1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Generic Downloader .ab

Discussion in 'Virus & Other Malware Removal' started by Anroon, Jul 10, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Anroon

    Anroon Thread Starter

    Joined:
    Jul 2, 2005
    Messages:
    16
    Hey guys,

    I was here a good while back and you were able to help me out perfectly - thanks! But alas, I've a new problem. McAfee was detecting the generic downloader.ab and unable to delete it, it just kept coming back. I turned off system restore and ran a scan in safe mode and this seemed to work better, but it came back again. I had to go away for the weekend and my dad allowed one of the programs through the firewall (Microsoft MediaUpload? - bgates.exe) and now my computer is littered with phoney antivirus software and security alerts. The homepage has changed too. Here my hijack this log... any help would be greatly appreciated...

    Logfile of HijackThis v1.99.1
    Scan saved at 10:53:38, on 10/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dcomcfg.exe
    C:\WINDOWS\system32\atmclk.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\mcafee.com\agent\McDash.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\George Nolan\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.cs.tcd.ie/proxy.cgi
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AntivirusGolden] C:\Program Files\AntivirusGolden\AntivirusGolden.exe /h
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,20/mcgdmgr.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: winepi32 - C:\WINDOWS\SYSTEM32\winepi32.dll
    O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Thanks guys and sorry to bother you again.
     
  2. Anroon

    Anroon Thread Starter

    Joined:
    Jul 2, 2005
    Messages:
    16
    Hey, I've tried ewido and spysweeper in safe mode since posting this... They detected reams of stuff, but the infection seems to be still there. Here's the latest HijackThis logfile...

    Logfile of HijackThis v1.99.1
    Scan saved at 14:57:01, on 10/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\George Nolan\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ryanair.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.cs.tcd.ie/proxy.cgi
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,20/mcgdmgr.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: winepi32 - C:\WINDOWS\SYSTEM32\winepi32.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  3. Anroon

    Anroon Thread Starter

    Joined:
    Jul 2, 2005
    Messages:
    16
    And the SpySweeper logfile...

