 \C5 126081 HIGH MS06-040 \C5 123421 HIGH MS06-036 \C5 123420 HIGH MS06-035 \C5 120825 MEDIUM MS06-032 \C5 120823 MEDIUM MS06-030 \C5 120818 HIGH MS06-025 \C5 120815 HIGH MS06-022 \C5 120814 HIGH MS06-021 \C5 117384 MEDIUM MS06-018 \C5 114666 HIGH MS06-015 \C5 114664 HIGH MS06-013 \C5 111790 MEDIUM MS06-011 \C5 108744 MEDIUM MS06-008 \C5 108743 MEDIUM MS06-007 \C5 108742 MEDIUM MS06-006 \C5 104567 HIGH MS06-002 \C5 104237 HIGH MS06-001 \C5 101055 HIGH MS05-054 \C5 96574 HIGH MS05-053 \C5 93396 HIGH MS05-052 \C5 93395 HIGH MS05-051 \C5 93394 HIGH MS05-050 \C5 93454 MEDIUM MS05-049 \C5 ;=============================================================================== ================================================================================ = =================== ************************************************************ ****************************** ********************* 03. QwertyPop Trend Micro Hijick This results after SpyBot, Panda Active Scan 2.0's and MWBytes 1.31's first clear-cuttings was affirmed as "clear". Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:22:18 PM, on 12/23/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WDBtnMgr.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\WLTRAY.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE O2 - BHO: (no name) - {2045E5B5-E7CA-48D1-ACFB-B98A7E91E214} - (no file) O2 - BHO: (no name) - {358C4DD2-D329-4F32-A49D-213D287AF6E2} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {8BFC98B5-CEB9-4C6A-8118-A91C1D201C45} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: NETGEAR Smart Wizard.lnk = ? O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: szhpdg.dll adnphz.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 5930 bytes **************************************** ******************************* ************** End Run of 12232008 NotePad Log Files of Dell D505 Virus/Infection purge attempts & QwertyPop, new MWBytes member, following suggested MWBytes member "J.I.Montana" protocols. ...& Thank you to MWBytes member "Advan. Set.", J.I.M. and MWBytes for the chance to solve with the help of others.
  2. Start Run of 12162008 NotePad Log Files of Dell D505 Virus/Infection purge attempts & QwertyPop, new MWBytes member, following suggested MWBytes member "J.I.Montana" protocols. Thank you to MWBytes members who have the time to respond with analysis. ********************************************** ********************************** ************************* 01. QwertyPop Malwarebytes' Anti-Malware 1.31 results after SpyBot's first clear-cutting was affirmed as "clear". Malwarebytes' Anti-Malware 1.31 Database version: 1506 Windows 5.1.2600 Service Pack 1 12/16/2008 12:27:06 PM mbam-log-2008-12-16 (12-27-06).txt Scan type: Full Scan (C:\|) Objects scanned: 99860 Time elapsed: 38 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) *********************************************************** *************************************************** ******************************************** 02. QwertyPop Panda Active Scan 2.0 results after Malwarebytes' Anti-Malware 1.31 second full-scan clear-cutting was affirmed as "clear". ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-16 21:34:18 PROTECTIONS: 0 MALWARE: 8 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@target[1].txt ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location I\R C5 ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description I\R C5 ;=============================================================================== ================================================================================ = =================== 133387 MEDIUM MS06-065 I\R C5 133386 MEDIUM MS06-064 I\R C5 133385 MEDIUM MS06-063 I\R C5 133379 HIGH MS06-057 I\R C5 131654 HIGH MS06-055 I\R C5 129977 MEDIUM MS06-053 I\R C5 129976 MEDIUM MS06-052 I\R C5 126093 HIGH MS06-051 I\R C5 126092 MEDIUM MS06-050 I\R C5 126087 HIGH MS06-046 I\R C5 126086 MEDIUM MS06-045 I\R C5 126083 HIGH MS06-042 I\R C5 126082 HIGH MS06-041 I\R C5 126081 HIGH MS06-040 I\R C5 123421 HIGH MS06-036 I\R C5 123420 HIGH MS06-035 I\R C5 120825 MEDIUM MS06-032 I\R C5 120823 MEDIUM MS06-030 I\R C5 120818 HIGH MS06-025 I\R C5 120815 HIGH MS06-022 I\R C5 120814 HIGH MS06-021 I\R C5 117384 MEDIUM MS06-018 I\R C5 114666 HIGH MS06-015 I\R C5 114664 HIGH MS06-013 I\R C5 111790 MEDIUM MS06-011 I\R C5 108744 MEDIUM MS06-008 I\R C5 108743 MEDIUM MS06-007 I\R C5 108742 MEDIUM MS06-006 I\R C5 104567 HIGH MS06-002 I\R C5 104237 HIGH MS06-001 I\R C5 101055 HIGH MS05-054 I\R C5 96574 HIGH MS05-053 I\R C5 93396 HIGH MS05-052 I\R C5 93395 HIGH MS05-051 I\R C5 93394 HIGH MS05-050 I\R C5 93454 MEDIUM MS05-049 I\R C5 ;=============================================================================== ================================================================================ = =================== ************************************************************ ****************************** ********************* 03. QwertyPop Trend Micro Hijick This results after Panda Active Scan 2.0's first clear-cutting was affirmed as "clear". Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:20:00 PM, on 12/16/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WDBtnMgr.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\System32\WLTRAY.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe O2 - BHO: (no name) - {2045E5B5-E7CA-48D1-ACFB-B98A7E91E214} - (no file) O2 - BHO: (no name) - {358C4DD2-D329-4F32-A49D-213D287AF6E2} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {8BFC98B5-CEB9-4C6A-8118-A91C1D201C45} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: NETGEAR Smart Wizard.lnk = ? O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: szhpdg.dll adnphz.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 6148 bytes **************************************** ******************************* ************** End Run of 12162008 NotePad Log Files of Dell D505 Virus/Infection purge attempts & QwertyPop, new MWBytes member, following suggested MWBytes member "J.I.Montana" protocols. ...& Thank you to J.I.M. and MWBytes for the chance to solve with the help of others.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.