1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Registry items changed every time I log in

Discussion in 'Virus & Other Malware Removal' started by midfinger, Sep 19, 2008.

Thread Status:
Not open for further replies.
  1. midfinger

    midfinger Thread Starter

    Joined:
    Sep 19, 2008
    Messages:
    1
    Good day to all:D

    Im having this problem with my PC where several entries in the registry was changed everytime I logged in.
    Even after I changed the entries manually, somehow, after next login, they were changed back thus giving me problems accessing regedit, task manager, run , and many more.
    This problem started last week.
    I have run Windows Live One Care online scan and SuperAntiSpyware Free Edition, but nothing big was found. The SuperAntiSpyware log was attached below as well.

    The entries that were normally affected are :-

    HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
    HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
    HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRun
    HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFileMenu
    HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFind
    HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRun
    HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSaveSetting
    HKLM\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoTrayContextMenu

    Attached is the HijackThis logfile and the Startup list logfile

    -----------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:31:29 AM, on 9/20/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\niSvcLoc.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\nipalsm.exe
    C:\WINDOWS\system32\nipalsm.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\System32\WScript.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DT
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected]
    O4 - HKLM\..\Run: [vr64] C:\WINDOWS\system32\prnjobt.vbe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141217426343
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9F6C9A49-1FC7-42A6-B25B-0744D5D49F75}: NameServer = 202.188.0.133,202.199.1.5
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
    O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    --
    End of file - 8994 bytes
    -----------------------------------------------------------------------

    StartupList report, 9/20/2008, 11:07:01 AM
    StartupList version: 1.52.2
    Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
    Detected: Windows XP SP3 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    * Using default options
    ==================================================
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\niSvcLoc.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\nipalsm.exe
    C:\WINDOWS\system32\nipalsm.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\System32\WScript.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    --------------------------------------------------
    Checking Windows NT UserInit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    Dell QuickSet = C:\Program Files\Dell\QuickSet\quickset.exe
    IntelWireless = C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    DLCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected]
    vr64 = C:\WINDOWS\system32\prnjobt.vbe
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    --------------------------------------------------
    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command
    (Default) = "%1" %*
    --------------------------------------------------
    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*
    Shell & screensaver key from Registry:
    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*
    Policies Shell key:
    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*
    --------------------------------------------------

    Enumerating Browser Helper Objects:
    (no name) - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
    (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - (no file) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75}
    (no name) - C:\WINDOWS\System32\DLA\DLASHX_W.DLL - {5CA3D70E-1895-11CF-8E15-001234567890}
    (no name) - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll - {6A373B7E-496E-424f-A9BE-486A5E9AB018}
    (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
    (no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
    --------------------------------------------------
    Enumerating Task Scheduler jobs:
    At1.job
    At10.job
    At11.job
    At12.job
    At13.job
    At14.job
    At15.job
    At16.job
    At17.job
    At18.job
    At19.job
    At2.job
    At20.job
    At21.job
    At22.job
    At23.job
    At24.job
    At25.job
    At26.job
    At27.job
    At28.job
    At29.job
    At3.job
    At30.job
    At31.job
    At32.job
    At33.job
    At34.job
    At35.job
    At36.job
    At37.job
    At38.job
    At39.job
    At4.job
    At40.job
    At41.job
    At42.job
    At43.job
    At44.job
    At45.job
    At46.job
    At47.job
    At48.job
    At49.job
    At5.job
    At50.job
    At51.job
    At52.job
    At53.job
    At54.job
    At55.job
    At56.job
    At57.job
    At58.job
    At59.job
    At6.job
    At60.job
    At61.job
    At62.job
    At63.job
    At64.job
    At65.job
    At66.job
    At67.job
    At68.job
    At69.job
    At7.job
    At70.job
    At71.job
    At72.job
    At73.job
    At74.job
    At75.job
    At76.job
    At77.job
    At78.job
    At79.job
    At8.job
    At80.job
    At81.job
    At82.job
    At83.job
    At84.job
    At85.job
    At86.job
    At87.job
    At88.job
    At89.job
    At9.job
    --------------------------------------------------
    Enumerating Download Program Files:
    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    [YInstStarter Class]
    InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
    CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll
    [Windows Live Safety Center Base Module]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
    CODEBASE = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    [WUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\wuweb.dll
    CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141217426343
    [MsnMessengerSetupDownloadControl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
    CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    [dcCertUtils.clsOperation]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\dcCertUtils.dll
    CODEBASE = https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
    --------------------------------------------------
    Enumerating ShellServiceObjectDelayLoad items:
    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
    --------------------------------------------------
    End of report, 7,740 bytes
    Report generated in 0.031 seconds
    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only


    ----------------------------------------------------------------------

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 09/20/2008 at 09:00 AM
    Application Version : 4.21.1004
    Core Rules Database Version : 3574
    Trace Rules Database Version: 1562
    Scan type : Quick Scan
    Total Scan Time : 00:14:48
    Memory items scanned : 476
    Memory threats detected : 0
    Registry items scanned : 570
    Registry threats detected : 21
    File items scanned : 9466
    File threats detected : 93
    Adware.Tracking Cookie
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\achik[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Achikwek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ipan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ipan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ipan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ipan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ipan\Cookies\[email protected][2].txt
    Keylogger.Actual Spy
    HKU\S-1-5-21-658360299-2217891903-2818851260-1006\Software\ACSPMonitor
    HKLM\Software\ACSPMonitor
    HKLM\Software\ACSPMonitor#path_app2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: Setup Version
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: App Path
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#InstallLocation
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: Icon Group
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: User
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: Selected Tasks
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#Inno Setup: Deselected Tasks
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#QuietUninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#URLInfoAbout
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#URLUpdateInfo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#NoModify
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#NoRepair
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Spy_is1#InstallDate
    C:\Program Files\ACSPMonitor\ActualSpy.chm
    C:\Program Files\ACSPMonitor\ASMonitor.exe
    C:\Program Files\ACSPMonitor\asmonitor.exe.manifest
    C:\Program Files\ACSPMonitor\f.bat
    C:\Program Files\ACSPMonitor\FILE_ID.DIZ
    C:\Program Files\ACSPMonitor\hk.dll
    C:\Program Files\ACSPMonitor\hk2.dll
    C:\Program Files\ACSPMonitor\hprog.dll
    C:\Program Files\ACSPMonitor\libeay32.dll
    C:\Program Files\ACSPMonitor\license.txt
    C:\Program Files\ACSPMonitor\logs
    C:\Program Files\ACSPMonitor\readme.txt
    C:\Program Files\ACSPMonitor\rights.bat
    C:\Program Files\ACSPMonitor\settings.exe
    C:\Program Files\ACSPMonitor\ssleay32.dll
    C:\Program Files\ACSPMonitor\unins000.dat
    C:\Program Files\ACSPMonitor\unins000.exe
    C:\Program Files\ACSPMonitor
    C:\SIERRA\ACTUALSPY.EXE

    -----------------------------------------------------------------------
    I'm not sure whether all the informations provided are sufficient, but if it's not enough, do tell me what to do.
    Your help is greatly appreciated
    Thanks
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG!!


    Please visit this webpage for instructions for downloading and running ComboFix.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/751553

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice