strange virus/spyware(?) gmail killer?

December 26, 2010 at 10:16:58
Specs: Windows 7
this is by far the strangest thing that ever happened to my computer. It basically shuts down my internet browser (chrome, firefox, i.e.) when i do anything gmail related. It doesn't have to be gmail.com, i could just google gmail or google mail, and it'll instantly shut down my browser, and open up internet explorer... yes, even if the original browser i used was i.e. it will shut down that i.e. and start up another i.e.

this started happening when i realized i couldn't access my gmail account despite the fact that I absolutely KNEW my password. So i just used my alternative gmail account, which worked fine for a couple of hours, then it too was unable to be accessed. THe problem has steadily been getting worse, and like i said before, now i can't even type gmail without whatever the heck this is shutting down the browser... it's actually really creepy.

I'm on the verge of reformatting my computer although I'm not sure if it will help me with my gmail problems.

Anyone have any notion of what the heck this thing is? I ran anti-virus programs like Vipre and AVG and cleaned it out but nothing seems to be working.

Hijack this Log file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:28 PM, on 12/26/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\RemoteX\RemoteXUser.exe
C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Joystick 2 Mouse 3\Joystick 2 Mouse.exe
C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Joystick 2 Mouse 3\Joystick 2 Mouse.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\jack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
C:\Users\jack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.net/google/index...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Powered by Charter Communications
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\Users\jack\AppData\Roaming\lsass.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
O2 - BHO: Charter Toolbar - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~2\CHARTE~1\CHARTE~1.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: Charter Toolbar - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~2\CHARTE~1\CHARTE~1.DLL
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Joystick 2 Mouse] C:\Program Files (x86)\Joystick 2 Mouse 3\Joystick 2 Mouse.exe /NoConfigure
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteX] "C:\Program Files (x86)\RemoteX\RemoteXUser.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [svchost] C:\Users\jack\AppData\Roaming\local.exe
O4 - HKLM\..\Run: [HKLM\Windows® NetMeeting] C:\Program Files (x86)\ca32\ca32.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\jack\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Video Library] C:\Windows\system32\rundll32.exe C:\Users\jack\AppData\Local\Temp\Rpcqt.dll,Sets
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [svchost] C:\Users\jack\AppData\Roaming\local.exe
O4 - HKCU\..\Run: [HKCU\Windows® NetMeeting] C:\Program Files (x86)\ca32\ca32.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchost] C:\Users\jack\AppData\Roaming\local.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies\Windows® NetMeeting] C:\Program Files (x86)\ca32\ca32.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies\Windows® NetMeeting] C:\Program Files (x86)\ca32\ca32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Joystick 2 Mouse.lnk = C:\Program Files (x86)\Joystick 2 Mouse 3\Joystick 2 Mouse.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\jack\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jack\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: RemoteX Server (__RemoteX__) - http://www.PEEPLEware.com - C:\Program Files (x86)\RemoteX\RemoteX.exe

--
End of file - 14860 bytes


See More: strange virus/spyware(?) gmail killer?

Report •

#1
December 26, 2010 at 11:51:42
Taking a look at the hijack this log file. Might take a few hours. sorry if it is a while

mike


Report •

#2
December 26, 2010 at 14:34:10
no, thank you so much... i really really am so grateful. On a further note, I got the email via my school e-mail address that someone responded to my query with a link, so i clicked on it, and lo and behold, once again, the browser shuts down and i.e. opens up. I swear to god, if there's anything connected to gmail "it" whatever "it" is seems to recognize it... creepy

Report •

#3
December 26, 2010 at 15:35:02
Are you getting any sort of weird pop up's at all?.. I've also noticed by looking through your log you have Uniblue Registry Booster. I would uninstall that via the Add/Remove programs function in Windows as it's not really a trusted program, and can cause slow downs on your PC, and etc. Also, what were you doing before this started happening?..Did you update/upgrade Internet Explorer, or any of the other browsers you have?.

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

Related Solutions

#4
December 26, 2010 at 15:53:44
no, no weird popup... the only weird popup would be internet explorer i guess. I don't recall doing anything particularly unusual, definitely didn't upgrade anything... i'll try uninstalling uniblue... in fact i don't even know that is. I'll get back to you. Thanks for trying.

I just fear that even if i do decide to reformat, my damn gmail is affected. I can't access crap.


Report •

#5
December 26, 2010 at 15:55:45
doesn't seem to be a uniblue registry thingy in my add/remove program. Oy ... what to do...

Report •

#6
December 26, 2010 at 15:56:37
oh yeah, for a short this thing kept on popping up like ca32.exe is ______. It popped up CONSISTENLY, then once i restarted my laptop 2-3 times it went away

Report •

#7
December 26, 2010 at 18:30:36

Report •

#8
December 27, 2010 at 01:21:29
full scan via program you recommended


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5402

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/27/2010 3:19:41 AM
mbam-log-2010-12-27 (03-19-32).txt

Scan type: Full scan (C:\|L:\|)
Objects scanned: 309136
Time elapsed: 47 minute(s), 59 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 8
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
c:\Users\jack\AppData\Local\Temp\5329384_bsszs.exe (Trojan.Agent) -> 1364 -> No action taken.
c:\Users\jack\AppData\Local\Temp\nsti.exe (Virus.Agent) -> 5004 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{EAEBA2FB-0EBC-B4BC-6A19-FBE5BF9EC8B9} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EAEBA2FB-0EBC-B4BC-6A19-FBE5BF9EC8B9} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{EAEBA2FB-0EBC-B4BC-6A19-FBE5BF9EC8B9} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1N20ND8I-8XH6-43R0-RI2G-DAABKI3LEMJ6} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1N20ND8I-8XH6-43R0-RI2G-DAABKI3LEMJ6} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Value: svchost -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\svchost (Trojan.Agent) -> Value: svchost -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Value: svchost -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM\Windows® NetMeeting (Trojan.Agent) -> Value: Windows® NetMeeting -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies\Windows® NetMeeting (Trojan.Agent) -> Value: Windows® NetMeeting -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU\Windows® NetMeeting (Trojan.Agent) -> Value: Windows® NetMeeting -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies\Windows® NetMeeting (Trojan.Agent) -> Value: Windows® NetMeeting -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Video Library (Trojan.Agent) -> Value: Video Library -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe C:\Users\jack\AppData\Roaming\lsass.exe) Good: (Explorer.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\jack\AppData\Local\Temp\5329384_bsszs.exe (Trojan.Agent) -> No action taken.
c:\Users\jack\AppData\Local\Temp\nsti.exe (Virus.Agent) -> No action taken.
c:\Users\jack\AppData\Roaming\local.exe (Trojan.Agent) -> No action taken.
c:\program files (x86)\ca32\ca32.exe (Trojan.Agent) -> No action taken.
c:\program files (x86)\activision\call of duty 4 - modern warfare\#readme#\rzr-cod4-keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\program files (x86)\super meat boy\uninstall.exe (Malware.Packer.Krunchy) -> No action taken.
c:\program files (x86)\trend micro\hijackthis\backups\backup-20101226-115959-612-ca32.exe (Trojan.Agent) -> No action taken.
c:\Users\jack\AppData\Local\Temp\204698942_is.exe (Trojan.Agent) -> No action taken.
c:\Users\jack\AppData\Local\Temp\204762559_is.exe (Trojan.Agent) -> No action taken.
c:\Users\jack\AppData\Local\Temp\204877766_is.exe (Trojan.Agent) -> No action taken.
c:\Users\jack\AppData\Local\Temp\205235898_is.exe (Trojan.Agent) -> No action taken.
c:\Users\jack\AppData\Local\Temp\205571253_is.exe (Trojan.Agent) -> No action taken.
c:\Users\jack\AppData\Local\Temp\206030239_bsszs.exe (Trojan.Agent) -> No action taken.
c:\Users\jack\AppData\Local\Temp\221763424_bsszs.exe (Trojan.Agent) -> No action taken.
c:\Users\jack\AppData\Local\Temp\44201713_bsszs.exe (Trojan.Agent) -> No action taken.
c:\Users\jack\AppData\Roaming\data.dat (Stolen.Data) -> No action taken.


Report •

#9
December 27, 2010 at 01:40:41
ok, i tried getting rid of all the stuff in malware, then my computer shuts down and restarts with a blue screen stating that some program went wrong, blah blah blah, and it just restarts... speaking of which, i experienced that quite a bit the last couple of days but just dismissed it as nothing much.

Report •

#10
December 27, 2010 at 10:43:13
Reboot into safe mode (restarting your computer and tapping F8), then try rescanning with Malware Bytes again, please. Also, which version of Windows 7 are you running?.. 32bit or 64bit.

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

#11
December 27, 2010 at 15:30:26
holy crap, it worked. thank you so much!!!!

still can't access my gmail although i think it has more to do with gmail clamping it up after incessantly trying to access it.


Report •

#12
December 27, 2010 at 18:28:56
You're very welcome!. What is the error (if any is given) when you try to access Gmail?.

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

#13
December 27, 2010 at 18:42:33
nothing peculiar. It just tells me that my password and/or email address is wrong.. which i know is patently false as I know them both by heart and have used them for 3 years now.

I think this may have been caused because i input the email/password "wrong" so many times while the malware was active. I can get access to more info if I haven't checked up on the email in 5 days, so i'll proceed from there.


Report •

#14
December 27, 2010 at 19:10:08
Google most likely locked you out as a security measure. Click the "Can't access your account ?" link, and then try the "Forgot Password" option, unless you have?.

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

Ask Question