    ********
    13:50: | Start of Session, 10 July 2006 |
    13:50: Spy Sweeper started
    13:50: Sweep initiated using definitions version 714
    13:50: Starting Memory Sweep
    13:54: Memory Sweep Complete, Elapsed Time: 00:03:41
    13:54: Starting Registry Sweep
    13:54: Found Adware: antivirus gold
    13:54: HKCR\appid\cerberus.exe\ (1 subtraces) (ID = 103593)
    13:54: Found Adware: antivirus gold components
    13:54: HKCR\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (1 subtraces) (ID = 103594)
    13:54: HKCR\cerberus.enginelistener.1\ (3 subtraces) (ID = 103595)
    13:54: HKCR\cerberus.enginelistener\ (5 subtraces) (ID = 103596)
    13:54: HKCR\cerberus.scanner.1\ (3 subtraces) (ID = 103597)
    13:54: HKCR\cerberus.scanner\ (5 subtraces) (ID = 103598)
    13:54: HKCR\cerberus.threatcollection.1\ (3 subtraces) (ID = 103599)
    13:54: HKCR\cerberus.threatcollection\ (5 subtraces) (ID = 103600)
    13:54: HKCR\clsid\{020b1227-417d-4682-9ac3-61f43cb5b6b1}\ (12 subtraces) (ID = 103601)
    13:54: HKCR\clsid\{3d00a39c-655b-428b-aeb2-2fba03dcc49c}\ (11 subtraces) (ID = 103602)
    13:54: HKCR\clsid\{5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe}\ (11 subtraces) (ID = 103603)
    13:54: HKCR\clsid\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a}\ (11 subtraces) (ID = 103604)
    13:54: HKCR\clsid\{8ee6bf73-b370-4d13-9126-eb0071178f2e}\ (11 subtraces) (ID = 103605)
    13:54: HKCR\clsid\{9bb7e700-4e48-476d-b75c-6f47606be988}\ (11 subtraces) (ID = 103606)
    13:54: HKCR\clsid\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c}\ (12 subtraces) (ID = 103607)
    13:54: HKCR\clsid\{97f56e12-c706-4aeb-9ffb-133c05ee5d38}\ (12 subtraces) (ID = 103608)
    13:54: HKCR\clsid\{408f660a-9465-44a3-b557-8709dfd992bc}\ (11 subtraces) (ID = 103609)
    13:54: HKCR\clsid\{125494b2-acad-414c-98b9-452f3ef7703a}\ (12 subtraces) (ID = 103610)
    13:54: HKCR\clsid\{cbcaca58-1aee-4600-8cf0-e8b30bff1535}\ (11 subtraces) (ID = 103611)
    13:54: HKCR\clsid\{d6d64cdf-0363-4261-b723-29a3af365e1d}\ (11 subtraces) (ID = 103612)
    13:54: HKCR\engine.backup.1\ (3 subtraces) (ID = 103613)
    13:54: HKCR\engine.backup\ (5 subtraces) (ID = 103614)
    13:54: HKCR\engine.ignorelist.1\ (3 subtraces) (ID = 103615)
    13:54: HKCR\engine.ignorelist\ (5 subtraces) (ID = 103616)
    13:54: HKCR\engine.log.1\ (3 subtraces) (ID = 103617)
    13:54: HKCR\engine.log\ (5 subtraces) (ID = 103618)
    13:54: HKCR\engine.logrecord.1\ (3 subtraces) (ID = 103619)
    13:54: HKCR\engine.logrecord\ (5 subtraces) (ID = 103620)
    13:54: HKCR\engine.paths.1\ (3 subtraces) (ID = 103621)
    13:54: HKCR\engine.paths\ (5 subtraces) (ID = 103622)
    13:54: HKCR\engine.quarantine.1\ (3 subtraces) (ID = 103623)
    13:54: HKCR\engine.quarantine\ (5 subtraces) (ID = 103624)
    13:54: HKCR\engine.runas.1\ (3 subtraces) (ID = 103625)
    13:54: HKCR\engine.runas\ (5 subtraces) (ID = 103626)
    13:54: HKCR\engine.searchitem.1\ (3 subtraces) (ID = 103627)
    13:54: HKCR\engine.searchitem\ (5 subtraces) (ID = 103628)
    13:54: HKCR\engine.threat.1\ (3 subtraces) (ID = 103629)
    13:54: HKCR\engine.threat\ (5 subtraces) (ID = 103630)
    13:54: HKLM\software\classes\appid\cerberus.exe\ (1 subtraces) (ID = 103632)
    13:54: HKLM\software\classes\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (1 subtraces) (ID = 103633)
    13:54: HKLM\software\classes\cerberus.enginelistener.1\ (3 subtraces) (ID = 103634)
    13:54: HKLM\software\classes\cerberus.enginelistener\ (5 subtraces) (ID = 103635)
    13:54: HKLM\software\classes\cerberus.scanner.1\ (3 subtraces) (ID = 103636)
