Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP taskbar changes appearance


  • Please log in to reply
No replies to this topic

#1 Jireh

Jireh

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 06 February 2011 - 02:25 AM

Hi,

I got a problem with my computer and everytime I boot it up, after several minutes of gaming/surfing my taskbar changes appearace prolly windows classic style..

and minutes later.. my internet connection stops plus theres no more sound on anything..

I have read other threads about this kind of problem and I have downloaded MBAM and heres the result..

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5688

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/6/2011 3:13:23 PM
mbam-log-2011-02-06 (15-13-13).txt

Scan type: Quick scan
Objects scanned: 191447
Time elapsed: 14 minute(s), 3 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 21
Registry Values Infected: 12
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 43

Memory Processes Infected:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 196 -> No action taken.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 2560 -> No action taken.

Memory Modules Infected:
c:\windows\system32\oxksrtel.dll (IPH.GenericBHO) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F989B4BB-863E-2941-DC6E-14EB2FDCE6CB} (IPH.GenericBHO) -> No action taken.
HKEY_CLASSES_ROOT\Tnqtvbor (IPH.GenericBHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F989B4BB-863E-2941-DC6E-14EB2FDCE6CB} (IPH.GenericBHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F989B4BB-863E-2941-DC6E-14EB2FDCE6CB} (IPH.GenericBHO) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hcissjqf (Rootkit.Agent.BO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FraudPack.Gen) -> Value: JP595IR86O -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\D9L83679SM (Trojan.FraudPack.Gen) -> Value: D9L83679SM -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\Java developer Script Browse (Trojan.Agent) -> Value: Java developer Script Browse -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
c:\program files\dealio toolbar (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\IE (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\IE\4.1 (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res (PUP.Dealio) -> No action taken.
c:\documents and settings\reynaldo home\application data\Dealio (PUP.Dealio) -> No action taken.
c:\documents and settings\reynaldo home\application data\Dealio\res (PUP.Dealio) -> No action taken.
c:\documents and settings\reynaldo home\application data\Dealio\temp (PUP.Dealio) -> No action taken.
c:\WINDOWS\system32\config\systemprofile\application data\Dealio (PUP.Dealio) -> No action taken.
c:\WINDOWS\system32\config\systemprofile\application data\Dealio\res (PUP.Dealio) -> No action taken.
c:\WINDOWS\system32\config\systemprofile\application data\Dealio\temp (PUP.Dealio) -> No action taken.

Files Infected:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> No action taken.
c:\windows\system32\oxksrtel.dll (IPH.GenericBHO) -> No action taken.
c:\WINDOWS\Temp\Hbr.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\WINDOWS\Temp\Hbq.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\windows\system32\drivers\hcissjqf.sys (Rootkit.Agent.BO) -> No action taken.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack.Gen) -> No action taken.
c:\program files\dealio toolbar\IE\4.1\dealiotoolbarie.dll (PUP.Dealio) -> No action taken.
c:\program files\youtube downloader toolbar\IE\4.1\youtubedownloadertoolbarie.dll (PUP.Dealio) -> No action taken.
c:\WINDOWS\Temp\Hbp.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\WINDOWS\Temp\frcg\setup.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Temp\0.7129596430943952.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\0.67049705690219.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> No action taken.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\widgihelper.exe (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\IE\4.1\config.ini (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\amazon.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\apple.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\barnes.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\bestbuy.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\dealio_logo.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\dealio_logo_hover.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\ebay.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\icon_settings.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\macys.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\newegg.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\overstock.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\search-button-hover.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\search-button.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\search-chevron-hover.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\search-chevron.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\search_amazon.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\search_dealio.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\search_ebay.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\search_yahoo.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\target.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\walmart.gif (PUP.Dealio) -> No action taken.
c:\program files\dealio toolbar\Res\widgets.xml (PUP.Dealio) -> No action taken.
c:\documents and settings\reynaldo home\application data\Dealio\res\widgets.xml (PUP.Dealio) -> No action taken.
c:\documents and settings\reynaldo home\application data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[channel_id]&ccv=[code_ver]&isn=[isn].xml (PUP.Dealio) -> No action taken.
c:\WINDOWS\system32\config\systemprofile\application data\Dealio\res\widgets.xml (PUP.Dealio) -> No action taken.
c:\WINDOWS\system32\config\systemprofile\application data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[channel_id]&ccv=[code_ver]&isn=[isn].xml (PUP.Dealio) -> No action taken.


Hope you help me .. THANKS!

Well is that the right thing to post? I just saved that log and copied here..

Edited by hamluis, 06 February 2011 - 06:14 AM.
Moved from XP forum to Am I Infected.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users