macalig21
2009-02-18, 18:14
Spy bot continues to pick up MyWay.MyWebSearch however it says it can't delete it.
It then asks me to scan after a reboot, then even more trouble started.
I left clicked on it and "jumped to location" I tried to delete the file "fun web products"
It then says "cannot delete fun web products: error while deleting key
After scan reboot returns c:\windows\system32\command.com the parameter is incorrect.
Now at every start up this occurs, even when spybot isn't scanning.
Please help, this is ruining my entire computer.
SPYBOT RAN THIS:
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-02-17 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-22 Includes\Adware.sbi
2009-01-22 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-01-06 Includes\Dialer.sbi
2009-01-22 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-02-10 Includes\Hijackers.sbi
2009-02-10 Includes\HijackersC.sbi
2008-12-09 Includes\Keyloggers.sbi
2009-02-03 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-11-18 Includes\Malware.sbi
2009-02-10 Includes\MalwareC.sbi
2008-12-16 Includes\PUPS.sbi
2009-02-10 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-02-10 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-01-28 Includes\Spyware.sbi
2009-01-28 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2009-02-03 Includes\Trojans.sbi
2009-02-10 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1601304
MD5: 1FC8B35E97123A9DF64F092DA8784E4C
Located: HK_LM:Run, IDTSysTrayApp
command: sttray.exe
file: C:\WINDOWS\sttray.exe
size: 405504
MD5: 394FE85B1D45F96E1E63D2E5AAB938D2
Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 77824
MD5: 19D63CF10330B51FD42ABB1D4D39D0C4
Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\System32\igfxpers.exe
file: C:\WINDOWS\System32\igfxpers.exe
size: 118784
MD5: 697963452107C59BE69A67BEE54E3EAC
Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 98304
MD5: 45985C1B266666CB7BBAC01428AC2FAD
Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 1101824
MD5: 094849718C47651CA255D08CAF42A904
Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 995328
MD5: 988CDA5B406C1931A78E52BD8CC3BBFE
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90
Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep 0 -k
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1
Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
size: 112216
MD5: B02178866C19F73310FD70B789135240
Located: HK_LM:Run, SigmatelSysTrayApp
command: %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
file: C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
size: 405504
MD5: 012844A8E13BE3941C9CAF1F91F47DF2
Located: HK_LM:RunOnce, SpybotDeletingA4551
command: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
file: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA5509
command: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA5711
command: command.com /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
file: command.com /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA9838
command: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC3816
command: cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC7815
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC9257
command: cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC9643
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:Run, Aim6
where: S-1-5-21-854245398-436374069-839522115-1004...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 50472
MD5: 88BC43EA04F747A477898DF4BF9F7BCF
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-854245398-436374069-839522115-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-854245398-436374069-839522115-1004...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1
Located: HK_CU:Run, swg
where: S-1-5-21-854245398-436374069-839522115-1004...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
Located: HK_CU:RunOnce, SpybotDeletingB1700
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB4491
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\sounds\notify.wav"
file: command.com /c del "C:\Program Files\BearShare\sounds\notify.wav"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB5084
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
file: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB7442
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB7821
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\streams.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\streams.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB9479
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD1004
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\streams.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD202
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD2229
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD3222
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD413
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD800
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD8852
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\sounds\notify.wav"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-854245398-436374069-839522115-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, BMf749ac17
where: S-1-5-21-854245398-436374069-839522115-501...
command: Rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\himapkbv.dll",s
file: C:\DOCUME~1\Guest\LOCALS~1\Temp\himapkbv.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-854245398-436374069-839522115-501...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, f47a9f8b
where: S-1-5-21-854245398-436374069-839522115-501...
command: rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\llmgiapn.dll",b
file: C:\DOCUME~1\Guest\LOCALS~1\Temp\llmgiapn.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, QuickTime Task
where: S-1-5-21-854245398-436374069-839522115-501...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1
Located: HK_CU:Run, swg
where: S-1-5-21-854245398-436374069-839522115-501...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
Located: Startup (disabled), Run Google Web Accelerator (DISABLED)
command: C:\PROGRA~1\Google\WEBACC~1\GOOGLE~2.EXE
file: C:\PROGRA~1\Google\WEBACC~1\GOOGLE~2.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, avgrsstarter
command: avgrsstx.dll
file: avgrsstx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wvUkIASK
command: wvUkIASK.dll
file: wvUkIASK.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
MALWAREBYTES ANTI-MALWARE RAN THIS:
are these items really deleted from my system?
I rebooted after, as told.
Malwarebytes' Anti-Malware 1.34
Database version: 1771
Windows 5.1.2600 Service Pack 3
2/17/2009 8:43:01 AM
mbam-log-2009-02-17 (08-43-01).txt
Scan type: Quick Scan
Objects scanned: 90850
Time elapsed: 8 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkKbxX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf749ac17.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf749ac17.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
When i try to delete it from spybot it says:
Some problems can't be fixed the reason could be that the associate files are still in use (in memory)
This could be fixed after a restart.
Also:on restart it says spybotdeletingc7015
its from a bearshare file I don't want on my computer
Am I denying bearshares access?
Or allowing a deletion?
I'm not sure what to click.
It then asks me to scan after a reboot, then even more trouble started.
I left clicked on it and "jumped to location" I tried to delete the file "fun web products"
It then says "cannot delete fun web products: error while deleting key
After scan reboot returns c:\windows\system32\command.com the parameter is incorrect.
Now at every start up this occurs, even when spybot isn't scanning.
Please help, this is ruining my entire computer.
SPYBOT RAN THIS:
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-02-17 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-22 Includes\Adware.sbi
2009-01-22 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-01-06 Includes\Dialer.sbi
2009-01-22 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-02-10 Includes\Hijackers.sbi
2009-02-10 Includes\HijackersC.sbi
2008-12-09 Includes\Keyloggers.sbi
2009-02-03 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-11-18 Includes\Malware.sbi
2009-02-10 Includes\MalwareC.sbi
2008-12-16 Includes\PUPS.sbi
2009-02-10 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-02-10 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-01-28 Includes\Spyware.sbi
2009-01-28 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2009-02-03 Includes\Trojans.sbi
2009-02-10 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1601304
MD5: 1FC8B35E97123A9DF64F092DA8784E4C
Located: HK_LM:Run, IDTSysTrayApp
command: sttray.exe
file: C:\WINDOWS\sttray.exe
size: 405504
MD5: 394FE85B1D45F96E1E63D2E5AAB938D2
Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 77824
MD5: 19D63CF10330B51FD42ABB1D4D39D0C4
Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\System32\igfxpers.exe
file: C:\WINDOWS\System32\igfxpers.exe
size: 118784
MD5: 697963452107C59BE69A67BEE54E3EAC
Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 98304
MD5: 45985C1B266666CB7BBAC01428AC2FAD
Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 1101824
MD5: 094849718C47651CA255D08CAF42A904
Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 995328
MD5: 988CDA5B406C1931A78E52BD8CC3BBFE
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90
Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep 0 -k
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1
Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
size: 112216
MD5: B02178866C19F73310FD70B789135240
Located: HK_LM:Run, SigmatelSysTrayApp
command: %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
file: C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
size: 405504
MD5: 012844A8E13BE3941C9CAF1F91F47DF2
Located: HK_LM:RunOnce, SpybotDeletingA4551
command: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
file: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA5509
command: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA5711
command: command.com /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
file: command.com /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA9838
command: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC3816
command: cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC7815
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC9257
command: cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_LM:RunOnce, SpybotDeletingC9643
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:Run, Aim6
where: S-1-5-21-854245398-436374069-839522115-1004...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 50472
MD5: 88BC43EA04F747A477898DF4BF9F7BCF
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-854245398-436374069-839522115-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-854245398-436374069-839522115-1004...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1
Located: HK_CU:Run, swg
where: S-1-5-21-854245398-436374069-839522115-1004...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
Located: HK_CU:RunOnce, SpybotDeletingB1700
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB4491
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\sounds\notify.wav"
file: command.com /c del "C:\Program Files\BearShare\sounds\notify.wav"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB5084
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
file: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB7442
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB7821
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\streams.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\streams.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB9479
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD1004
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\streams.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD202
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD2229
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD3222
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD413
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD800
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, SpybotDeletingD8852
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\sounds\notify.wav"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-854245398-436374069-839522115-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, BMf749ac17
where: S-1-5-21-854245398-436374069-839522115-501...
command: Rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\himapkbv.dll",s
file: C:\DOCUME~1\Guest\LOCALS~1\Temp\himapkbv.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-854245398-436374069-839522115-501...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, f47a9f8b
where: S-1-5-21-854245398-436374069-839522115-501...
command: rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\llmgiapn.dll",b
file: C:\DOCUME~1\Guest\LOCALS~1\Temp\llmgiapn.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, QuickTime Task
where: S-1-5-21-854245398-436374069-839522115-501...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1
Located: HK_CU:Run, swg
where: S-1-5-21-854245398-436374069-839522115-501...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
Located: Startup (disabled), Run Google Web Accelerator (DISABLED)
command: C:\PROGRA~1\Google\WEBACC~1\GOOGLE~2.EXE
file: C:\PROGRA~1\Google\WEBACC~1\GOOGLE~2.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, avgrsstarter
command: avgrsstx.dll
file: avgrsstx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wvUkIASK
command: wvUkIASK.dll
file: wvUkIASK.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
MALWAREBYTES ANTI-MALWARE RAN THIS:
are these items really deleted from my system?
I rebooted after, as told.
Malwarebytes' Anti-Malware 1.34
Database version: 1771
Windows 5.1.2600 Service Pack 3
2/17/2009 8:43:01 AM
mbam-log-2009-02-17 (08-43-01).txt
Scan type: Quick Scan
Objects scanned: 90850
Time elapsed: 8 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkKbxX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf749ac17.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf749ac17.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
When i try to delete it from spybot it says:
Some problems can't be fixed the reason could be that the associate files are still in use (in memory)
This could be fixed after a restart.
Also:on restart it says spybotdeletingc7015
its from a bearshare file I don't want on my computer
Am I denying bearshares access?
Or allowing a deletion?
I'm not sure what to click.