    13:54: HKLM\software\classes\cerberus.scanner\ (5 subtraces) (ID = 103637)
    13:54: HKLM\software\classes\cerberus.threatcollection.1\ (3 subtraces) (ID = 103638)
    13:54: HKLM\software\classes\cerberus.threatcollection\ (5 subtraces) (ID = 103639)
    13:54: HKLM\software\classes\clsid\{020b1227-417d-4682-9ac3-61f43cb5b6b1}\ (12 subtraces) (ID = 103641)
    13:54: HKLM\software\classes\clsid\{3d00a39c-655b-428b-aeb2-2fba03dcc49c}\ (11 subtraces) (ID = 103642)
    13:54: HKLM\software\classes\clsid\{5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe}\ (11 subtraces) (ID = 103643)
    13:54: HKLM\software\classes\clsid\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a}\ (11 subtraces) (ID = 103644)
    13:54: HKLM\software\classes\clsid\{8ee6bf73-b370-4d13-9126-eb0071178f2e}\ (11 subtraces) (ID = 103645)
    13:54: HKLM\software\classes\clsid\{9bb7e700-4e48-476d-b75c-6f47606be988}\ (11 subtraces) (ID = 103646)
    13:54: HKLM\software\classes\clsid\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c}\ (12 subtraces) (ID = 103647)
    13:54: HKLM\software\classes\clsid\{97f56e12-c706-4aeb-9ffb-133c05ee5d38}\ (12 subtraces) (ID = 103648)
    13:54: HKLM\software\classes\clsid\{408f660a-9465-44a3-b557-8709dfd992bc}\ (11 subtraces) (ID = 103649)
    13:54: HKLM\software\classes\clsid\{125494b2-acad-414c-98b9-452f3ef7703a}\ (12 subtraces) (ID = 103650)
    13:54: HKLM\software\classes\clsid\{cbcaca58-1aee-4600-8cf0-e8b30bff1535}\ (11 subtraces) (ID = 103651)
    13:54: HKLM\software\classes\clsid\{d6d64cdf-0363-4261-b723-29a3af365e1d}\ (11 subtraces) (ID = 103652)
    13:54: HKLM\software\classes\engine.backup.1\ (3 subtraces) (ID = 103653)
    13:54: HKLM\software\classes\engine.backup\ (5 subtraces) (ID = 103654)
    13:54: HKLM\software\classes\engine.ignorelist.1\ (3 subtraces) (ID = 103655)
    13:54: HKLM\software\classes\engine.ignorelist\ (5 subtraces) (ID = 103656)
    13:54: HKLM\software\classes\engine.log.1\ (3 subtraces) (ID = 103657)
    13:54: HKLM\software\classes\engine.log\ (5 subtraces) (ID = 103658)
    13:54: HKLM\software\classes\engine.logrecord.1\ (3 subtraces) (ID = 103659)
    13:54: HKLM\software\classes\engine.logrecord\ (5 subtraces) (ID = 103660)
    13:54: HKLM\software\classes\engine.paths.1\ (3 subtraces) (ID = 103661)
    13:54: HKLM\software\classes\engine.paths\ (5 subtraces) (ID = 103662)
    13:54: HKLM\software\classes\engine.quarantine.1\ (3 subtraces) (ID = 103663)
    13:54: HKLM\software\classes\engine.quarantine\ (5 subtraces) (ID = 103664)
    13:54: HKLM\software\classes\engine.runas.1\ (3 subtraces) (ID = 103665)
    13:54: HKLM\software\classes\engine.runas\ (5 subtraces) (ID = 103666)
    13:54: HKLM\software\classes\engine.searchitem.1\ (3 subtraces) (ID = 103667)
    13:54: HKLM\software\classes\engine.searchitem\ (5 subtraces) (ID = 103668)
    13:54: HKLM\software\classes\engine.threat.1\ (3 subtraces) (ID = 103669)
    13:54: HKLM\software\classes\engine.threat\ (5 subtraces) (ID = 103670)
    13:54: HKLM\software\classes\typelib\{60f94d7d-563e-4942-b5ec-2de9c135c139}\ (9 subtraces) (ID = 103671)
    13:54: HKCR\typelib\{60f94d7d-563e-4942-b5ec-2de9c135c139}\ (9 subtraces) (ID = 103676)
    13:54: Found Adware: ist software
    13:54: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
    13:54: Found Adware: ist yoursitebar
    13:54: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
    13:54: Found Adware: security2k hijacker
    13:54: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (2 subtraces) (ID = 735573)
    13:54: Found Trojan Horse: trojan agent winlogonhook
    13:54: HKLM\software\microsoft\mssmgr\ (14 subtraces) (ID = 937101)
