JesseM
2008-01-10, 22:03
I am fairly new to all this, but have been using spybot S&D for a month or so. I have a problem removing the last part. It will not let me do anything with it. in the description it says files added by BADSECTOR trojan and GOLDUN trojan. Also it says it is a homepage hijacker. Please Help?
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-12-27 unins000.exe (51.46.0.0)
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-01-09 Includes\Cookies.sbi
2008-01-09 Includes\Revision.sbi
2007-11-06 Includes\Tracks.uti
2007-12-26 Includes\Dialer.sbi
2007-12-26 Includes\Hijackers.sbi
2007-10-04 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2008-01-09 Includes\Malware.sbi
2007-10-24 Includes\PUPS.sbi
2008-01-09 Includes\Security.sbi
2008-01-09 Includes\TrojansC.sbi
2007-11-07 Includes\Spybots.sbi
2008-01-09 Includes\SpybotsC.sbi
2007-12-12 Includes\Trojans.sbi
2008-01-09 Includes\SecurityC.sbi
2008-01-09 Includes\PUPSC.sbi
2008-01-09 Includes\MalwareC.sbi
2008-01-09 Includes\KeyloggersC.sbi
2008-01-09 Includes\HijackersC.sbi
2008-01-09 Includes\DialerC.sbi
2008-01-09 Includes\HeavyDuty.sbi
2008-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, ashMaiSv
command: C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
file: C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
size: 247160
MD5: 36088BA16E85C081D7BC48725872D540
Located: HK_LM:Run, avast! Web Scanner
command: C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
file: C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
size: 345464
MD5: 86ACF7955F4DB72880F61D724A97855A
Located: HK_LM:Run, devldr16.exe
command: C:\WINDOWS\SYSTEM\devldr16.exe
file: C:\WINDOWS\SYSTEM\devldr16.exe
size: 37888
MD5: C8BE4F29715876C64D1FD55B60E41CAD
Located: HK_LM:Run, KiweeHook
command: "C:\Program Files\Kiwee Toolbar\kwtbaim.exe"
file: C:\Program Files\Kiwee Toolbar\kwtbaim.exe
size: 62776
MD5: 8613DFFF54B81595284AF5B02975AE9F
Located: HK_LM:RunServices, avast!
command: C:\Program Files\Alwil Software\Avast4\ashServ.exe
file: C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 140664
MD5: DBBB6E20EC8C38902C4935B249AEBE2A
Located: HK_LM:RunServices, KB891711
command: C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
file: C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
size: 9088
MD5: CBD841775A04E82B2828FC301AAFEE70
Located: HK_LM:RunServices, KB918547
command: C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
file: C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
size: 8256
MD5: E5C7486D02E0D17E11C840694A5C55B5
Located: HK_LM:RunServices, SchedulingAgent
command: mstask.exe
file: C:\WINDOWS\SYSTEM\mstask.exe
size: 126976
MD5: 6770EAF1DFB8D3C952DCA22CD956F570
Located: HK_LM:Run, AudioHQ (DISABLED)
command: C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
file: C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
size: 204800
MD5: BC07BD65FE5AAD56297B6232CFA4B39C
Located: HK_LM:Run, devldr16.exe (DISABLED)
command: C:\WINDOWS\SYSTEM\devldr16.exe
file: C:\WINDOWS\SYSTEM\devldr16.exe
size: 37888
MD5: C8BE4F29715876C64D1FD55B60E41CAD
Located: HK_LM:Run, LexStart (DISABLED)
command: lexstart.exe
file: C:\WINDOWS\SYSTEM\lexstart.exe
size: 40960
MD5: A884981FB187A8F89D927C9AB54B8A2E
Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, nwiz (DISABLED)
command: nwiz.exe /install
file: C:\WINDOWS\SYSTEM\nwiz.exe
size: 352256
MD5: DAB0C2A9F24E3F7503BA75B1BDF748EF
Located: HK_LM:Run, PCHealth (DISABLED)
command: C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
file: C:\WINDOWS\PCHealth\Support\PCHSchd.exe
size: 24848
MD5: 37556315E7DADD5EE414B5A438B7843D
Located: HK_LM:Run, Speed racer (DISABLED)
command: C:\Program Files\Creative\PlayCenter\CTSRReg.exe
file: C:\Program Files\Creative\PlayCenter\CTSRReg.exe
size: 5632
MD5: 8C21A9D01B5F44556ED27BA2964D1FF9
Located: HK_LM:Run, SystemTray (DISABLED)
command: SysTray.Exe
file: C:\WINDOWS\SYSTEM\SysTray.Exe
size: 36864
MD5: A29D4E875BC3ED7042A9159A89B597DB
Located: HK_LM:Run, TaskMonitor (DISABLED)
command: C:\WINDOWS\taskmon.exe
file: C:\WINDOWS\taskmon.exe
size: 28672
MD5: A23BCA4B69AC68FD410B6AFCCB11AF07
Located: HK_LM:Run, TCASUTIEXE (DISABLED)
command: TCAUDIAG -off
file: C:\WINDOWS\SYSTEM\TCAUDIAG.exe
size: 1327616
MD5: 56F9907D4642CEC91E89743C33477E72
Located: HK_LM:Run, UpdReg (DISABLED)
command: C:\WINDOWS\Updreg.exe
file: C:\WINDOWS\Updreg.exe
size: 86016
MD5: 73B627359F27C2FBC85590FF7808281B
Located: HK_LM:RunServices, *StateMgr (DISABLED)
command: C:\WINDOWS\System\Restore\StateMgr.exe
file: C:\WINDOWS\System\Restore\StateMgr.exe
size: 24848
MD5: 02282C55DC8B1BF1FF1180C98D7337D6
Located: HK_LM:RunServices, SchedulingAgent (DISABLED)
command: mstask.exe
file: C:\WINDOWS\SYSTEM\mstask.exe
size: 126976
MD5: 6770EAF1DFB8D3C952DCA22CD956F570
Located: HK_CU:Run, SpybotSD TeaTimer
where: .DEFAULT...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
Located: HK_CU:Run, Yahoo! Pager
where: .DEFAULT...
command: "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
file: C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe
size: 3096576
MD5: DADBB773F3D2315DCF04B7FD86A1E5F2
Located: Startup (user), VersionTrackerPro.lnk (DISABLED)
where: C:\WINDOWS\Start Menu\Programs\StartUp...
command: C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
file: C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
size: 53248
MD5: 55240D350658714E38C032FB6C92ABCF
Located: System.ini, Shell
where: C:\WINDOWS\system.ini...
command: Explorer.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-12-27 unins000.exe (51.46.0.0)
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-01-09 Includes\Cookies.sbi
2008-01-09 Includes\Revision.sbi
2007-11-06 Includes\Tracks.uti
2007-12-26 Includes\Dialer.sbi
2007-12-26 Includes\Hijackers.sbi
2007-10-04 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2008-01-09 Includes\Malware.sbi
2007-10-24 Includes\PUPS.sbi
2008-01-09 Includes\Security.sbi
2008-01-09 Includes\TrojansC.sbi
2007-11-07 Includes\Spybots.sbi
2008-01-09 Includes\SpybotsC.sbi
2007-12-12 Includes\Trojans.sbi
2008-01-09 Includes\SecurityC.sbi
2008-01-09 Includes\PUPSC.sbi
2008-01-09 Includes\MalwareC.sbi
2008-01-09 Includes\KeyloggersC.sbi
2008-01-09 Includes\HijackersC.sbi
2008-01-09 Includes\DialerC.sbi
2008-01-09 Includes\HeavyDuty.sbi
2008-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, ashMaiSv
command: C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
file: C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
size: 247160
MD5: 36088BA16E85C081D7BC48725872D540
Located: HK_LM:Run, avast! Web Scanner
command: C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
file: C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
size: 345464
MD5: 86ACF7955F4DB72880F61D724A97855A
Located: HK_LM:Run, devldr16.exe
command: C:\WINDOWS\SYSTEM\devldr16.exe
file: C:\WINDOWS\SYSTEM\devldr16.exe
size: 37888
MD5: C8BE4F29715876C64D1FD55B60E41CAD
Located: HK_LM:Run, KiweeHook
command: "C:\Program Files\Kiwee Toolbar\kwtbaim.exe"
file: C:\Program Files\Kiwee Toolbar\kwtbaim.exe
size: 62776
MD5: 8613DFFF54B81595284AF5B02975AE9F
Located: HK_LM:RunServices, avast!
command: C:\Program Files\Alwil Software\Avast4\ashServ.exe
file: C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 140664
MD5: DBBB6E20EC8C38902C4935B249AEBE2A
Located: HK_LM:RunServices, KB891711
command: C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
file: C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
size: 9088
MD5: CBD841775A04E82B2828FC301AAFEE70
Located: HK_LM:RunServices, KB918547
command: C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
file: C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
size: 8256
MD5: E5C7486D02E0D17E11C840694A5C55B5
Located: HK_LM:RunServices, SchedulingAgent
command: mstask.exe
file: C:\WINDOWS\SYSTEM\mstask.exe
size: 126976
MD5: 6770EAF1DFB8D3C952DCA22CD956F570
Located: HK_LM:Run, AudioHQ (DISABLED)
command: C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
file: C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
size: 204800
MD5: BC07BD65FE5AAD56297B6232CFA4B39C
Located: HK_LM:Run, devldr16.exe (DISABLED)
command: C:\WINDOWS\SYSTEM\devldr16.exe
file: C:\WINDOWS\SYSTEM\devldr16.exe
size: 37888
MD5: C8BE4F29715876C64D1FD55B60E41CAD
Located: HK_LM:Run, LexStart (DISABLED)
command: lexstart.exe
file: C:\WINDOWS\SYSTEM\lexstart.exe
size: 40960
MD5: A884981FB187A8F89D927C9AB54B8A2E
Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, nwiz (DISABLED)
command: nwiz.exe /install
file: C:\WINDOWS\SYSTEM\nwiz.exe
size: 352256
MD5: DAB0C2A9F24E3F7503BA75B1BDF748EF
Located: HK_LM:Run, PCHealth (DISABLED)
command: C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
file: C:\WINDOWS\PCHealth\Support\PCHSchd.exe
size: 24848
MD5: 37556315E7DADD5EE414B5A438B7843D
Located: HK_LM:Run, Speed racer (DISABLED)
command: C:\Program Files\Creative\PlayCenter\CTSRReg.exe
file: C:\Program Files\Creative\PlayCenter\CTSRReg.exe
size: 5632
MD5: 8C21A9D01B5F44556ED27BA2964D1FF9
Located: HK_LM:Run, SystemTray (DISABLED)
command: SysTray.Exe
file: C:\WINDOWS\SYSTEM\SysTray.Exe
size: 36864
MD5: A29D4E875BC3ED7042A9159A89B597DB
Located: HK_LM:Run, TaskMonitor (DISABLED)
command: C:\WINDOWS\taskmon.exe
file: C:\WINDOWS\taskmon.exe
size: 28672
MD5: A23BCA4B69AC68FD410B6AFCCB11AF07
Located: HK_LM:Run, TCASUTIEXE (DISABLED)
command: TCAUDIAG -off
file: C:\WINDOWS\SYSTEM\TCAUDIAG.exe
size: 1327616
MD5: 56F9907D4642CEC91E89743C33477E72
Located: HK_LM:Run, UpdReg (DISABLED)
command: C:\WINDOWS\Updreg.exe
file: C:\WINDOWS\Updreg.exe
size: 86016
MD5: 73B627359F27C2FBC85590FF7808281B
Located: HK_LM:RunServices, *StateMgr (DISABLED)
command: C:\WINDOWS\System\Restore\StateMgr.exe
file: C:\WINDOWS\System\Restore\StateMgr.exe
size: 24848
MD5: 02282C55DC8B1BF1FF1180C98D7337D6
Located: HK_LM:RunServices, SchedulingAgent (DISABLED)
command: mstask.exe
file: C:\WINDOWS\SYSTEM\mstask.exe
size: 126976
MD5: 6770EAF1DFB8D3C952DCA22CD956F570
Located: HK_CU:Run, SpybotSD TeaTimer
where: .DEFAULT...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
Located: HK_CU:Run, Yahoo! Pager
where: .DEFAULT...
command: "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
file: C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe
size: 3096576
MD5: DADBB773F3D2315DCF04B7FD86A1E5F2
Located: Startup (user), VersionTrackerPro.lnk (DISABLED)
where: C:\WINDOWS\Start Menu\Programs\StartUp...
command: C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
file: C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
size: 53248
MD5: 55240D350658714E38C032FB6C92ABCF
Located: System.ini, Shell
where: C:\WINDOWS\system.ini...
command: Explorer.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!