Tech Support Forum banner
Status
Not open for further replies.

Incredibly slow computer in general, repeated infection

1K views 3 replies 1 participant last post by  peeteeuk 
#1 ·
Hi there,
Firstly AVG keep deleting Trojan horse Generic10.FPW but it comes straight back, I get pop-ups from joylandcasino.com & admedia365.com, when logging in I get .dll errors, AVG keeps having to change my host file & my wife has lots of problems trying to access her Hotmail. I think it might be something to do with an MSN link that I clicked on about a month ago, it looked like it was from a buddy but I don't think it was 'cos another couple of buddies sent the same link shortly after.
Thanks!!!

Deckard's System Scanner v20071014.68
Run by Petee on 2008-03-30 12:06:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-03-30 11:06:24 UTC - RP324 - Deckard's System Scanner Restore Point
4: 2008-03-30 00:26:53 UTC - RP323 - System Checkpoint
3: 2008-03-28 22:30:50 UTC - RP322 - Installed Java(TM) 6 Update 5
2: 2008-03-28 01:48:53 UTC - RP321 - Software Distribution Service 3.0
1: 2008-03-27 21:09:19 UTC - RP320 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-30 12:08:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Documents and Settings\Petee\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AAF4D0-0A18-4F2B-84AB-13C73F85B5C7} - C:\WINDOWS\system32\awvtt.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\myghtsaw.dll
O2 - BHO: (no name) - {310FFD26-A1DA-4072-9631-E2862A9E47FA} - C:\WINDOWS\system32\vturr.dll
O2 - BHO: (no name) - {498CD632-515F-42FB-9256-5C78E50A8267} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {4D1E4976-EDE9-4318-B8FA-E0DFCEF19C40} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ACC7F548-E5B8-4DC3-9BE2-75C55AB1349F} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: {58a1085e-71a6-b09b-8164-245e51b4e04b} - {b40e4b15-e542-4618-b90b-6a17e5801a85} - C:\WINDOWS\system32\olgtnbgx.dll (file missing)
O2 - BHO: (no name) - {C4CF2852-B70C-4132-847C-781E86F8A611} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {F26511D5-096C-4D11-803C-147807D5F493} - (no file)
O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - C:\WINDOWS\system32\fccaayw.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [d055954a] rundll32.exe "C:\WINDOWS\system32\oehemgkc.dll",b
O4 - HKLM\..\Run: [BMd366a6d6] Rundll32.exe "C:\WINDOWS\system32\xxuxiuhb.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [kdx] C:\Program Files\KHost.exe -all
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://download.windowsupdate.microsoft.com (HKCU)
O15 - Trusted Zone: http://update.microsoft.com (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.shockwave.com/content/trijinx/sis/TriJinx.1.0.0.86.cab
O16 - DPF: {436ABEF3-3479-4703-B4A9-64268AEFFEE9} (SopCore Control) - http://www.joytopic.com/download/SOPCORE.CAB
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/25.24/uploader2.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://sell-vehicle.ebay.co.uk/images/eps/eBay_Enhanced_Picture_Control_v1-0-3-50.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} () - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B0E217EB-A47A-420F-9F3D-A5A5899BF4DA}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: fccaayw - C:\WINDOWS\system32\fccaayw.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


--
End of file - 13832 bytes

-- HijackThis Fixed Entries (C:\Downloads\backups\) ----------------------------

backup-20070722-165117-180 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20070722-165117-401 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20070722-165117-811 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20070722-173429-965 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20070722-173727-188 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20070722-173727-408 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20070722-173727-583 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20070722-173727-908 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SPLITCAM (Splitcam, WDM Camera Stream Splitter) - c:\windows\system32\drivers\splitcam.sys <Not Verified; LoteSoft Co.; Video Capture Splitter driver>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 catchme - c:\docume~1\petee\locals~1\temp\catchme.sys (file missing)
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6630
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6500s-1
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6500s-1
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-03-30 09:35:54 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-03-30 03:00:00 330 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-03-29 21:15:01 320 --a------ C:\WINDOWS\Tasks\FRU Task $ContextID$.job
2008-03-28 15:10:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-29 and 2008-03-30 -----------------------------

2008-03-28 23:32:32 0 d-------- C:\Program Files\Trend Micro
2008-03-28 22:44:09 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 22:33:33 0 d-------- C:\ie-spyad_zo
2008-03-28 10:26:16 92736 --a------ C:\WINDOWS\system32\xxuxiuhb.dll
2008-03-27 22:33:50 0 d-------- C:\AAAAAAAAAAAAAAAAAAAARGH!
2008-03-25 10:25:10 53312 --a------ C:\WINDOWS\system32\myghtsaw.dll
2008-03-25 10:22:16 91200 --a------ C:\WINDOWS\system32\pybeeqkx.dll
2008-03-24 10:21:45 91200 --a------ C:\WINDOWS\system32\morvbmyb.dll
2008-03-22 18:40:44 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-22 18:25:49 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-22 17:13:26 92224 --a------ C:\WINDOWS\system32\wedxiuft.dll
2008-03-21 17:11:23 91712 --a------ C:\WINDOWS\system32\caxutmih.dll
2008-03-20 15:18:24 247226 --ahs---- C:\WINDOWS\system32\rrutv.ini2
2008-03-20 15:18:22 299008 --a------ C:\WINDOWS\system32\vturr.dll
2008-03-19 22:49:04 0 d-------- C:\logs3
2008-03-18 23:13:06 256949 --ahs---- C:\WINDOWS\system32\efhkj.ini2
2008-03-17 20:35:14 266283 --ahs---- C:\WINDOWS\system32\knnmp.ini2
2008-03-17 09:00:26 203247 --ahs---- C:\WINDOWS\system32\ccbeg.ini2
2008-03-16 19:46:25 0 d--h----- C:\WINDOWS\PIF
2008-03-15 21:50:21 98368 --a------ C:\WINDOWS\system32\ecmshess.dll
2008-03-15 21:49:41 201769 --ahs---- C:\WINDOWS\system32\cccdd.ini2
2008-03-15 13:33:22 0 d-------- C:\Documents and Settings\Josh.POOTER\Application Data\Winamp
2008-03-15 13:13:56 0 d-------- C:\Documents and Settings\Josh.POOTER\Phone Browser
2008-03-15 13:13:53 0 d-------- C:\Documents and Settings\Josh.POOTER\Application Data\Nokia Multimedia Player
2008-03-15 13:11:37 0 d-------- C:\Documents and Settings\Josh.POOTER\Application Data\Nokia
2008-03-15 10:30:34 98368 --a------ C:\WINDOWS\system32\qcfuhjwp.dll
2008-03-15 09:57:33 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-14 20:49:55 96832 --a------ C:\WINDOWS\system32\isyydosb.dll
2008-03-14 20:49:12 34 --a------ C:\WINDOWS\system32\d05587c4
2008-03-09 19:01:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-08 14:29:24 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-03-08 14:28:36 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-03-07 20:47:36 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-07 10:11:04 195131 --ahs---- C:\WINDOWS\system32\ttvwa.ini2
2008-03-06 20:44:20 0 d-------- C:\Program Files\iPod
2008-03-06 20:38:20 0 d-------- C:\Program Files\QuickTime
2008-03-06 00:49:52 42496 --a------ C:\WINDOWS\system32\wvuurrs.dll
2008-03-06 00:15:07 42496 --a------ C:\WINDOWS\system32\vtursrs.dll
2008-03-06 00:11:36 42496 --a------ C:\WINDOWS\system32\fccaayw.dll
2008-03-02 11:12:13 0 d-------- C:\Program Files\ImTOO
2008-03-02 09:29:03 0 d-------- C:\Program Files\Avex
2008-03-02 09:22:54 0 d-------- C:\Program Files\WinXMedia
2008-03-01 17:55:48 0 d-------- C:\Documents and Settings\Petee\Application Data\Nokia Multimedia Player
2008-03-01 17:35:39 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-01 17:35:16 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-01 17:23:41 0 d-------- C:\Program Files\XviD


-- Find3M Report ---------------------------------------------------------------

2008-03-30 12:06:43 0 d-------- C:\Documents and Settings\Petee\Application Data\Free Download Manager
2008-03-30 11:57:02 0 d-------- C:\Documents and Settings\Petee\Application Data\Skype
2008-03-28 23:33:05 0 d-------- C:\Program Files\Java
2008-03-28 23:06:52 0 d-------- C:\Program Files\SpywareBlaster
2008-03-28 21:21:06 0 d-------- C:\Program Files\Windows Defender
2008-03-28 21:17:54 0 d-------- C:\Program Files\PC Connectivity Solution
2008-03-28 21:17:37 0 d-------- C:\Program Files\Messenger
2008-03-28 21:16:25 0 d-------- C:\Program Files\iTunes
2008-03-28 21:14:09 0 d-------- C:\Program Files\Free Download Manager
2008-03-22 20:01:41 0 d-------- C:\Program Files\Winamp
2008-03-22 19:57:08 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-19 22:49:10 0 d-------- C:\Program Files\Kontiki
2008-03-13 07:24:28 0 d-------- C:\Documents and Settings\Petee\Application Data\AVG7
2008-03-07 20:47:36 0 d-------- C:\Program Files\Common Files
2008-03-02 16:00:41 0 d-------- C:\Documents and Settings\Petee\Application Data\Adobe
2008-03-02 11:11:24 0 d-------- C:\Documents and Settings\Petee\Application Data\uTorrent
2008-03-02 11:10:24 0 d-------- C:\Program Files\MOBILedit!
2008-02-24 23:20:34 0 d-------- C:\Program Files\Google
2008-02-24 22:50:03 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-24 22:43:27 0 d-------- C:\Program Files\Logitech
2008-02-24 22:43:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-24 22:43:04 0 d-------- C:\Program Files\Common Files\Logitech
2008-02-24 20:42:24 0 d-------- C:\Program Files\SpywareGuard
2008-02-21 23:36:38 0 d-------- C:\Program Files\activePDF
2008-02-21 21:06:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-06 16:13:46 3443 --a------ C:\WINDOWS\unins001.dat
2008-02-06 16:07:05 691545 --a------ C:\WINDOWS\unins001.exe
2008-02-01 12:37:23 0 d-------- C:\Program Files\girder


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09AAF4D0-0A18-4F2B-84AB-13C73F85B5C7}]
C:\WINDOWS\system32\awvtt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]
25/03/2008 10:25 53312 --a------ C:\WINDOWS\system32\myghtsaw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{310FFD26-A1DA-4072-9631-E2862A9E47FA}]
20/03/2008 15:18 299008 --a------ C:\WINDOWS\system32\vturr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{498CD632-515F-42FB-9256-5C78E50A8267}]
C:\WINDOWS\system32\jkhfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D1E4976-EDE9-4318-B8FA-E0DFCEF19C40}]
C:\WINDOWS\system32\gebcc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACC7F548-E5B8-4DC3-9BE2-75C55AB1349F}]
C:\WINDOWS\system32\ddccc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b40e4b15-e542-4618-b90b-6a17e5801a85}]
C:\WINDOWS\system32\olgtnbgx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4CF2852-B70C-4132-847C-781E86F8A611}]
C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F26511D5-096C-4D11-803C-147807D5F493}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBD29C3C-C642-4843-A627-6E54A947B511}]
06/03/2008 00:11 42496 --a------ C:\WINDOWS\system32\fccaayw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [03/06/2004 20:51]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/10/2007 18:14]
"nwiz"="nwiz.exe" [04/10/2007 18:14 C:\WINDOWS\system32\nwiz.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21/12/2007 03:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [20/12/2007 16:16]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 16:10]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/10/2007 18:14]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 20:20]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 16:32 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 16:32 C:\WINDOWS\KHALMNPR.Exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/09/2007 18:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"d055954a"="C:\WINDOWS\system32\oehemgkc.dll" []
"BMd366a6d6"="C:\WINDOWS\system32\xxuxiuhb.dll" [28/03/2008 10:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/07/2007 17:10]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [24/06/2007 09:42]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"kdx"="C:\Program Files\KHost.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [09/04/2003 19:21:38]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [09/04/2003 19:11:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBD29C3C-C642-4843-A627-6E54A947B511}"= C:\WINDOWS\system32\fccaayw.dll [06/03/2008 00:11 42496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaayw]
fccaayw.dll 06/03/2008 00:11 42496 C:\WINDOWS\system32\fccaayw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vturr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"kdx"=C:\Program Files\Kontiki\KHost.exe -all

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"4oD"="C:\Program Files\Kontiki\KHost.exe" -all
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"BMd366a6d6"=Rundll32.exe "C:\WINDOWS\system32\lfallsnx.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8035 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-30 12:09:38 ------------
 

Attachments

See less See more
#2 ·
Sorry, forgot the Panda scan



Incident Status Location

Potentially unwanted tool:Application/PassRock Not disinfected C:\Completed Torrents\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe
Virus:Generic Trojan Not disinfected C:\Completed Torrents\(app) windows xp KeyGens & Cracks & Appz\Windows 2003 & XP Anti Product Activation Crack 1.8 Beta 2.rar[WPA_Kill.exe]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@adserver.easyad[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@advertising[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@advertising[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@anm.co[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@azjmp[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@bs.serving-sys[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@doubleclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@go[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@statcounter[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@trafficmp[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carrie\Cookies\carrie@xiti[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@247realmedia[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@ads.pointroll[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@adtech[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@anm.co[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@azjmp[1].txt
Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@bilbo.counted[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@burstnet[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@com[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@hc2.humanclick[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@serving-sys[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Cookies\carrie@tribalfusion[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Local Settings\Temp\Cookies\carrie@adopt.hbmediapro[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Carrie\My Documents\Carrie\Local Settings\Temp\Cookies\carrie@xmts[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jackson\Cookies\jackson@go[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Josh\Cookies\josh@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Josh\Cookies\josh@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Josh\Cookies\josh@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Josh\Cookies\josh@burstnet[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Josh\Cookies\josh@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Josh\Cookies\josh@cgi-bin[7].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Josh\Cookies\josh@com[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Josh\Cookies\josh@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Josh\Cookies\josh@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Josh\Cookies\josh@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Josh\Cookies\josh@drivecleaner[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Josh\Cookies\josh@go[1].txt
Spyware:Cookie/Starware Not disinfected C:\Documents and Settings\Josh\Cookies\josh@h.starware[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Josh\Cookies\josh@i.screensavers[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Josh\Cookies\josh@questionmarket[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Josh\Cookies\josh@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Josh\Cookies\josh@serving-sys[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Josh\Cookies\josh@toplist[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Josh\Cookies\josh@trafficmp[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Josh\Cookies\josh@tucows[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Josh\Cookies\josh@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Josh\Cookies\josh@www.myaffiliateprogram[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Josh\Cookies\josh@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Josh\Cookies\josh@xmts[2].txt
Adware:Adware/NomoreClicking Not disinfected C:\Documents and Settings\Josh\Local Settings\Temp\E_4\shell.fne
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\Josh\Local Settings\Temp\SHNT288.exe
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\Josh\Local Settings\Temp\SHNTK.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@adrevolver[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@adtech[2].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@adviva[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@anm.co[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@anm.co[3].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@as1.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@azjmp[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@com[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@errorsafe[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@go[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@overture[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@serving-sys[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@serving-sys[3].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@statse.webtrendslive[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@tradedoubler[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@tradedoubler[3].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@www.errorsafe[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Josh.POOTER\Cookies\josh@yadro[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Petee\Cookies\petee@ads.addynamix[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Petee\Cookies\petee@anm.co[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Petee\Cookies\petee@atdmt[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Petee\Cookies\petee@atdmt[3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Petee\Cookies\petee@atwola[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Petee\Cookies\petee@bs.serving-sys[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Petee\Cookies\petee@com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Petee\Cookies\petee@com[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Petee\Cookies\petee@fortunecity[2].txt
Spyware:Cookie/Starware Not disinfected C:\Documents and Settings\Petee\Cookies\petee@h.starware[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Petee\Cookies\petee@hc2.humanclick[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Petee\Cookies\petee@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Petee\Cookies\petee@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Petee\Cookies\petee@overture[3].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Petee\Cookies\petee@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Petee\Cookies\petee@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Petee\Cookies\petee@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Petee\Cookies\petee@serving-sys[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Petee\Cookies\petee@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Petee\Cookies\petee@www.burstbeacon[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Petee\Cookies\petee@xiti[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Petee\Cookies\petee@xiti[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@adrevolver[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@adtech[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@atdmt[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@azjmp[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@burstnet[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@clickbank[1].txt
Spyware:Cookie/Dbbsrv Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@dbbsrv[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@fastclick[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@media.adrevolver[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@questionmarket[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@serving-sys[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@serving-sys[3].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@statse.webtrendslive[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@trafficmp[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tracy\Cookies\tracy@zedo[2].txt
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Tracy\Local Settings\Temp\omwmgwyu.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Downloads\ComboFix.exe[nircmd.exe]
Spyware:Spyware/Iehelp Not disinfected C:\RECYCLER\S-1-5-21-1454471165-2111687655-682003330-1006\Dc3\iWin Games\AdminWorker.exe
Spyware:Spyware/Iehelp Not disinfected C:\RECYCLER\S-1-5-21-1454471165-2111687655-682003330-1006\Dc3\iWin Games\firefox\iWinArcadeLauncher.exe
Spyware:Spyware/Iehelp Not disinfected C:\RECYCLER\S-1-5-21-1454471165-2111687655-682003330-1006\Dc3\iWin Games\iWinGamesHookIE.dll
Spyware:Spyware/Iehelp Not disinfected C:\RECYCLER\S-1-5-21-1454471165-2111687655-682003330-1006\Dc5\AdminWorker.exe
Spyware:Spyware/Iehelp Not disinfected C:\RECYCLER\S-1-5-21-1454471165-2111687655-682003330-1006\Dc5\firefox\iWinArcadeLauncher.exe
Spyware:Spyware/Iehelp Not disinfected C:\RECYCLER\S-1-5-21-1454471165-2111687655-682003330-1006\Dc5\iWinGamesHookIE.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-1454471165-2111687655-682003330-1011\Dc6\FindT\nircmd.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ecmshess.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qcfuhjwp.dll
Adware:Adware/Pics-Factory Not disinfected F:\Incoming\Adobe Photoshop Elements v5.0 NEW KeyGen Crack (seed)(1).rar[Adobe Photoshop Elements v5.0 NEW KeyGen Crack (seed).exe]
Adware:Adware/Pics-Factory Not disinfected F:\Incoming\Adobe Photoshop Elements v5.0 NEW KeyGen Crack (seed)(1).rar[Adobe Photoshop Elements v5.0 NEW KeyGen Crack (seed).exe][zinserfolg.de.dll]
Adware:Adware/Pics-Factory Not disinfected F:\Incoming\Adobe Photoshop Elements v5.0 New Keygen Crack (Seed).rar[Adobe Photoshop Elements v5.0 NEW KeyGen Crack (seed).exe]
Adware:Adware/Pics-Factory Not disinfected F:\Incoming\Adobe Photoshop Elements v5.0 New Keygen Crack (Seed).rar[Adobe Photoshop Elements v5.0 NEW KeyGen Crack (seed).exe][zinserfolg.de.dll]
 
#3 ·
Also getting Visual C++ Runtime Library error, Buffer overrun detected!

Program: C:\WINDOWS\Explorer.EXE
A buffer ocerrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top