    13:54: HKCR\clsid\{c65c3770-598c-a2fd-dbaa-c7a45c50338e}\ (47 subtraces) (ID = 1386855)
    13:54: HKLM\software\antivirusgolden\ (1 subtraces) (ID = 1386984)
    13:54: HKLM\software\classes\clsid\{c65c3770-598c-a2fd-dbaa-c7a45c50338e}\ (47 subtraces) (ID = 1387133)
    13:54: HKLM\software\microsoft\windows\currentversion\app paths\antivirusgolden.exe\ (1 subtraces) (ID = 1387262)
    13:54: HKLM\software\microsoft\windows\currentversion\run\ || antivirusgolden (ID = 1387264)
    13:54: HKLM\software\microsoft\windows\currentversion\uninstall\antivirusgolden\ (7 subtraces) (ID = 1387265)
    13:54: Found Trojan Horse: trojan-downloader-zlob
    13:54: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 1497178)
    13:54: Found Adware: popuper
    13:54: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || dcomcfg.exe (ID = 1497181)
    13:55: Registry Sweep Complete, Elapsed Time:00:00:37
    13:55: Starting Cookie Sweep
    13:55: Found Spy Cookie: adultfriendfinder cookie
    13:55: george [email protected][2].txt (ID = 2165)
    13:55: Found Spy Cookie: webtrends cookie
    13:55: george [email protected][2].txt (ID = 3669)
    13:55: Found Spy Cookie: malwarewipe cookie
    13:55: george [email protected][2].txt (ID = 6467)
    13:55: Found Spy Cookie: pesttrap cookie
    13:55: george [email protected][1].txt (ID = 6462)
    13:55: Cookie Sweep Complete, Elapsed Time: 00:00:03
    13:55: Starting File Sweep
    13:55: c:\documents and settings\george nolan\start menu\programs\antivirusgolden (3 subtraces) (ID = -2147447509)
    13:55: c:\program files\antivirusgolden (22 subtraces) (ID = -2147447508)
    13:55: Found Adware: sicro dialer
    13:55: switchagreement.txt (ID = 76024)
    14:30: antivirusgolden.exe (ID = 303616)
    14:30: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || AntivirusGolden (ID = 0)
    14:30: uninst.exe (ID = 303613)
    14:31: scannerconfig.xml (ID = 49967)
    14:31: antivirusgolden 3.3.lnk (ID = 303616)
    14:31: antivirusgolden.lnk (ID = 303616)
    14:31: antivirusgolden 3.3.lnk (ID = 303616)
    14:31: antivirusgolden 3.3.lnk (ID = 303616)
    14:31: File Sweep Complete, Elapsed Time: 00:36:41
    14:31: Full Sweep has completed. Elapsed time 00:41:07
    14:31: Traces Found: 737
    14:40: Removal process initiated
    14:40: Quarantining All Traces: antivirus gold
    14:41: Quarantining All Traces: antivirus gold components
    14:41: Quarantining All Traces: ist software
    14:41: Quarantining All Traces: ist yoursitebar
    14:41: Quarantining All Traces: security2k hijacker
    14:41: Quarantining All Traces: trojan agent winlogonhook
    14:41: Quarantining All Traces: trojan-downloader-zlob
    14:41: Quarantining All Traces: popuper
    14:41: Quarantining All Traces: adultfriendfinder cookie
    14:41: Quarantining All Traces: webtrends cookie
    14:41: Quarantining All Traces: malwarewipe cookie
    14:41: Quarantining All Traces: pesttrap cookie
    14:41: Quarantining All Traces: sicro dialer
    14:42: Removal process completed. Elapsed time 00:01:14
    ********
    13:04: | Start of Session, 10 July 2006 |
    13:04: Spy Sweeper started
    13:06: Your spyware definitions have been updated.
    13:50: Program Version 4.5.9 (Build 709) Using Spyware Definitions 714
    13:50: | End of Session, 10 July 2006 |
     
  4. Anroon

    Anroon Thread Starter

    Joined:
    Jul 2, 2005
    Messages:
    16
    Also, internet explorer keeps redirecting to //http://www.sysprotectionpage.net///
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/481949

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice