Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

hjt log please help don know whats wrong

This is a discussion on hjt log please help don know whats wrong within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. my computer got some weird background that said warning spyware has been spotted on your computer. and i cant go


 
 
Thread Tools Search this Thread
Old 09-07-2007, 02:15 PM   #1
Guest
 
Join Date: Sep 2007
Posts: 13
OS:



my computer got some weird background that said warning spyware has been spotted on your computer. and i cant go on a lot of web pages and this stupid spyware program hijacked my computer help apprecaited this is the log

Logfile of HijackThis v1.99.1
Scan saved at 4:14:22 PM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\system32\lpdsrngm.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\LiveProtectSetup.exe
C:\Program Files\LiveProtect\LiveProtect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\owner\Desktop\HJT\cool3.exe.exe

F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\winlogon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: as_ie_monitor.ie_monitor - {0723CAE4-C2AB-4995-B749-6BC9BE984564} - C:\Program Files\AntispyStorm\as_ie_monitor.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\system32\9445817.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: Editor plugin - {9F1D47EA-80B7-4f21-A9D3-3738F20596EE} - diskdr.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\winlogon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pipmon] pipmon.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\rwinqmdt.exe D4M001
O4 - HKLM\..\Run: [{6A-AA-A9-98-ZN}] C:\WINDOWS\system32\lpdsrngm.exe D4M001
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [LiveProtect] "C:\Program Files\LiveProtect\LiveProtect.exe" -h
O4 - HKLM\..\Run: [AntispyStorm] C:\Program Files\AntispyStorm\AntispyStorm.exe
O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\winlogon.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [con] C:\WINDOWS\system32\dllh8jkd1q2.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lpdsrngm.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\rwinqmdt.exe
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\b3duZXI\command.exe (file missing)
O23 - Service: DHCP Client DhcpMSCSPTISRV (DhcpMSCSPTISRV) - Unknown owner - C:\WINDOWS\system32\a15h.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Themes Themes System Manager (Themes System Manager) - Unknown owner - C:\WINDOWS\system32\1028d.exe
O23 - Service: Windows Port Interpreter For Service Pack 2 and Windows 2000 (Windows Port Interpreter) - Unknown owner - C:\WINDOWS\repair\svchost.exe (file missing)
luch559 is offline  
Sponsored Links
Advertisement
 
Old 09-08-2007, 10:31 AM   #2
Security Team
Colleague
 
Trevuren's Avatar
 
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC



Hi luch559 and welcome to the TechSupportForums

My name is Trevuren and I will be helping you with your problem.


A. Using the Add/Remove Program module in your Control Panel, please UNINSTALL the following program:

AntispyStorm

Justification can be found here: https://www.bleepingcomputer.com/uninstall/all.html


B. Please provide a list of uninstallable programs.

To Provide a List of Installed Programs
  1. Run HijackThis.
  2. Click Config>>Miscellaneous Tools>>Open Uninstall Manager>>Save List
  3. Save list to Desktop
  4. Copy the Notepad list and Paste it into this thread.


C. Please download this file - combofix.exe by sUBs
  • Save it to your Desktop
  • Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

    Quote:
    "%userprofile%\desktop\ComboFix.exe" /KillAll




  • Click OK and this will start ComboFix in a special way.
  • When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

* Reconnect to the internet

* Post the following logs/Reports:
  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.


D. Reports/logs to Post:
  • List of Uninstallable Programs
  • ComboFix.txt
  • New HijackThis log.
Trevuren is offline  
Old 09-11-2007, 01:58 PM   #3
Guest
 
Join Date: Sep 2007
Posts: 13
OS:



Logfile of HijackThis v1.99.1
Scan saved at 15:51, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\windows\system32\dwdsrngt.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\Documents and Settings\owner\Desktop\HJT\cool3.exe.exe

F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\winlogon.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {0723CAE4-C2AB-4995-B749-6BC9BE984564} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: Editor plugin - {9F1D47EA-80B7-4f21-A9D3-3738F20596EE} - diskdr.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\winlogon.exe
O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\winlogon.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: MSN Messenger - {280A7B65-8F00-438F-3E5A-1F039433FE60} - C:\WINDOWS\system32\dssdll32.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DHCP Client DhcpMSCSPTISRV (DhcpMSCSPTISRV) - Unknown owner - C:\WINDOWS\system32\a15h.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Themes Themes System Manager (Themes System Manager) - Unknown owner - C:\WINDOWS\system32\1028d.exe
O23 - Service: Windows Port Interpreter For Service Pack 2 and Windows 2000 (Windows Port Interpreter) - Unknown owner - C:\WINDOWS\repair\svchost.exe (file missing)





UNINSTALL LIST
µTorrent
4U AVI MPEG Converter (version 5.2.9)
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
ATI - Software Uninstall Utility
ATI Display Driver
Command
DivX
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
Easy Icon Maker
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
InterActual Player
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 8
Magic ISO Maker v5.3 (build 0216)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero - Burning Rom
NETGEAR WPN311 Wireless Adapter
Network Monitor
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Outerinfo
****Streamer
PS3.ProxyServer
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
SonicStage 4.3
System Live Protect 5.9
Ulead DVD Player
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
Zune









ComboFix 07-09-10.6 - "owner" 2007-09-10 15:36:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.173 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\DOCUME~1\owner.\SecMon.sys
C:\DOCUME~1\owner\APPLIC~1\install.dat
C:\DOCUME~1\owner\APPLIC~1\macromedia\Flash Player\#SharedObjects\HPFUSVUM\www.broadcaster.com
C:\DOCUME~1\owner\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\owner\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\owner\Desktop\System Live Protect.lnk
C:\DOCUME~1\owner\LOCALS~1\APPLIC~1.\n.ini
C:\DOCUME~1\owner\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\DOCUME~1\owner\STARTM~1\Programs\Startup\ta_start.lnk
C:\DOCUME~1\owner\STARTM~1\Programs\Startup\think-adz.lnk
C:\DOCUME~1\owner\STARTM~1\Programs\System Live Protect
C:\DOCUME~1\owner\STARTM~1\Programs\System Live Protect\System Live Protect Web site.url
C:\DOCUME~1\owner\STARTM~1\Programs\System Live Protect\System Live Protect.lnk
C:\DOCUME~1\owner\STARTM~1\Programs\System Live Protect\Uninstall.lnk
C:\i
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\WinTouchInstaller_channel1.exe
C:\Program Files\LiveProtect
C:\Program Files\LiveProtect\config.ini
C:\Program Files\LiveProtect\LiveProtect.exe
C:\Program Files\LiveProtect\uninstall.exe
C:\Program Files\LiveProtect\VDB.DAT
C:\Program Files\LiveProtect\VDB2.DAT
C:\Program Files\LiveProtect\VDB3.DAT
C:\Program Files\LiveProtect\VDB4.DAT
C:\Program Files\LiveProtect\VDB5.DAT
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe~
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\vsadd-in
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\Program Files\winpop\winpop.exe~
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\b103.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b3duZXI\asappsrv.dll
C:\WINDOWS\csrss.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\retadpu.exe
C:\WINDOWS\servicepackfiles\data.ini
C:\WINDOWS\servicepackfiles\free.exe
C:\WINDOWS\ServicePackFiles\free.exe.bak
C:\WINDOWS\servicepackfiles\i386\mswsock.dll
C:\WINDOWS\ServicePackFiles\mmsx.exe.bak
C:\WINDOWS\ServicePackFiles\msproxy.exe.bak
C:\WINDOWS\servicepackfiles\services.exe
C:\WINDOWS\servicepackfiles\www.google.com
C:\WINDOWS\servicepackfiles\www.google.com\favicon.ico
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp0.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp1.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp2.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp3.gif
C:\WINDOWS\servicepackfiles\www.google.com\index.html
C:\WINDOWS\servicepackfiles\www.google.com\thank.html
C:\WINDOWS\system32\9445817.dll
C:\WINDOWS\system32\arcac.exe
C:\WINDOWS\system32\arcac.exe.bak
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\dllcache\mswsock.dll
C:\WINDOWS\system32\dllh8jkd1q1.exe
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q5.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\etc\hosts.tim
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\f03WtR
C:\WINDOWS\system32\f03WtR\f03WtR1066.exe
C:\WINDOWS\system32\f06WtR
C:\WINDOWS\system32\f06WtR\f06WtR1083.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\max1d11643v.exe
C:\WINDOWS\system32\milis.dll
C:\WINDOWS\system32\mountr.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\SecMon.sys
C:\WINDOWS\system32\vedxg3am1et3.exe
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\WINDOWS\system32\vedxga4me1.exe
C:\WINDOWS\system32\vedxga5me3.exe
C:\WINDOWS\system32\vedxga8me6.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winbjt32.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wnscpsv32.exe
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\winvip.exe
C:\WINDOWS\winvip.exe.bak
C:\WINDOWS\wml.exe
C:\WINDOWS\xpupdate.exe
C:\windows\xpupdate.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DRIVER
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_SECURITYMONITORINGDRIVER
-------\cmdService
-------\Driver
-------\Network Monitor
-------\SecurityMonitoringDriver
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.

2007-09-10 15:35 51,200 --a------ C:\fawcci.exe
2007-09-10 15:35 28,160 --a------ C:\yydyre.exe
2007-09-10 15:35 25,600 --a------ C:\WINDOWS\system32\drivers\54611bea.sys
2007-09-10 15:35 22,048 --a------ C:\bxykqg.exe
2007-09-10 15:35 17,920 --a------ C:\WINDOWS\system32\drivers\dsniff.sys
2007-09-10 15:35 12,289 --a------ C:\WINDOWS\system32\dssdll32.dll
2007-09-10 15:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-07 15:27 <DIR> d-------- C:\Program Files\AntispyStorm
2007-09-06 15:32 202,240 --a------ C:\onjonuhx.exe
2007-09-06 15:31 760,882 --a------ C:\WINDOWS\system32\LiveProtectSetup.exe
2007-09-06 15:25 51,712 --a------ C:\WINDOWS\system32\diskdr.dll
2007-09-06 15:24 7,712 --a------ C:\WINDOWS\system32\kernelw.sys
2007-09-06 15:24 30,720 --a------ C:\WINDOWS\system32\kernelwind32.exe
2007-09-05 15:36 30,720 --a------ C:\WINDOWS\winh32.exe
2007-09-05 15:32 71,680 --a------ C:\jcsnyyk.exe
2007-09-05 15:32 60,416 -r-hs---- C:\WINDOWS\system32\1028d.exe
2007-09-05 15:32 163,840 --a------ C:\pysvhk.exe
2007-09-05 15:22 <DIR> d-------- C:\Program Files\e-zshopper
2007-09-05 15:22 <DIR> d-------- C:\Program Files\amsys
2007-09-05 15:22 <DIR> d-------- C:\Program Files\akl
2007-09-05 15:22 <DIR> d-------- C:\Program Files\Accoona
2007-09-05 15:20 21,504 --a------ C:\WINDOWS\system32\oembios32.dll
2007-09-05 15:17 69,672 --a------ C:\WINDOWS\system32\lpdsrngm.exe
2007-09-05 13:15 65,536 --a------ C:\sthgnm.exe
2007-09-05 13:15 518 --ahs---- C:\WINDOWS\system32\1358342808.dat
2007-09-05 13:15 125,952 -rahs---- C:\WINDOWS\system32\a15h.exe
2007-09-03 17:22 <DIR> d-------- C:\Program Files\Words
2007-09-03 13:56 420,352 --a------ C:\WINDOWS\system32\AClient.dll
2007-09-03 13:56 335,943 --a------ C:\WINDOWS\system32\rwinqmdt.exe
2007-09-03 13:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-03 13:56 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-09-03 13:55 21,504 --a------ C:\WINDOWS\system32\mstdmc.exe
2007-09-01 19:04 51,712 --a------ C:\WINDOWS\system32\fowlr.dll
2007-09-01 15:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\SonicStage
2007-09-01 15:39 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-01 15:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
2007-09-01 15:32 <DIR> d-------- C:\Program Files\Sony
2007-09-01 15:32 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2007-09-01 15:32 <DIR> d-------- C:\DOCUME~1\owner\APPLIC~1\Sony Corporation
2007-09-01 15:10 51,712 --a------ C:\WINDOWS\system32\stani.dll
2007-09-01 12:05 <DIR> d-------- C:\cygwin
2007-08-31 23:43 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-08-31 23:43 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-08-31 23:43 <DIR> d-------- C:\WINDOWS\system32\capcom
2007-08-31 20:53 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-31 08:07 15,360 --a------ C:\lxfvnm.exe
2007-08-31 08:07 <DIR> d-------- C:\Temp
2007-08-16 03:03 <DIR> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-05 15:22 9728 --a------ C:\WINDOWS\kkcomp$.exe
2007-09-05 15:22 8448 --a------ C:\WINDOWS\ie_32.exe
2007-09-05 15:22 32768 --a------ C:\WINDOWS\daxtime.dll
2007-09-05 15:22 32256 --a------ C:\WINDOWS\xadbrk.exe
2007-09-05 15:22 31488 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-09-05 15:22 30720 --a------ C:\WINDOWS\spredirect.dll
2007-09-05 15:22 29952 --a------ C:\WINDOWS\adbar.dll
2007-09-05 15:22 29696 --a------ C:\WINDOWS\xxxvideo.exe
2007-09-05 15:22 29696 --a------ C:\WINDOWS\kvnab.exe
2007-09-05 15:22 29184 --a------ C:\WINDOWS\hotporn.exe
2007-09-05 15:22 28928 --a------ C:\WINDOWS\kvnab$.exe
2007-09-05 15:22 28672 --a------ C:\WINDOWS\settn.dll
2007-09-05 15:22 27648 --a------ C:\WINDOWS\xadbrk_.exe
2007-09-05 15:22 27648 --a------ C:\WINDOWS\liqad$.exe
2007-09-05 15:22 26112 --a------ C:\WINDOWS\ngd.dll
2007-09-05 15:22 26112 --a------ C:\WINDOWS\liqad.exe
2007-09-05 15:22 25856 --a------ C:\WINDOWS\wbeInst$.exe
2007-09-05 15:22 25088 --a------ C:\WINDOWS\hcwprn.exe
2007-09-05 15:22 25088 --a------ C:\WINDOWS\eventlowg.dll
2007-09-05 15:22 22016 --a------ C:\WINDOWS\kkcomp.exe
2007-09-05 15:22 21248 --a------ C:\WINDOWS\kvnab.dll
2007-09-05 15:22 20736 --a------ C:\WINDOWS\dp0.dll
2007-09-05 15:22 20224 --a------ C:\WINDOWS\liqad.dll
2007-09-05 15:22 19968 --a------ C:\WINDOWS\kkcomp.dll
2007-09-05 15:22 18176 --a------ C:\WINDOWS\pbsysie.dll
2007-09-05 15:22 17664 --a------ C:\WINDOWS\iexplorr23.dll
2007-09-05 15:22 16128 --a------ C:\WINDOWS\aconti.exe
2007-09-05 15:22 14080 --a------ C:\WINDOWS\wbeCheck.exe
2007-09-05 15:22 13568 --a------ C:\WINDOWS\jd2002.dll
2007-09-05 15:22 13056 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-09-05 15:22 12800 --a------ C:\WINDOWS\liqui.exe
2007-09-05 15:22 12800 --a------ C:\WINDOWS\liqui.dll
2007-09-05 15:22 12288 --a------ C:\WINDOWS\xadbrk.dll
2007-09-05 15:22 12288 --a------ C:\WINDOWS\fhfmm.exe
2007-09-05 15:22 11008 --a------ C:\WINDOWS\cbinst$.exe
2007-09-03 22:54 111 --a------ C:\WINDOWS\system32\drivers\fee
2007-09-03 13:57 3031 --a------ C:\WINDOWS\system32\drivers\spyware_detected.gif
2007-09-03 13:57 1381 --a------ C:\WINDOWS\system32\drivers\warning_ico.gif
2007-09-03 13:57 1014 --a------ C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
2007-09-03 13:56 8852 --a------ C:\WINDOWS\system32\drivers\download_btn.jpg
2007-09-03 13:56 877 --a------ C:\WINDOWS\system32\drivers\header_red_bg.gif
2007-09-03 13:56 838 --a------ C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
2007-09-03 13:56 821 --a------ C:\WINDOWS\system32\drivers\shadow_bg.gif
2007-09-03 13:56 72 --a------ C:\WINDOWS\system32\drivers\bg_bg.gif
2007-09-03 13:56 64 --a------ C:\WINDOWS\system32\drivers\close_ico.gif
2007-09-03 13:56 4448 --a------ C:\WINDOWS\system32\drivers\download_now_btn.gif
2007-09-03 13:56 4008 --a------ C:\WINDOWS\system32\drivers\rating.gif
2007-09-03 13:56 3552 --a------ C:\WINDOWS\system32\drivers\cell_header_remove.gif
2007-09-03 13:56 3479 --a------ C:\WINDOWS\system32\drivers\cell_header_scan.gif
2007-09-03 13:56 3313 --a------ C:\WINDOWS\system32\drivers\cell_header_block.gif
2007-09-03 13:56 3216 --a------ C:\WINDOWS\system32\drivers\header_red_free_scan.gif
2007-09-03 13:56 26487 --a------ C:\WINDOWS\system32\drivers\screenshot.jpg
2007-09-03 13:56 1743 --a------ C:\WINDOWS\system32\drivers\remove_spyware_header.gif
2007-09-03 13:56 16977 --a------ C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
2007-09-03 13:56 16941 --a------ C:\WINDOWS\system32\drivers\icon_warning_big.gif
2007-09-03 13:56 1373 --a------ C:\WINDOWS\system32\drivers\cell_footer.gif
2007-09-03 13:56 1342 --a------ C:\WINDOWS\system32\drivers\cell_bg.gif
2007-09-03 08:22 10 --a------ C:\Program Files\.autoreg
2007-09-01 15:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-31 21:37 --------- d-------- C:\DOCUME~1\owner\APPLIC~1\AdobeUM
2007-06-13 05:23 1109504 --a------ C:\WINDOWS\explorer.exe
2006-01-25 12:30 456768 --a------ C:\WINDOWS\inf\WPN311\WPN311.sys
2005-01-27 11:59 35232 --a------ C:\WINDOWS\inf\WPN311\ME_INST.EXE
2005-01-27 11:59 26112 --a------ C:\WINDOWS\inf\WPN311\install.exe
2005-08-02 21:58:38 293,888 --sha-r C:\WINDOWS\b3duZXI\command.exe~
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\b3duZXI\vaxRtrK.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0723CAE4-C2AB-4995-B749-6BC9BE984564}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}]
2007-09-03 13:57 420352 --a------ C:\WINDOWS\system32\AClient.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F1D47EA-80B7-4f21-A9D3-3738F20596EE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236}]
2007-09-05 15:20 21504 --a------ C:\WINDOWS\system32\oembios32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xem"="C:\WINDOWS\ServicePackFiles\winlogon.exe" [2007-09-03 22:55]
"{6A-AA-A9-98-ZN}"="c:\windows\system32\dwdsrngt.exe" [2007-09-10 15:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xem"="C:\WINDOWS\ServicePackFiles\winlogon.exe" [2007-09-03 22:55]

C:\DOCUME~1\owner\STARTM~1\Programs\Startup\
TA_Start.lnk - C:\WINDOWS\system32\dwdsrngt.exe [2007-09-10 15:46:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"MSN Messenger"= {280A7B65-8F00-438F-3E5A-1F039433FE60} - %SystemRoot%\system32\dssdll32.dll [ ]

R1 54611bea.sys;54611bea.sys;\??\C:\WINDOWS\system32\drivers\54611bea.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 dsniff;dsniff;\??\C:\WINDOWS\system32\drivers\dsniff.sys
S2 DhcpMSCSPTISRV;DHCP Client DhcpMSCSPTISRV;C:\WINDOWS\system32\a15h.exe srv
S2 MSDPSV;Distributed Process Services;"C:\WINDOWS\system32\msdpsv.exe"
S2 Themes System Manager;Themes Themes System Manager;C:\WINDOWS\system32\1028d.exe srv
S2 Windows Port Interpreter;Windows Port Interpreter For Service Pack 2 and Windows 2000;"C:\WINDOWS\repair\svchost.exe"
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys
S4 Data System Manager;Data System Manager;"C:\WINDOWS\system32\vcmon.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f481e91-b491-11db-be0f-00161735c9fe}]
AutoRun\command- J:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-09-10 15:45:40
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-10 15:47:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 15:47
.
--- E O F ---
luch559 is offline  
Sponsored Links
Advertisement
 
Old 09-12-2007, 11:09 AM   #4
Security Team
Colleague
 
Trevuren's Avatar
 
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC



Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

* Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
* Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
* Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know.


Trevuren
Trevuren is offline  
Old 09-12-2007, 01:59 PM   #5
Guest
 
Join Date: Sep 2007
Posts: 13
OS:



thats ok that it wont be 100% effective. If what ive done already is all i can do though thank you.
luch559 is offline  
Old 09-12-2007, 02:10 PM   #6
Security Team
Colleague
 
Trevuren's Avatar
 
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC



Forgive me if I did not quite understand your reply. Are you telling me that you would like to continue with the cleanup regardless?


Trevuren
Trevuren is offline  
Old 09-12-2007, 02:48 PM   #7
Guest
 
Join Date: Sep 2007
Posts: 13
OS:



yes please i cant afford to get a new windows operating system lol
luch559 is offline  
Old 09-12-2007, 08:34 PM   #8
Security Team
Colleague
 
Trevuren's Avatar
 
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC



A. Using the Add/Remove Program module in your Control Panel, please UNINSTALL the following programs (if still present), Some are malware or come bundled with malware and some are just programs that you no longer need because you are running a more current version:

µTorrent
Command
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Network Monitor
Outerinfo
System Live Protect 5.9
Viewpoint Manager (Remove Only)
Viewpoint Media Player



B. Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back into a Notepad text file and save it to your desktop. We will need it later


C. ** Please download AVG Anti-Spyware to your Desktop. .
https://www.ewido.net/en/download/

** Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Close ALL open Windows / Programs / Folders.

** Please run a full AVG Anti-Spyware scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Don't select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the
    Save Scan Report
    button before you did hit the
    Apply all Actions
    button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)





    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.


D. Reports/Logs to be submitted:
  • Report.txt from SDFix
  • AVG Log
  • Fresh HJT log
Trevuren is offline  
Old 09-13-2007, 07:38 PM   #9
Guest
 
Join Date: Sep 2007
Posts: 13
OS:



A. Using the Add/Remove Program module in your Control Panel, please UNINSTALL the following programs (if still present), Some are malware or come bundled with malware and some are just programs that you no longer need because you are running a more current version:

µTorrent
Command
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Network Monitor
Outerinfo
System Live Protect 5.9
Viewpoint Manager (Remove Only)
Viewpoint Media Player


I could not remove Command, Network Monitor, and System Live Protect


also

Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.


When the computer restarted Fixtool did not show up (I did not run it in safe mode after i rebooted it) There are a lot of files and things in the Fixtool folder in my c drive so i beleive it did somthing. Also when i started up the load screen none of my icons show up and theres the default background for about 20 min. Then after a while everything shows up and that virus background comes up again.

Thanx
luch559 is offline  
Old 09-13-2007, 09:41 PM   #10
Security Team
Colleague
 
Trevuren's Avatar
 
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC



I am not surprised that some of the programs were not uninstallable as their files were originally removed by ComboFix

Please look in the C:\SDFix folder for a text document called "Report.txt" and post its content into your next reply.

Did you run AVG AS yet and did you save the log as requested?

I will also need a new HijackThis log when all the above is done.

As far as the problems that you encountering, please note that your system is still heavily infected and we are cleaning it a bit at a time. Those logs/reports (SDFix and AVG AS Report) are very important.


Trevuren
Trevuren is offline  
Old 09-15-2007, 09:49 AM   #11
Guest
 
Join Date: Sep 2007
Posts: 13
OS:



I could not find the report in sdfix all i found was somthing that said oldreport1 and it was like the lisence number. thanx again

I have the Hijack this and Antivirus report though
Logfile of HijackThis v1.99.1
Scan saved at 17:20, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system32\kqdsrngk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\TEMP\VRR309.tmp
C:\Documents and Settings\owner\Desktop\HJT\cool3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://google.com/
F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\services.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {0723CAE4-C2AB-4995-B749-6BC9BE984564} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\system32\91261855.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: Editor plugin - {9F1D47EA-80B7-4f21-A9D3-3738F20596EE} - diskdr.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{6A-AA-A9-98-ZN}] C:\windows\system32\kqdsrngk.exe D4M001
O4 - HKLM\..\Run: [pipmon] pipmon.exe
O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\kqdsrngk.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\kwinrldt.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: MSN Messenger - {280A7B65-8F00-438F-3E5A-1F039433FE60} - C:\WINDOWS\system32\dssdll32.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DHCP Client DhcpMSCSPTISRV (DhcpMSCSPTISRV) - Unknown owner - C:\WINDOWS\system32\a15h.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Themes Themes System Manager (Themes System Manager) - Unknown owner - C:\WINDOWS\system32\1028d.exe
O23 - Service: Windows Port Interpreter For Service Pack 2 and Windows 2000 (Windows Port Interpreter) - Unknown owner - C:\WINDOWS\repair\svchost.exe (file missing)






AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:19 9/14/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208} -> Adware.Accoona : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-1202660629-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4} -> Adware.ActivShopper : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-1202660629-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP376\A0065577.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\b3duZXI\command.exe~ -> Adware.CommAd : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\b3duZXI\asappsrv.dll.vir -> Adware.CommAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-746137067-1202660629-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks\amp2pl.exe -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP332\A0061522.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP371\A0063740.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP371\A0064052.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP371\A0064118.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP371\A0065120.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP372\A0065456.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP378\A0069042.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP378\A0070329.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP378\A0071034.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP378\A0072034.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP379\A0075820.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP379\A0078592.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kwinrldt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rwinqmdt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
[1884] C:\WINDOWS\system32\kwinrldt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP376\A0065566.exe -> Dialer.GBDialer.i : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\system32\max1d11643v.exe.vir -> Dialer.GBDialer.i : Cleaned with backup (quarantined).
C:\WINDOWS\b138.exe~ -> Downloader.Agent.cbx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mstdmc.exe -> Downloader.Banload.cil : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\ServicePackFiles\services.exe.vir -> Downloader.CWS.am : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP371\A0065164.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP376\A0065569.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\WINDOWS\b104.exe~ -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP376\A0065592.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\catchme2007-09-10_154535.60.zip/ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP376\A0065572.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP377\A0066573.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP377\A0066574.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\911205045.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\912258.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\91231126.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\91241354.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\91251621.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\91272131.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\arcac.exe -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\arcac.exe~ -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\system32\9445817.dll.vir -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\system32\arcac.exe.bak.vir -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
[1756] C:\WINDOWS\system32\nusrmgr.exe -> Not-A-Virus.Hoax.Win32.Renos.ig : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\Network Monitor\netmon.exe~.vir -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\WINDOWS\ServicePackFiles\msproxy.exe~ -> Proxy.Agent.mu : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\ServicePackFiles\msproxy.exe.bak.vir -> Proxy.Agent.mu : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.224:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.226:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.505:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.63:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.132:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.46:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.47:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.48:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.49:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.50:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.51:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.52:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.55:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\owner\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.94:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\owner\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.479:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.61:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.64:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.66:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.245:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.246:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.247:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.248:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.250:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.411:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.179:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.401:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.402:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.409:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.410:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\owner\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.54:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\owner\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.89:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.90:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.91:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.92:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.93:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.67:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.69:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.70:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.315:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.316:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.461:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.462:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.615:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.678:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.72:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.73:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.75:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.77:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.267:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.268:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.249:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\owner\Cookies\[email protected][2].txt -> TrackingCookie.Information : Cleaned.
:mozilla.469:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.145:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.146:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.211:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.212:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.213:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.451:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.452:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.113:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.630:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.491:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\owner\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.273:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.274:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.275:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.276:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.277:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.278:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.279:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.280:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.281:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.244:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.331:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.332:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.333:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.334:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.335:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\owner\Cookies\[email protected][1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.230:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.231:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.232:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.233:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.324:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.325:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.326:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.327:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.328:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.329:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.470:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.199:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.200:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.201:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.202:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.203:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.337:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.338:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.339:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.340:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.341:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.342:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.343:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.344:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.345:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.346:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.347:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.348:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.349:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.350:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.351:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.352:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.353:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.354:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.355:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.356:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.357:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.358:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.359:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.360:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.361:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.362:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.363:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.364:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.365:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.366:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.367:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.368:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.369:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.370:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.371:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.372:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.373:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.374:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.375:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.139:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.140:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.143:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned.
:mozilla.317:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.318:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.319:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.320:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.321:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.322:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.323:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.71:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.229:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.133:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Xhit : Cleaned.
:mozilla.123:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Xxxcounter : Cleaned.
:mozilla.124:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Xxxcounter : Cleaned.
:mozilla.566:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.184:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.185:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.186:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.187:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.188:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.732:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.733:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.752:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.756:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\qkcyiywy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\owner\DoctorWeb\Quarantine\A0030470.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\Documents and Settings\owner\DoctorWeb\Quarantine\A0030786.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\Documents and Settings\owner\DoctorWeb\Quarantine\A0040835.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP376\A0065576.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\system32\winbjt32.dll.vir -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP371\A0065195.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP376\A0065559.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP376\A0065565.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP376\A0066388.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP377\A0066404.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP378\A0067066.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP378\A0069058.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP378\A0072722.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP379\A0073695.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP379\A0079859.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\b3duZXI\vaxRtrK.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\winh32.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\system32\wnscpsv32.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP376\A0065585.exe -> Trojan.Small.oa : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\WinPop\UnInstall.exe.vir -> Trojan.Small.oa : Cleaned with backup (quarantined).


::Report end
luch559 is offline  
Old 09-15-2007, 09:36 PM   #12
Security Team
Colleague
 
Trevuren's Avatar
 
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC



Please run ComboFix by clicking on the ComboFix icon which should be on your desktop. Do not touch your computer while the tool is running. Please post the log (C:\ComboFix.txt) in your next reply.


Trevuren
Trevuren is offline  
Old 09-16-2007, 11:44 AM   #13
Guest
 
Join Date: Sep 2007
Posts: 13
OS:



Sorry i was looking inside combo fix folder in C drive not just looking for it in c Drive I found Combo fix Quarintned files and combo fix 2
Ill post both of them


ComboFix-quarantined-files
Code:
2003-09-03 13:56      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\owner\LOCALS~1\APPLIC~1\n.ini.vir
2003-09-03 13:56      1    --a------    C:\Qoobox\Quarantine\C\i.vir
2003-09-03 13:56      19968    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\winbjt32.dll.vir
2004-08-04 07:00      168877    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ntos.exe.vir
2005-08-02 16:46      187904    --a------    C:\Qoobox\Quarantine\C\WINDOWS\b3duZXI\asappsrv.dll.vir
2006-01-03 17:45      1989    --a------    C:\Qoobox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir
2006-01-04 18:09      94208    --a------    C:\Qoobox\Quarantine\C\Program Files\Network Monitor\netmon.exe~.vir
2007-01-03 16:19      182272    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1122OinAdmin.exe.vir
2007-02-08 14:29      326484    --a------    C:\Qoobox\Quarantine\C\Program Files\LiveProtect\VDB2.DAT.vir
2007-02-19 06:01      252356    --a------    C:\Qoobox\Quarantine\C\WINDOWS\b128.exe.vir
2007-02-28 17:17      5120    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\owner\SecMon.sys.vir
2007-03-10 15:58      89    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\owner\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-03-12 19:36      5120    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\SecMon.sys.vir
2007-04-24 11:21      9248    --a------    C:\Qoobox\Quarantine\C\Temp\1cb\syscheck.log.vir
2007-05-21 00:51      550854    --a------    C:\Qoobox\Quarantine\C\Program Files\LiveProtect\VDB3.DAT.vir
2007-07-08 21:23      15399    --a------    C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-07-11 02:29      38912    --a------    C:\Qoobox\Quarantine\C\WINDOWS\b103.exe.vir
2007-07-13 06:12      699392    --a------    C:\Qoobox\Quarantine\C\Program Files\LiveProtect\LiveProtect.exe.vir
2007-07-17 07:27      99840    --a------    C:\Qoobox\Quarantine\C\WINDOWS\b122.exe.vir
2007-07-19 06:10      80384    --a------    C:\Qoobox\Quarantine\C\WINDOWS\b143.exe.vir
2007-08-21 02:27      45056    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\f03WtR\f03WtR1066.exe.vir
2007-08-21 02:28      77824    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\f06WtR\f06WtR1083.exe.vir
2007-08-31 07:56      81920    --a------    C:\Qoobox\Quarantine\C\WINDOWS\retadpu.exe.vir
2007-08-31 07:59      12800    --a------    C:\Qoobox\Quarantine\C\Program Files\WinPop\UnInstall.exe.vir
2007-08-31 07:59      63636    --a------    C:\Qoobox\Quarantine\C\Program Files\WinPop\winpop.exe~.vir
2007-08-31 08:15      42929    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1122OinUninstaller.exe.vir
2007-08-31 08:19      36864    --a------    C:\Qoobox\Quarantine\C\Program Files\InetGet2\WinTouchInstaller_channel1.exe.vir
2007-08-31 21:27      2    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wnscpsv32.exe.vir
2007-09-01 13:53      51712    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\milis.dll.vir
2007-09-03 12:26      54958    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\xpdx.sys.vir
2007-09-03 13:24      767    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\etc\hosts.tim.vir
2007-09-03 13:56      108032    --a------    C:\Qoobox\Quarantine\C\WINDOWS\csrss.exe.vir
2007-09-03 13:56      118    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\msnav32.ax.vir
2007-09-03 13:56      12445    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\detect.htm.vir
2007-09-03 13:56      3    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\n.ini.vir
2007-09-03 13:56      5418    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\s_detect.htm.vir
2007-09-03 13:56      687592    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir
2007-09-03 13:56      687592    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir
2007-09-03 13:56      69654    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dwdsrngt.exe.vir
2007-09-03 13:56      930    --a------    C:\Qoobox\Quarantine\C\Temp\fse\tmpZTF.log.vir
2007-09-03 13:57      11927    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\box_2.gif.vir
2007-09-03 13:57      12313    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\box_1.gif.vir
2007-09-03 13:57      12326    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\box_3.gif.vir
2007-09-03 13:57      15421    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_2.gif.vir
2007-09-03 13:57      1619    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\button_buynow.gif.vir
2007-09-03 13:57      1647    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\button_freescan.gif.vir
2007-09-03 13:57      2238    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\download_box.gif.vir
2007-09-03 13:57      28459    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_1.gif.vir
2007-09-03 13:57      2922    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\footer_back.jpg.vir
2007-09-03 13:57      48933    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\pt.htm.vir
2007-09-03 13:57      835    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\style.css.vir
2007-09-03 13:57      837    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\blank.gif.vir
2007-09-03 13:58      10193    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_3.gif.vir
2007-09-03 13:58      10260    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\perfect_cleaner_box.jpg.vir
2007-09-03 13:58      11077    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\header_4.gif.vir
2007-09-03 13:58      1204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\infected.gif.vir
2007-09-03 13:58      1253    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\product_1_name_small.gif.vir
2007-09-03 13:58      1330    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\product_features.gif.vir
2007-09-03 13:58      13618    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\spy_away_box.jpg.vir
2007-09-03 13:58      1714    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\product_3_name_small.gif.vir
2007-09-03 13:58      1791    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\win_logo.gif.vir
2007-09-03 13:58      215    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\main_back.gif.vir
2007-09-03 13:58      2214    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\product_2_header.gif.vir
2007-09-03 13:58      223    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\star_gray_small.gif.vir
2007-09-03 13:58      2604    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\product_1_header.gif.vir
2007-09-03 13:58      2798    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\shadow.jpg.vir
2007-09-03 13:58      283    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\x.gif.vir
2007-09-03 13:58      291    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\v.gif.vir
2007-09-03 13:58      3080    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\product_3_header.gif.vir
2007-09-03 13:58      3877    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\warning_icon.gif.vir
2007-09-03 13:58      425    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\star_gray.gif.vir
2007-09-03 13:58      49    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\spacer.gif.vir
2007-09-03 13:58      53    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sep_vert.gif.vir
2007-09-03 13:58      550    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\star_small.gif.vir
2007-09-03 13:58      639    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\star.gif.vir
2007-09-03 13:58      65    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sep_hor.gif.vir
2007-09-03 13:58      979    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\product_2_name_small.gif.vir
2007-09-03 20:41      245248    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\i386\mswsock.dll.vir
2007-09-03 20:41      245248    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mswsock.dll.vir
2007-09-03 20:41      245248    --a--c---    C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\mswsock.dll.vir
2007-09-03 20:56      48    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\data.ini.vir
2007-09-03 22:55      14336    --a------    C:\Qoobox\Quarantine\C\WINDOWS\winvip.exe.bak.vir
2007-09-03 22:55      15360    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\services.exe.vir
2007-09-03 22:55      38912    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\mmsx.exe.bak.vir
2007-09-03 22:55      58880    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\free.exe.bak.vir
2007-09-03 22:56      27136    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\msproxy.exe.bak.vir
2007-09-03 22:56      65024    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\arcac.exe.bak.vir
2007-09-03 23:58      112128    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\arcac.exe.vir
2007-09-03 23:58      122880    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\9445817.dll.vir
2007-09-03 23:58      1406    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\www.google.com\favicon.ico.vir
2007-09-03 23:58      1410    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\www.google.com\Google_files\hp3.gif.vir
2007-09-03 23:58      1434    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\www.google.com\index.html.vir
2007-09-03 23:58      2702    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\www.google.com\Google_files\hp2.gif.vir
2007-09-03 23:58      28160    --a------    C:\Qoobox\Quarantine\C\WINDOWS\winvip.exe.vir
2007-09-03 23:58      2953    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\www.google.com\Google_files\hp1.gif.vir
2007-09-03 23:58      4277    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\www.google.com\Google_files\hp0.gif.vir
2007-09-03 23:58      58880    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\free.exe.vir
2007-09-03 23:58      986    --a------    C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\www.google.com\thank.html.vir
2007-09-05 13:15      46592    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\pipmon.exe.vir
2007-09-05 15:20      12    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\gtv_sd.bin.vir
2007-09-05 15:22      16896    --a------    C:\Qoobox\Quarantine\C\Program Files\3721\assist\asbar.dll.vir
2007-09-05 15:22      16896    --a------    C:\Qoobox\Quarantine\C\Program Files\3721\helper.dll.vir
2007-09-05 15:22      19200    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vxddsk.exe.vir
2007-09-05 15:22      22016    --a------    C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\amp2pl.exe.vir
2007-09-05 15:22      25600    --a------    C:\Qoobox\Quarantine\C\WINDOWS\flt.dll.vir
2007-09-05 15:22      25600    --a------    C:\Qoobox\Quarantine\C\WINDOWS\vxddsk.exe.vir
2007-09-05 15:22      29952    --a------    C:\Qoobox\Quarantine\C\WINDOWS\wml.exe.vir
2007-09-05 15:22      30208    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wml.exe.vir
2007-09-05 15:22      30976    --a------    C:\Qoobox\Quarantine\C\WINDOWS\7search.dll.vir
2007-09-05 15:22      32000    --a------    C:\Qoobox\Quarantine\C\WINDOWS\764.exe.vir
2007-09-05 15:22      8448    --a------    C:\Qoobox\Quarantine\C\WINDOWS\pbar.dll.vir
2007-09-05 15:33      15360    --a------    C:\Qoobox\Quarantine\C\d.exe.vir
2007-09-05 15:39      21    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\zxdnt3d.cfg.vir
2007-09-06 15:20      642    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\owner\STARTM~1\Programs\Startup\TA_Start.lnk.vir
2007-09-06 15:23      51712    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mountr.dll.vir
2007-09-06 15:24      536    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ldinfo.ldr.vir
2007-09-06 15:25      1    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\help.txt.vir
2007-09-06 15:25      15    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dllh8jkd1q8.exe.vir
2007-09-06 15:25      23364    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dllh8jkd1q2.exe.vir
2007-09-06 15:25      23364    --a------    C:\Qoobox\Quarantine\C\WINDOWS\xpupdate.exe.vir
2007-09-06 15:25      8516    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dllh8jkd1q5.exe.vir
2007-09-06 15:26      18944    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxga4me1.exe.vir
2007-09-06 15:26      9804    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxga5me3.exe.vir
2007-09-06 15:27      1    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vx.tll.vir
2007-09-06 15:27      12962    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\owner\APPLIC~1\Install.dat.vir
2007-09-06 15:27      24576    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\max1d11643v.exe.vir
2007-09-06 15:27      5632    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxga3me2.exe.vir
2007-09-06 15:27      6094    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxg6ame4.exe.vir
2007-09-06 15:27      6980    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dllh8jkd1q1.exe.vir
2007-09-06 15:27      9028    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dllh8jkd1q6.exe.vir
2007-09-06 15:28      10262    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxga8me6.exe.vir
2007-09-06 15:28      15360    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxga1me4t1.exe.vir
2007-09-06 15:28      23040    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxg4am1et2.exe.vir
2007-09-06 15:28      36755    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxg3am1et3.exe.vir
2007-09-06 15:29      12863    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxga4m1et4.exe.vir
2007-09-06 15:32      105    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\owner\STARTM~1\Programs\System Live Protect\System Live Protect Web site.url.vir
2007-09-06 15:32      1594    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\owner\STARTM~1\Programs\System Live Protect\Uninstall.lnk.vir
2007-09-06 15:32      1608    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\owner\STARTM~1\Programs\System Live Protect\System Live Protect.lnk.vir
2007-09-06 15:32      49390    --a------    C:\Qoobox\Quarantine\C\Program Files\LiveProtect\uninstall.exe.vir
2007-09-06 15:32      718    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\owner\Desktop\System Live Protect.lnk.vir
2007-09-06 15:36      1    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\cookie.dat.vir
2007-09-06 15:36      1    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ps.dat.vir
2007-09-06 21:32      929    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\winpfz32.sys.vir
2007-09-10 13:54      684    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\owner\STARTM~1\Programs\Startup\Think-Adz.lnk.vir
2007-09-10 13:55      0    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wsnpoem\audio.dll.vir
2007-09-10 15:31      0    --a------    C:\Qoobox\Quarantine\C\Program Files\LiveProtect\VDB4.DAT.vir
2007-09-10 15:31      0    --a------    C:\Qoobox\Quarantine\C\Program Files\LiveProtect\VDB5.DAT.vir
2007-09-10 15:31      272    --a------    C:\Qoobox\Quarantine\C\Program Files\LiveProtect\config.ini.vir
2007-09-10 15:31      59168    --a------    C:\Qoobox\Quarantine\C\Program Files\LiveProtect\VDB.DAT.vir
2007-09-10 15:40      1080    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_DRIVER.reg.cf
2007-09-10 15:40      1614    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_SECURITYMONITORINGDRIVER.reg.cf
2007-09-10 15:40      2510    --a------    C:\Qoobox\Quarantine\Registry_backups\services_cmdService.reg.cf
2007-09-10 15:40      2524    --a------    C:\Qoobox\Quarantine\Registry_backups\services_SecurityMonitoringDriver.reg.cf
2007-09-10 15:40      2822    --a------    C:\Qoobox\Quarantine\Registry_backups\services_Network Monitor.reg.cf
2007-09-10 15:40      678    --a------    C:\Qoobox\Quarantine\Registry_backups\services_Driver.reg.cf
2007-09-10 15:40      74    --a------    C:\Qoobox\Quarantine\Registry_backups\services_xpdx.reg.cf
2007-09-10 15:40      762    --a------    C:\Qoobox\Quarantine\Registry_backups\hklm_windowsNT_windows.reg.cf
2007-09-10 15:40      832    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_CMDSERVICE.reg.cf
2007-09-10 15:40      862    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NETWORK_MONITOR.reg.cf
2007-09-10 15:41      6689    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ldcore.dll.vir
2007-09-10 15:42      0    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wsnpoem\video.dll.vir
2007-09-10 15:42      1201    --a------    C:\Qoobox\Quarantine\catchme.log
2007-09-10 15:42      223929    --a------    C:\Qoobox\Quarantine\catchme2007-09-10_154535.60.zip


Folder PATH listing
Volume serial number is 50F6-AA98
C:\QOOBOX\QUARANTINE
|   catchme.log
|   catchme2007-09-10_154535.60.zip
|   
+---C
|   |   d.exe.vir
|   |   i.vir
|   |   
|   +---ComboFix
|   |       FProps.vbs.vir
|   |       
|   +---DOCUME~1
|   |   \---owner
|   |       |   SecMon.sys.vir
|   |       |   
|   |       +---APPLIC~1
|   |       |   |   Install.dat.vir
|   |       |   |   
|   |       |   \---Macromedia
|   |       |       \---Flash Player
|   |       |           \---macromedia.com
|   |       |               \---support
|   |       |                   \---flashplayer
|   |       |                       \---sys
|   |       |                           \---#www.broadcaster.com
|   |       |                                   settings.sol.vir
|   |       |                                   
|   |       +---Desktop
|   |       |       System Live Protect.lnk.vir
|   |       |       
|   |       +---LOCALS~1
|   |       |   \---APPLIC~1
|   |       |           n.ini.vir
|   |       |           
|   |       \---STARTM~1
|   |           \---Programs
|   |               +---Startup
|   |               |       TA_Start.lnk.vir
|   |               |       Think-Adz.lnk.vir
|   |               |       
|   |               \---System Live Protect
|   |                       System Live Protect Web site.url.vir
|   |                       System Live Protect.lnk.vir
|   |                       Uninstall.lnk.vir
|   |                       
|   +---Program Files
|   |   +---3721
|   |   |   |   helper.dll.vir
|   |   |   |   
|   |   |   \---assist
|   |   |           asbar.dll.vir
|   |   |           
|   |   +---Common Files
|   |   |       Yazzle1122OinAdmin.exe.vir
|   |   |       Yazzle1122OinUninstaller.exe.vir
|   |   |       
|   |   +---InetGet2
|   |   |       WinTouchInstaller_channel1.exe.vir
|   |   |       
|   |   +---LiveProtect
|   |   |       config.ini.vir
|   |   |       LiveProtect.exe.vir
|   |   |       uninstall.exe.vir
|   |   |       VDB.DAT.vir
|   |   |       VDB2.DAT.vir
|   |   |       VDB3.DAT.vir
|   |   |       VDB4.DAT.vir
|   |   |       VDB5.DAT.vir
|   |   |       
|   |   +---Network Monitor
|   |   |       netmon.exe~.vir
|   |   |       
|   |   +---p2pnetworks
|   |   |       amp2pl.exe.vir
|   |   |       
|   |   \---WinPop
|   |           UnInstall.exe.vir
|   |           winpop.exe~.vir
|   |           
|   +---Temp
|   |   +---1cb
|   |   |       syscheck.log.vir
|   |   |       
|   |   \---fse
|   |           tmpZTF.log.vir
|   |           
|   \---WINDOWS
|       |   764.exe.vir
|       |   7search.dll.vir
|       |   b103.exe.vir
|       |   b122.exe.vir
|       |   b128.exe.vir
|       |   b143.exe.vir
|       |   csrss.exe.vir
|       |   flt.dll.vir
|       |   pbar.dll.vir
|       |   retadpu.exe.vir
|       |   uninstall_nmon.vbs.vir
|       |   vxddsk.exe.vir
|       |   winvip.exe.bak.vir
|       |   winvip.exe.vir
|       |   wml.exe.vir
|       |   xpupdate.exe.vir
|       |   
|       +---b3duZXI
|       |       asappsrv.dll.vir
|       |       
|       +---ServicePackFiles
|       |   |   data.ini.vir
|       |   |   free.exe.bak.vir
|       |   |   free.exe.vir
|       |   |   mmsx.exe.bak.vir
|       |   |   msproxy.exe.bak.vir
|       |   |   services.exe.vir
|       |   |   
|       |   +---i386
|       |   |       mswsock.dll.vir
|       |   |       
|       |   \---www.google.com
|       |       |   favicon.ico.vir
|       |       |   index.html.vir
|       |       |   thank.html.vir
|       |       |   
|       |       \---Google_files
|       |               hp0.gif.vir
|       |               hp1.gif.vir
|       |               hp2.gif.vir
|       |               hp3.gif.vir
|       |               
|       \---system32
|           |   9445817.dll.vir
|           |   arcac.exe.bak.vir
|           |   arcac.exe.vir
|           |   atmtd.dll.vir
|           |   atmtd.dll._.vir
|           |   cookie.dat.vir
|           |   dllh8jkd1q1.exe.vir
|           |   dllh8jkd1q2.exe.vir
|           |   dllh8jkd1q5.exe.vir
|           |   dllh8jkd1q6.exe.vir
|           |   dllh8jkd1q8.exe.vir
|           |   dwdsrngt.exe.vir
|           |   gtv_sd.bin.vir
|           |   help.txt.vir
|           |   ldcore.dll.vir
|           |   ldinfo.ldr.vir
|           |   max1d11643v.exe.vir
|           |   milis.dll.vir
|           |   mountr.dll.vir
|           |   msnav32.ax.vir
|           |   mswsock.dll.vir
|           |   n.ini.vir
|           |   ntos.exe.vir
|           |   pipmon.exe.vir
|           |   ps.dat.vir
|           |   SecMon.sys.vir
|           |   vedxg3am1et3.exe.vir
|           |   vedxg4am1et2.exe.vir
|           |   vedxg6ame4.exe.vir
|           |   vedxga1me4t1.exe.vir
|           |   vedxga3me2.exe.vir
|           |   vedxga4m1et4.exe.vir
|           |   vedxga4me1.exe.vir
|           |   vedxga5me3.exe.vir
|           |   vedxga8me6.exe.vir
|           |   vx.tll.vir
|           |   vxddsk.exe.vir
|           |   winbjt32.dll.vir
|           |   winpfz32.sys.vir
|           |   wml.exe.vir
|           |   wnscpsv32.exe.vir
|           |   xpdx.sys.vir
|           |   zxdnt3d.cfg.vir
|           |   
|           +---dllcache
|           |       mswsock.dll.vir
|           |       
|           +---drivers
|           |   |   blank.gif.vir
|           |   |   box_1.gif.vir
|           |   |   box_2.gif.vir
|           |   |   box_3.gif.vir
|           |   |   button_buynow.gif.vir
|           |   |   button_freescan.gif.vir
|           |   |   detect.htm.vir
|           |   |   download_box.gif.vir
|           |   |   footer_back.jpg.vir
|           |   |   header_1.gif.vir
|           |   |   header_2.gif.vir
|           |   |   header_3.gif.vir
|           |   |   header_4.gif.vir
|           |   |   infected.gif.vir
|           |   |   main_back.gif.vir
|           |   |   perfect_cleaner_box.jpg.vir
|           |   |   product_1_header.gif.vir
|           |   |   product_1_name_small.gif.vir
|           |   |   product_2_header.gif.vir
|           |   |   product_2_name_small.gif.vir
|           |   |   product_3_header.gif.vir
|           |   |   product_3_name_small.gif.vir
|           |   |   product_features.gif.vir
|           |   |   pt.htm.vir
|           |   |   sep_hor.gif.vir
|           |   |   sep_vert.gif.vir
|           |   |   shadow.jpg.vir
|           |   |   spacer.gif.vir
|           |   |   spy_away_box.jpg.vir
|           |   |   star.gif.vir
|           |   |   star_gray.gif.vir
|           |   |   star_gray_small.gif.vir
|           |   |   star_small.gif.vir
|           |   |   style.css.vir
|           |   |   s_detect.htm.vir
|           |   |   v.gif.vir
|           |   |   warning_icon.gif.vir
|           |   |   win_logo.gif.vir
|           |   |   x.gif.vir
|           |   |   
|           |   \---etc
|           |           hosts.tim.vir
|           |           
|           +---f03WtR
|           |       f03WtR1066.exe.vir
|           |       
|           +---f06WtR
|           |       f06WtR1083.exe.vir
|           |       
|           \---wsnpoem
|                   audio.dll.vir
|                   video.dll.vir
|                   
\---Registry_backups
        hklm_windowsNT_windows.reg.cf
        LEGACY_CMDSERVICE.reg.cf
        LEGACY_DRIVER.reg.cf
        LEGACY_NETWORK_MONITOR.reg.cf
        LEGACY_SECURITYMONITORINGDRIVER.reg.cf
        services_cmdService.reg.cf
        services_Driver.reg.cf
        services_Network Monitor.reg.cf
        services_SecurityMonitoringDriver.reg.cf
        services_xpdx.reg.cf


ComboFix2
ComboFix 07-09-10.6 - "owner" 2007-09-10 15:36:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.173 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\DOCUME~1\owner.\SecMon.sys
C:\DOCUME~1\owner\APPLIC~1\install.dat
C:\DOCUME~1\owner\APPLIC~1\macromedia\Flash Player\#SharedObjects\HPFUSVUM\www.broadcaster.com
C:\DOCUME~1\owner\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\owner\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\owner\Desktop\System Live Protect.lnk
C:\DOCUME~1\owner\LOCALS~1\APPLIC~1.\n.ini
C:\DOCUME~1\owner\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\DOCUME~1\owner\STARTM~1\Programs\Startup\ta_start.lnk
C:\DOCUME~1\owner\STARTM~1\Programs\Startup\think-adz.lnk
C:\DOCUME~1\owner\STARTM~1\Programs\System Live Protect
C:\DOCUME~1\owner\STARTM~1\Programs\System Live Protect\System Live Protect Web site.url
C:\DOCUME~1\owner\STARTM~1\Programs\System Live Protect\System Live Protect.lnk
C:\DOCUME~1\owner\STARTM~1\Programs\System Live Protect\Uninstall.lnk
C:\i
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\WinTouchInstaller_channel1.exe
C:\Program Files\LiveProtect
C:\Program Files\LiveProtect\config.ini
C:\Program Files\LiveProtect\LiveProtect.exe
C:\Program Files\LiveProtect\uninstall.exe
C:\Program Files\LiveProtect\VDB.DAT
C:\Program Files\LiveProtect\VDB2.DAT
C:\Program Files\LiveProtect\VDB3.DAT
C:\Program Files\LiveProtect\VDB4.DAT
C:\Program Files\LiveProtect\VDB5.DAT
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe~
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\vsadd-in
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\Program Files\winpop\winpop.exe~
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\b103.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b3duZXI\asappsrv.dll
C:\WINDOWS\csrss.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\retadpu.exe
C:\WINDOWS\servicepackfiles\data.ini
C:\WINDOWS\servicepackfiles\free.exe
C:\WINDOWS\ServicePackFiles\free.exe.bak
C:\WINDOWS\servicepackfiles\i386\mswsock.dll
C:\WINDOWS\ServicePackFiles\mmsx.exe.bak
C:\WINDOWS\ServicePackFiles\msproxy.exe.bak
C:\WINDOWS\servicepackfiles\services.exe
C:\WINDOWS\servicepackfiles\www.google.com
C:\WINDOWS\servicepackfiles\www.google.com\favicon.ico
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp0.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp1.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp2.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp3.gif
C:\WINDOWS\servicepackfiles\www.google.com\index.html
C:\WINDOWS\servicepackfiles\www.google.com\thank.html
C:\WINDOWS\system32\9445817.dll
C:\WINDOWS\system32\arcac.exe
C:\WINDOWS\system32\arcac.exe.bak
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\dllcache\mswsock.dll
C:\WINDOWS\system32\dllh8jkd1q1.exe
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q5.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\etc\hosts.tim
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\f03WtR
C:\WINDOWS\system32\f03WtR\f03WtR1066.exe
C:\WINDOWS\system32\f06WtR
C:\WINDOWS\system32\f06WtR\f06WtR1083.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\max1d11643v.exe
C:\WINDOWS\system32\milis.dll
C:\WINDOWS\system32\mountr.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\SecMon.sys
C:\WINDOWS\system32\vedxg3am1et3.exe
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\WINDOWS\system32\vedxga4me1.exe
C:\WINDOWS\system32\vedxga5me3.exe
C:\WINDOWS\system32\vedxga8me6.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winbjt32.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wnscpsv32.exe
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\winvip.exe
C:\WINDOWS\winvip.exe.bak
C:\WINDOWS\wml.exe
C:\WINDOWS\xpupdate.exe
C:\windows\xpupdate.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DRIVER
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_SECURITYMONITORINGDRIVER
-------\cmdService
-------\Driver
-------\Network Monitor
-------\SecurityMonitoringDriver
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.

2007-09-10 15:35 51,200 --a------ C:\fawcci.exe
2007-09-10 15:35 28,160 --a------ C:\yydyre.exe
2007-09-10 15:35 25,600 --a------ C:\WINDOWS\system32\drivers\54611bea.sys
2007-09-10 15:35 22,048 --a------ C:\bxykqg.exe
2007-09-10 15:35 17,920 --a------ C:\WINDOWS\system32\drivers\dsniff.sys
2007-09-10 15:35 12,289 --a------ C:\WINDOWS\system32\dssdll32.dll
2007-09-10 15:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-07 15:27 <DIR> d-------- C:\Program Files\AntispyStorm
2007-09-06 15:32 202,240 --a------ C:\onjonuhx.exe
2007-09-06 15:31 760,882 --a------ C:\WINDOWS\system32\LiveProtectSetup.exe
2007-09-06 15:25 51,712 --a------ C:\WINDOWS\system32\diskdr.dll
2007-09-06 15:24 7,712 --a------ C:\WINDOWS\system32\kernelw.sys
2007-09-06 15:24 30,720 --a------ C:\WINDOWS\system32\kernelwind32.exe
2007-09-05 15:36 30,720 --a------ C:\WINDOWS\winh32.exe
2007-09-05 15:32 71,680 --a------ C:\jcsnyyk.exe
2007-09-05 15:32 60,416 -r-hs---- C:\WINDOWS\system32\1028d.exe
2007-09-05 15:32 163,840 --a------ C:\pysvhk.exe
2007-09-05 15:22 <DIR> d-------- C:\Program Files\e-zshopper
2007-09-05 15:22 <DIR> d-------- C:\Program Files\amsys
2007-09-05 15:22 <DIR> d-------- C:\Program Files\akl
2007-09-05 15:22 <DIR> d-------- C:\Program Files\Accoona
2007-09-05 15:20 21,504 --a------ C:\WINDOWS\system32\oembios32.dll
2007-09-05 15:17 69,672 --a------ C:\WINDOWS\system32\lpdsrngm.exe
2007-09-05 13:15 65,536 --a------ C:\sthgnm.exe
2007-09-05 13:15 518 --ahs---- C:\WINDOWS\system32\1358342808.dat
2007-09-05 13:15 125,952 -rahs---- C:\WINDOWS\system32\a15h.exe
2007-09-03 17:22 <DIR> d-------- C:\Program Files\Words
2007-09-03 13:56 420,352 --a------ C:\WINDOWS\system32\AClient.dll
2007-09-03 13:56 335,943 --a------ C:\WINDOWS\system32\rwinqmdt.exe
2007-09-03 13:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-03 13:56 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-09-03 13:55 21,504 --a------ C:\WINDOWS\system32\mstdmc.exe
2007-09-01 19:04 51,712 --a------ C:\WINDOWS\system32\fowlr.dll
2007-09-01 15:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\SonicStage
2007-09-01 15:39 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-01 15:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
2007-09-01 15:32 <DIR> d-------- C:\Program Files\Sony
2007-09-01 15:32 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2007-09-01 15:32 <DIR> d-------- C:\DOCUME~1\owner\APPLIC~1\Sony Corporation
2007-09-01 15:10 51,712 --a------ C:\WINDOWS\system32\stani.dll
2007-09-01 12:05 <DIR> d-------- C:\cygwin
2007-08-31 23:43 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-08-31 23:43 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-08-31 23:43 <DIR> d-------- C:\WINDOWS\system32\capcom
2007-08-31 20:53 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-31 08:07 15,360 --a------ C:\lxfvnm.exe
2007-08-31 08:07 <DIR> d-------- C:\Temp
2007-08-16 03:03 <DIR> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-05 15:22 9728 --a------ C:\WINDOWS\kkcomp$.exe
2007-09-05 15:22 8448 --a------ C:\WINDOWS\ie_32.exe
2007-09-05 15:22 32768 --a------ C:\WINDOWS\daxtime.dll
2007-09-05 15:22 32256 --a------ C:\WINDOWS\xadbrk.exe
2007-09-05 15:22 31488 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-09-05 15:22 30720 --a------ C:\WINDOWS\spredirect.dll
2007-09-05 15:22 29952 --a------ C:\WINDOWS\adbar.dll
2007-09-05 15:22 29696 --a------ C:\WINDOWS\xxxvideo.exe
2007-09-05 15:22 29696 --a------ C:\WINDOWS\kvnab.exe
2007-09-05 15:22 29184 --a------ C:\WINDOWS\hotporn.exe
2007-09-05 15:22 28928 --a------ C:\WINDOWS\kvnab$.exe
2007-09-05 15:22 28672 --a------ C:\WINDOWS\settn.dll
2007-09-05 15:22 27648 --a------ C:\WINDOWS\xadbrk_.exe
2007-09-05 15:22 27648 --a------ C:\WINDOWS\liqad$.exe
2007-09-05 15:22 26112 --a------ C:\WINDOWS\ngd.dll
2007-09-05 15:22 26112 --a------ C:\WINDOWS\liqad.exe
2007-09-05 15:22 25856 --a------ C:\WINDOWS\wbeInst$.exe
2007-09-05 15:22 25088 --a------ C:\WINDOWS\hcwprn.exe
2007-09-05 15:22 25088 --a------ C:\WINDOWS\eventlowg.dll
2007-09-05 15:22 22016 --a------ C:\WINDOWS\kkcomp.exe
2007-09-05 15:22 21248 --a------ C:\WINDOWS\kvnab.dll
2007-09-05 15:22 20736 --a------ C:\WINDOWS\dp0.dll
2007-09-05 15:22 20224 --a------ C:\WINDOWS\liqad.dll
2007-09-05 15:22 19968 --a------ C:\WINDOWS\kkcomp.dll
2007-09-05 15:22 18176 --a------ C:\WINDOWS\pbsysie.dll
2007-09-05 15:22 17664 --a------ C:\WINDOWS\iexplorr23.dll
2007-09-05 15:22 16128 --a------ C:\WINDOWS\aconti.exe
2007-09-05 15:22 14080 --a------ C:\WINDOWS\wbeCheck.exe
2007-09-05 15:22 13568 --a------ C:\WINDOWS\jd2002.dll
2007-09-05 15:22 13056 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-09-05 15:22 12800 --a------ C:\WINDOWS\liqui.exe
2007-09-05 15:22 12800 --a------ C:\WINDOWS\liqui.dll
2007-09-05 15:22 12288 --a------ C:\WINDOWS\xadbrk.dll
2007-09-05 15:22 12288 --a------ C:\WINDOWS\fhfmm.exe
2007-09-05 15:22 11008 --a------ C:\WINDOWS\cbinst$.exe
2007-09-03 22:54 111 --a------ C:\WINDOWS\system32\drivers\fee
2007-09-03 13:57 3031 --a------ C:\WINDOWS\system32\drivers\spyware_detected.gif
2007-09-03 13:57 1381 --a------ C:\WINDOWS\system32\drivers\warning_ico.gif
2007-09-03 13:57 1014 --a------ C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
2007-09-03 13:56 8852 --a------ C:\WINDOWS\system32\drivers\download_btn.jpg
2007-09-03 13:56 877 --a------ C:\WINDOWS\system32\drivers\header_red_bg.gif
2007-09-03 13:56 838 --a------ C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
2007-09-03 13:56 821 --a------ C:\WINDOWS\system32\drivers\shadow_bg.gif
2007-09-03 13:56 72 --a------ C:\WINDOWS\system32\drivers\bg_bg.gif
2007-09-03 13:56 64 --a------ C:\WINDOWS\system32\drivers\close_ico.gif
2007-09-03 13:56 4448 --a------ C:\WINDOWS\system32\drivers\download_now_btn.gif
2007-09-03 13:56 4008 --a------ C:\WINDOWS\system32\drivers\rating.gif
2007-09-03 13:56 3552 --a------ C:\WINDOWS\system32\drivers\cell_header_remove.gif
2007-09-03 13:56 3479 --a------ C:\WINDOWS\system32\drivers\cell_header_scan.gif
2007-09-03 13:56 3313 --a------ C:\WINDOWS\system32\drivers\cell_header_block.gif
2007-09-03 13:56 3216 --a------ C:\WINDOWS\system32\drivers\header_red_free_scan.gif
2007-09-03 13:56 26487 --a------ C:\WINDOWS\system32\drivers\screenshot.jpg
2007-09-03 13:56 1743 --a------ C:\WINDOWS\system32\drivers\remove_spyware_header.gif
2007-09-03 13:56 16977 --a------ C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
2007-09-03 13:56 16941 --a------ C:\WINDOWS\system32\drivers\icon_warning_big.gif
2007-09-03 13:56 1373 --a------ C:\WINDOWS\system32\drivers\cell_footer.gif
2007-09-03 13:56 1342 --a------ C:\WINDOWS\system32\drivers\cell_bg.gif
2007-09-03 08:22 10 --a------ C:\Program Files\.autoreg
2007-09-01 15:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-31 21:37 --------- d-------- C:\DOCUME~1\owner\APPLIC~1\AdobeUM
2007-06-13 05:23 1109504 --a------ C:\WINDOWS\explorer.exe
2006-01-25 12:30 456768 --a------ C:\WINDOWS\inf\WPN311\WPN311.sys
2005-01-27 11:59 35232 --a------ C:\WINDOWS\inf\WPN311\ME_INST.EXE
2005-01-27 11:59 26112 --a------ C:\WINDOWS\inf\WPN311\install.exe
2005-08-02 21:58:38 293,888 --sha-r C:\WINDOWS\b3duZXI\command.exe~
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\b3duZXI\vaxRtrK.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0723CAE4-C2AB-4995-B749-6BC9BE984564}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}]
2007-09-03 13:57 420352 --a------ C:\WINDOWS\system32\AClient.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F1D47EA-80B7-4f21-A9D3-3738F20596EE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236}]
2007-09-05 15:20 21504 --a------ C:\WINDOWS\system32\oembios32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xem"="C:\WINDOWS\ServicePackFiles\winlogon.exe" [2007-09-03 22:55]
"{6A-AA-A9-98-ZN}"="c:\windows\system32\dwdsrngt.exe" [2007-09-10 15:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xem"="C:\WINDOWS\ServicePackFiles\winlogon.exe" [2007-09-03 22:55]

C:\DOCUME~1\owner\STARTM~1\Programs\Startup\
TA_Start.lnk - C:\WINDOWS\system32\dwdsrngt.exe [2007-09-10 15:46:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"MSN Messenger"= {280A7B65-8F00-438F-3E5A-1F039433FE60} - %SystemRoot%\system32\dssdll32.dll [ ]

R1 54611bea.sys;54611bea.sys;\??\C:\WINDOWS\system32\drivers\54611bea.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 dsniff;dsniff;\??\C:\WINDOWS\system32\drivers\dsniff.sys
S2 DhcpMSCSPTISRV;DHCP Client DhcpMSCSPTISRV;C:\WINDOWS\system32\a15h.exe srv
S2 MSDPSV;Distributed Process Services;"C:\WINDOWS\system32\msdpsv.exe"
S2 Themes System Manager;Themes Themes System Manager;C:\WINDOWS\system32\1028d.exe srv
S2 Windows Port Interpreter;Windows Port Interpreter For Service Pack 2 and Windows 2000;"C:\WINDOWS\repair\svchost.exe"
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys
S4 Data System Manager;Data System Manager;"C:\WINDOWS\system32\vcmon.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f481e91-b491-11db-be0f-00161735c9fe}]
AutoRun\command- J:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-09-10 15:45:40
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-10 15:47:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 15:47
.
--- E O F ---
luch559 is offline  
Old 09-16-2007, 12:10 PM   #14
Security Team
Colleague
 
Trevuren's Avatar
 
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC



I did not ask for the old reports. I asked you to run ComboFix in another way (Post #12) and to post the new ComboFix.txt that you will find at C:\ComboFix.txt. It will be dated today., if you run it today.


Trevuren
Trevuren is offline  
Old 09-16-2007, 01:02 PM   #15
Guest
 
Join Date: Sep 2007
Posts: 13
OS:



i didnt find any other txt files in my c drive except for inferno vundofix and there was another one. I am running the combo fix on my computer in safe mode again. (I am on another computer) Am i doing somthing wrong
luch559 is offline  
Old 09-16-2007, 02:45 PM   #16
Guest
 
Join Date: Sep 2007
Posts: 13
OS:



when i was running it in safe mode the blue screen stop error came up on my computer so i restarted this computer. Should I try to run combo fix in safe mode again?
luch559 is offline  
Old 09-16-2007, 02:51 PM   #17
Security Team
Colleague
 
Trevuren's Avatar
 
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC



I asked you to run ComboFix as per the instructions posted in reply #12. I do not believe that anywhere in that post, is there mention of running it in Safe Mode.

It is critical that you read all instructions given and follow them as closely as possible. If you are not sure of something, do not proceed, ask for clarification. We are dealing with a heavily compromised system to start with. You have to be very careful if you want to end up with a usable system.

Trevuren
Trevuren is offline  
Old 09-16-2007, 03:46 PM   #18
Guest
 
Join Date: Sep 2007
Posts: 13
OS:



I'm sorry but i tried it a few times in regular mode and there was no log in the c drive so i tried it in safe mode. Sorry about doing it in safe mode. It finally worked this time sorry about that.

ComboFix 07-09-10.6 - "owner" 2007-09-16 17:32:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.128 [GMT -5:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\DOCUME~1\owner\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\DOCUME~1\owner\STARTM~1\Programs\Startup\ta_start.lnk
C:\DOCUME~1\owner\STARTM~1\Programs\Startup\think-adz.lnk
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\servicepackfiles\free.exe
C:\WINDOWS\ServicePackFiles\free.exe.bak
C:\WINDOWS\servicepackfiles\i386\mswsock.dll
C:\WINDOWS\ServicePackFiles\mmxs.exe.bak
C:\WINDOWS\ServicePackFiles\msproxy.exe.bak
C:\WINDOWS\servicepackfiles\services.exe
C:\WINDOWS\system32\arcac.exe.bak
C:\WINDOWS\system32\commands.xml
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\dllcache\mswsock.dll
C:\WINDOWS\system32\drivers\etc\hosts.tim
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\mm.ini
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\winvip.exe
C:\WINDOWS\winvip.exe.bak
C:\WINDOWS\wml.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-08-16 to 2007-09-16 )))))))))))))))))))))))))))))))
.

2007-09-16 17:41 69,700 --a------ C:\WINDOWS\system32\dwdsrngt.exe
2007-09-16 17:41 192,589 --a------ C:\WINDOWS\system32\mwinqldt.exe
2007-09-16 17:36 9,728 --a------ C:\WINDOWS\pbar.dll
2007-09-16 17:36 32,000 --a------ C:\WINDOWS\7search.dll
2007-09-16 17:36 30,976 --a------ C:\WINDOWS\764.exe
2007-09-16 17:36 27,392 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-09-16 17:36 25,344 --a------ C:\WINDOWS\vxddsk.exe
2007-09-16 17:36 23,808 --a------ C:\WINDOWS\wml.exe
2007-09-16 17:36 18,688 --a------ C:\WINDOWS\flt.dll
2007-09-16 17:36 10,496 --a------ C:\WINDOWS\system32\wml.exe
2007-09-16 17:36 <DIR> d-------- C:\Program Files\p2pnetworks
2007-09-16 17:36 <DIR> d-------- C:\Program Files\3721
2007-09-16 16:43 63,488 --a------ C:\WINDOWS\winh32.exe
2007-09-15 14:42 237,634 --a------ C:\WINDOWS\system32\kwinrldt.exe
2007-09-15 14:42 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-09-15 14:42 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-09-15 14:41 65,536 --a------ C:\hbwpb.exe
2007-09-15 14:41 52,736 --a------ C:\WINDOWS\system32\smuhdd.dll
2007-09-15 14:41 136,192 --a------ C:\hxvaqsbo.exe
2007-09-15 03:00 <DIR> d-------- C:\fd5d5a3660e0ab26f62a9d752a47
2007-09-14 16:29 65,536 --a------ C:\mcdumrks.exe
2007-09-14 16:29 136,192 --a------ C:\voqw.exe
2007-09-13 19:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-13 19:29 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-12 15:25 69,695 --a------ C:\WINDOWS\system32\kqdsrngk.exe
2007-09-10 15:48 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-09-10 15:35 98,304 --a------ C:\fawcci.exe
2007-09-10 15:35 38,940 --a------ C:\yydyre.exe
2007-09-10 15:35 32,800 --a------ C:\bxykqg.exe
2007-09-10 15:35 17,920 --a------ C:\WINDOWS\system32\drivers\dsniff.sys
2007-09-10 15:35 12,289 --a------ C:\WINDOWS\system32\dssdll32.dll
2007-09-10 15:31 160,256 --a------ C:\WINDOWS\NirCmd.exe
2007-09-07 15:27 <DIR> d-------- C:\Program Files\AntispyStorm
2007-09-06 15:32 349,184 --a------ C:\onjonuhx.exe
2007-09-06 15:25 51,712 --a------ C:\WINDOWS\system32\diskdr.dll
2007-09-06 15:24 7,712 --a------ C:\WINDOWS\system32\kernelw.sys
2007-09-05 15:32 71,680 --a------ C:\jcsnyyk.exe
2007-09-05 15:32 60,416 -rahs---- C:\WINDOWS\system32\1028d.exe
2007-09-05 15:32 163,840 --a------ C:\pysvhk.exe
2007-09-05 15:22 <DIR> d-------- C:\Program Files\e-zshopper
2007-09-05 15:22 <DIR> d-------- C:\Program Files\amsys
2007-09-05 15:22 <DIR> d-------- C:\Program Files\akl
2007-09-05 15:22 <DIR> d-------- C:\Program Files\Accoona
2007-09-05 15:20 21,504 --a------ C:\WINDOWS\system32\oembios32.dll
2007-09-05 15:17 69,672 --a------ C:\WINDOWS\system32\lpdsrngm.exe
2007-09-05 13:15 65,536 --a------ C:\sthgnm.exe
2007-09-05 13:15 125,952 -rahs---- C:\WINDOWS\system32\a15h.exe
2007-09-05 13:15 109 --ahs---- C:\WINDOWS\system32\1358342808.dat
2007-09-03 17:22 <DIR> d-------- C:\Program Files\Words
2007-09-03 13:56 428,544 --a------ C:\WINDOWS\system32\AClient.dll
2007-09-03 13:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-03 13:56 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-09-01 19:04 51,712 --a------ C:\WINDOWS\system32\fowlr.dll
2007-09-01 15:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\SonicStage
2007-09-01 15:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
2007-09-01 15:32 <DIR> d-------- C:\Program Files\Sony
2007-09-01 15:32 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2007-09-01 15:32 <DIR> d-------- C:\DOCUME~1\owner\APPLIC~1\Sony Corporation
2007-09-01 15:10 51,712 --a------ C:\WINDOWS\system32\stani.dll
2007-09-01 12:05 <DIR> d-------- C:\cygwin
2007-08-31 23:43 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-08-31 23:43 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-08-31 23:43 <DIR> d-------- C:\WINDOWS\system32\capcom
2007-08-31 20:53 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-31 08:07 15,360 --a------ C:\lxfvnm.exe
2007-08-31 08:07 <DIR> d-------- C:\Temp
2007-08-16 03:03 <DIR> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-16 17:37 1223680 --a------ C:\WINDOWS\explorer.exe
2007-09-13 19:21 --------- d-------- C:\Program Files\Viewpoint
2007-09-13 19:21 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-12 20:54 864256 --a------ C:\StubInstaller.exe
2007-09-12 20:53 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-12 20:51 --------- d-------- C:\Program Files\QuickTime
2007-09-12 20:44 --------- d-------- C:\Program Files\Easy Icon Maker
2007-09-12 20:41 --------- d-------- C:\Program Files\ATI Technologies
2007-09-12 20:41 --------- d-------- C:\Program Files\AOD
2007-09-11 15:52 --------- d-------- C:\Program Files\MagicISO
2007-09-05 15:22 9728 --a------ C:\WINDOWS\kkcomp$.exe
2007-09-05 15:22 8448 --a------ C:\WINDOWS\ie_32.exe
2007-09-05 15:22 32768 --a------ C:\WINDOWS\daxtime.dll
2007-09-05 15:22 32256 --a------ C:\WINDOWS\xadbrk.exe
2007-09-05 15:22 31488 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-09-05 15:22 30720 --a------ C:\WINDOWS\spredirect.dll
2007-09-05 15:22 29952 --a------ C:\WINDOWS\adbar.dll
2007-09-05 15:22 29696 --a------ C:\WINDOWS\xxxvideo.exe
2007-09-05 15:22 29696 --a------ C:\WINDOWS\kvnab.exe
2007-09-05 15:22 29184 --a------ C:\WINDOWS\hotporn.exe
2007-09-05 15:22 28928 --a------ C:\WINDOWS\kvnab$.exe
2007-09-05 15:22 28672 --a------ C:\WINDOWS\settn.dll
2007-09-05 15:22 27648 --a------ C:\WINDOWS\xadbrk_.exe
2007-09-05 15:22 27648 --a------ C:\WINDOWS\liqad$.exe
2007-09-05 15:22 26112 --a------ C:\WINDOWS\ngd.dll
2007-09-05 15:22 26112 --a------ C:\WINDOWS\liqad.exe
2007-09-05 15:22 25856 --a------ C:\WINDOWS\wbeInst$.exe
2007-09-05 15:22 25088 --a------ C:\WINDOWS\hcwprn.exe
2007-09-05 15:22 25088 --a------ C:\WINDOWS\eventlowg.dll
2007-09-05 15:22 22016 --a------ C:\WINDOWS\kkcomp.exe
2007-09-05 15:22 21248 --a------ C:\WINDOWS\kvnab.dll
2007-09-05 15:22 20736 --a------ C:\WINDOWS\dp0.dll
2007-09-05 15:22 20224 --a------ C:\WINDOWS\liqad.dll
2007-09-05 15:22 19968 --a------ C:\WINDOWS\kkcomp.dll
2007-09-05 15:22 18176 --a------ C:\WINDOWS\pbsysie.dll
2007-09-05 15:22 17664 --a------ C:\WINDOWS\iexplorr23.dll
2007-09-05 15:22 16128 --a------ C:\WINDOWS\aconti.exe
2007-09-05 15:22 14080 --a------ C:\WINDOWS\wbeCheck.exe
2007-09-05 15:22 13568 --a------ C:\WINDOWS\jd2002.dll
2007-09-05 15:22 13056 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-09-05 15:22 12800 --a------ C:\WINDOWS\liqui.exe
2007-09-05 15:22 12800 --a------ C:\WINDOWS\liqui.dll
2007-09-05 15:22 12288 --a------ C:\WINDOWS\xadbrk.dll
2007-09-05 15:22 12288 --a------ C:\WINDOWS\fhfmm.exe
2007-09-05 15:22 11008 --a------ C:\WINDOWS\cbinst$.exe
2007-09-03 22:54 111 --a------ C:\WINDOWS\system32\drivers\fee
2007-09-03 13:57 3031 --a------ C:\WINDOWS\system32\drivers\spyware_detected.gif
2007-09-03 13:57 1381 --a------ C:\WINDOWS\system32\drivers\warning_ico.gif
2007-09-03 13:57 1014 --a------ C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
2007-09-03 13:56 8852 --a------ C:\WINDOWS\system32\drivers\download_btn.jpg
2007-09-03 13:56 877 --a------ C:\WINDOWS\system32\drivers\header_red_bg.gif
2007-09-03 13:56 838 --a------ C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
2007-09-03 13:56 821 --a------ C:\WINDOWS\system32\drivers\shadow_bg.gif
2007-09-03 13:56 72 --a------ C:\WINDOWS\system32\drivers\bg_bg.gif
2007-09-03 13:56 64 --a------ C:\WINDOWS\system32\drivers\close_ico.gif
2007-09-03 13:56 4448 --a------ C:\WINDOWS\system32\drivers\download_now_btn.gif
2007-09-03 13:56 4008 --a------ C:\WINDOWS\system32\drivers\rating.gif
2007-09-03 13:56 3552 --a------ C:\WINDOWS\system32\drivers\cell_header_remove.gif
2007-09-03 13:56 3479 --a------ C:\WINDOWS\system32\drivers\cell_header_scan.gif
2007-09-03 13:56 3313 --a------ C:\WINDOWS\system32\drivers\cell_header_block.gif
2007-09-03 13:56 3216 --a------ C:\WINDOWS\system32\drivers\header_red_free_scan.gif
2007-09-03 13:56 26487 --a------ C:\WINDOWS\system32\drivers\screenshot.jpg
2007-09-03 13:56 1743 --a------ C:\WINDOWS\system32\drivers\remove_spyware_header.gif
2007-09-03 13:56 16977 --a------ C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
2007-09-03 13:56 16941 --a------ C:\WINDOWS\system32\drivers\icon_warning_big.gif
2007-09-03 13:56 1373 --a------ C:\WINDOWS\system32\drivers\cell_footer.gif
2007-09-03 13:56 1342 --a------ C:\WINDOWS\system32\drivers\cell_bg.gif
2007-09-03 08:22 10 --a------ C:\Program Files\.autoreg
2007-09-01 15:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-31 21:37 --------- d-------- C:\DOCUME~1\owner\APPLIC~1\AdobeUM
2006-01-25 12:30 456768 --a------ C:\WINDOWS\inf\WPN311\WPN311.sys
2005-01-27 11:59 35232 --a------ C:\WINDOWS\inf\WPN311\ME_INST.EXE
2005-01-27 11:59 26112 --a------ C:\WINDOWS\inf\WPN311\install.exe
.

((((((((((((((((((((((((((((( snapshot_2007-09-10_154635.10 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 122,880 2007-07-20 05:47:22 C:\WINDOWS\catchme.exe
-c--a-w 145,408 2004-08-04 12:00:00 C:\WINDOWS\NOTEPAD.EXE
-c--a-w 213,504 2004-10-14 15:36:18 C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
-c--a-w 665,600 2004-10-14 15:34:54 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
-c--a-w 213,504 2004-12-01 01:22:42 C:\WINDOWS\$hf_mig$\KB885250\spuninst.exe
-c--a-w 698,368 2004-11-30 19:46:40 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
-c--a-w 213,504 2004-10-14 16:36:18 C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
-c--a-w 665,600 2004-10-14 16:34:54 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
-c--a-w 246,272 2004-10-14 16:36:18 C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
-c--a-w 665,600 2004-10-14 16:34:54 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
-c--a-w 180,736 2004-10-14 18:36:16 C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe
-c--a-w 731,136 2004-10-14 18:34:52 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
-c--a-w 180,736 2004-10-14 16:36:18 C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
-c--a-w 1,704,960 2004-10-13 16:21:24 C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
-c--a-w 665,600 2004-10-14 16:34:54 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
-c--a-w 213,504 2004-10-14 15:36:18 C:\WINDOWS\$hf_mig$\KB887742\spuninst.exe
-c--a-w 665,600 2004-10-14 15:34:54 C:\WINDOWS\$hf_mig$\KB887742\update\update.exe
-c--a-w 213,504 2004-10-14 15:36:18 C:\WINDOWS\$hf_mig$\KB888113\spuninst.exe
-c--a-w 665,600 2004-10-14 15:34:54 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
-c--a-w 180,736 2004-12-01 01:22:42 C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
-c--a-w 665,600 2004-11-30 19:46:40 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
-c--a-w 180,736 2004-12-01 01:22:42 C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
-c--a-w 665,600 2004-11-30 19:46:40 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
-c--a-w 41,472 2005-07-08 00:27:08 C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
----a-w 118,784 2007-09-13 23:55:17 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_325cf6ad\CustomMarshalers.dll
----a-w 8,880,128 2007-09-13 23:56:02 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a7998637\mscorlib.dll
----a-w 4,763,648 2007-09-13 23:55:16 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_c25665fe\System.dll
----a-w 3,395,584 2007-09-13 23:55:47 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_8781a66b\System.Design.dll
----a-w 2,244,608 2007-09-13 23:55:51 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4e6fd73b\System.Drawing.dll
----a-w 192,512 2007-09-13 23:55:18 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_73d55d2d\System.Drawing.Design.dll
----a-w 7,880,704 2007-09-13 23:55:31 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7be06190\System.Windows.Forms.dll
----a-w 5,505,024 2007-09-13 23:55:39 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_7fe5bcfe\System.Xml.dll
----a-w 163,328 2007-09-13 11:50:49 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 4,251,648 2007-09-14 00:57:47 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
----a-w 610,304 2007-09-14 00:57:49 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-13 11:50:49 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 4,251,648 2007-09-14 00:30:04 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
----a-w 610,304 2007-09-14 00:30:05 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
-c--a-w 918,528 2004-08-04 12:00:00 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
----a-w 31,232 2007-09-12 07:21:27 C:\WINDOWS\ServicePackFiles\mmxs.exe
----a-w 41,472 2007-09-12 01:01:26 C:\WINDOWS\ServicePackFiles\msproxy.exe
-c--a-w 341,504 2007-09-13 01:34:00 C:\WINDOWS\system32\accwiz.exe
-c--a-w 239,616 2007-09-13 01:34:01 C:\WINDOWS\system32\calc.exe
-c--a-w 205,312 2007-09-13 01:34:02 C:\WINDOWS\system32\charmap.exe
----a-w 188,928 2007-09-13 01:34:02 C:\WINDOWS\system32\cleanmgr.exe
-c--a-w 710,144 2007-09-11 20:52:11 C:\WINDOWS\system32\cmd.exe
-c--a-w 133,120 2007-09-13 01:34:17 C:\WINDOWS\system32\control.exe
-c--a-w 222,720 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe
-c--a-w 127,488 2004-07-31 23:50:36 C:\WINDOWS\system32\dumphive.exe
-c--a-w 87,040 2004-08-04 12:00:00 C:\WINDOWS\system32\dumprep.exe
----a-w 24,064 2006-11-07 09:26:32 C:\WINDOWS\system32\ieudinit.exe
-c--a-w 15,872 2004-08-04 12:00:00 C:\WINDOWS\system32\lodctr.exe
-c--a-w 197,632 2007-09-11 20:52:10 C:\WINDOWS\system32\magnify.exe
------w 825,856 2004-08-04 12:00:00 C:\WINDOWS\system32\mmc.exe
-c--a-w 268,288 2007-09-11 20:52:11 C:\WINDOWS\system32\mobsync.exe
----a-w 17,474,680 2007-09-06 00:50:44 C:\WINDOWS\system32\MRT.exe
----a-w 271,360 2007-03-14 01:54:08 C:\WINDOWS\system32\mscoree.dll
----a-w 284,672 2007-09-13 01:34:10 C:\WINDOWS\system32\mshearts.exe
-c--a-w 467,968 2007-09-13 01:34:02 C:\WINDOWS\system32\mspaint.exe
----a-w 532,480 2007-09-13 01:34:01 C:\WINDOWS\system32\mstsc.exe
-c--a-w 178,688 2007-09-11 20:52:10 C:\WINDOWS\system32\narrator.exe
-c--a-w 53,248 2004-08-04 12:00:00 C:\WINDOWS\system32\net.exe
-c--a-w 135,680 2004-08-04 12:00:00 C:\WINDOWS\system32\net1.exe
-c--a-w 194,048 2007-09-11 20:52:11 C:\WINDOWS\system32\notepad.exe
-c--a-w 1,390,592 2007-09-13 01:34:02 C:\WINDOWS\system32\ntbackup.exe
-c--a-w 229,376 2007-09-13 01:34:04 C:\WINDOWS\system32\odbcad32.exe
-c--a-w 351,232 2007-09-11 20:52:10 C:\WINDOWS\system32\osk.exe
----a-w 59,702 2007-09-13 23:55:55 C:\WINDOWS\system32\perfc009.dat
----a-w 395,970 2007-09-13 23:55:55 C:\WINDOWS\system32\perfh009.dat
-c--a-w 160,768 2007-09-11 20:52:11 C:\WINDOWS\system32\rcimlby.exe
----a-w 158,208 2007-09-13 01:34:01 C:\WINDOWS\system32\rundll32.exe
-c--a-w 57,856 2004-08-04 12:00:00 C:\WINDOWS\system32\runonce.exe
-c--a-w 56,832 2004-08-04 12:00:00 C:\WINDOWS\system32\savedump.exe
-c--a-w 256,512 2007-09-13 01:34:01 C:\WINDOWS\system32\sndrec32.exe
-c--a-w 296,448 2007-09-13 01:34:01 C:\WINDOWS\system32\sndvol32.exe
-c--a-w 214,528 2007-09-13 01:34:11 C:\WINDOWS\system32\sol.exe
----a-w 729,088 2007-09-13 01:34:11 C:\WINDOWS\system32\spider.exe
-c--a-w 293,376 2007-07-22 23:39:27 C:\WINDOWS\system32\swreg.exe
-c--a-w 54,784 2006-01-09 15:36:06 C:\WINDOWS\system32\swsc.exe
-c--a-w 91,648 2006-12-01 11:20:34 C:\WINDOWS\system32\swxcacls.exe
----a-w 472,064 2007-09-11 20:52:11 C:\WINDOWS\system32\tourstart.exe
-c--a-w 218,624 2007-09-11 20:52:10 C:\WINDOWS\system32\utilman.exe
----a-w 65,092 2006-11-27 07:34:46 C:\WINDOWS\system32\VFind.exe
-c--a-w 558,592 2007-09-13 01:34:02 C:\WINDOWS\system32\wiaacmgr.exe
-c--a-w 189,952 2007-09-13 01:34:18 C:\WINDOWS\system32\wupdmgr.exe
-c--a-w 32,768 2007-09-16 22:39:06 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
-c--a-w 65,536 2007-09-16 22:39:06 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
-c--a-w 114,688 2007-09-16 22:39:06 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 12,288 2007-09-14 21:42:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\210VM38V\e[1].exe
----a-w 10,240 2007-09-15 23:25:25 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G5QBW1M1\adv735[1].exe
----a-w 124,416 2007-09-10 20:49:39 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IV8BA52B\dl[1].exe
----a-w 7,168 2007-09-14 21:28:32 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M1CXKD0L\adv735[1].exe
----a-w 505,344 2007-09-13 01:34:03 C:\WINDOWS\system32\Restore\rstrui.exe
----a-w 370,176 2007-09-13 01:34:03 C:\WINDOWS\system32\usmt\migwiz.exe
-c--a-w 27,136 2004-08-04 12:00:00 C:\WINDOWS\system32\wbem\mofcomp.exe
.
----a-w 109,056 2007-07-20 05:47:22 C:\WINDOWS\catchme.exe
-c--a-w 79,872 2004-08-04 12:00:00 C:\WINDOWS\NOTEPAD.EXE
-c--a-w 169,984 2004-10-14 15:36:18 C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
-c--a-w 654,848 2004-10-14 15:34:54 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
-c--a-w 169,984 2004-12-01 01:22:42 C:\WINDOWS\$hf_mig$\KB885250\spuninst.exe
-c--a-w 654,848 2004-11-30 19:46:40 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
-c--a-w 169,984 2004-10-14 16:36:18 C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
-c--a-w 654,848 2004-10-14 16:34:54 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
-c--a-w 169,984 2004-10-14 16:36:18 C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
-c--a-w 654,848 2004-10-14 16:34:54 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
-c--a-w 169,984 2004-10-14 18:36:16 C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe
-c--a-w 654,848 2004-10-14 18:34:52 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
-c--a-w 169,984 2004-10-14 16:36:18 C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
-c--a-w 1,694,208 2004-10-13 16:21:24 C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
-c--a-w 654,848 2004-10-14 16:34:54 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
-c--a-w 169,984 2004-10-14 15:36:18 C:\WINDOWS\$hf_mig$\KB887742\spuninst.exe
-c--a-w 654,848 2004-10-14 15:34:54 C:\WINDOWS\$hf_mig$\KB887742\update\update.exe
-c--a-w 169,984 2004-10-14 15:36:18 C:\WINDOWS\$hf_mig$\KB888113\spuninst.exe
-c--a-w 654,848 2004-10-14 15:34:54 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
-c--a-w 169,984 2004-12-01 01:22:42 C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
-c--a-w 654,848 2004-11-30 19:46:40 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
-c--a-w 169,984 2004-12-01 01:22:42 C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
-c--a-w 654,848 2004-11-30 19:46:40 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
-c--a-w 30,720 2005-07-08 00:27:08 C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
-c--a-w 852,992 2004-08-04 12:00:00 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
----a-w 27,136 2007-09-04 04:58:18 C:\WINDOWS\ServicePackFiles\msproxy.exe
-c--a-w 227,328 2004-08-04 12:00:00 C:\WINDOWS\system32\accwiz.exe
-c--a-w 125,440 2004-08-04 12:00:00 C:\WINDOWS\system32\calc.exe
-c--a-w 91,136 2004-08-04 12:00:00 C:\WINDOWS\system32\charmap.exe
----a-w 74,752 2004-08-04 12:00:00 C:\WINDOWS\system32\cleanmgr.exe
-c--a-w 595,968 2004-08-04 12:00:00 C:\WINDOWS\system32\cmd.exe
-c--a-w 18,944 2004-08-04 12:00:00 C:\WINDOWS\system32\control.exe
-c--a-w 26,112 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe
-c--a-w 94,720 2004-07-31 23:50:36 C:\WINDOWS\system32\dumphive.exe
-c--a-w 54,272 2004-08-04 12:00:00 C:\WINDOWS\system32\dumprep.exe
----a-w 13,312 2006-11-07 09:26:32 C:\WINDOWS\system32\ieudinit.exe
-c--a-w 5,120 2004-08-04 12:00:00 C:\WINDOWS\system32\lodctr.exe
-c--a-w 72,704 2004-08-04 12:00:00 C:\WINDOWS\system32\magnify.exe
----a-w 815,104 2004-08-04 12:00:00 C:\WINDOWS\system32\mmc.exe
-c--a-w 143,360 2004-08-04 12:00:00 C:\WINDOWS\system32\mobsync.exe
----a-w 16,789,464 2007-08-03 04:34:10 C:\WINDOWS\system32\MRT.exe
----a-w 271,360 2007-04-13 08:21:14 C:\WINDOWS\system32\mscoree.dll
----a-w 170,496 2004-08-04 12:00:00 C:\WINDOWS\system32\mshearts.exe
-c--a-w 353,792 2004-08-04 12:00:00 C:\WINDOWS\system32\mspaint.exe
----a-w 418,304 2004-08-04 12:00:00 C:\WINDOWS\system32\mstsc.exe
-c--a-w 53,760 2004-08-04 12:00:00 C:\WINDOWS\system32\narrator.exe
-c--a-w 42,496 2004-08-04 12:00:00 C:\WINDOWS\system32\net.exe
-c--a-w 124,928 2004-08-04 12:00:00 C:\WINDOWS\system32\net1.exe
-c--a-w 79,872 2004-08-04 12:00:00 C:\WINDOWS\system32\notepad.exe
-c--a-w 1,276,416 2004-08-04 12:00:00 C:\WINDOWS\system32\ntbackup.exe
-c--a-w 110,592 2004-08-04 12:00:00 C:\WINDOWS\system32\odbcad32.exe
-c--a-w 215,552 2004-08-04 12:00:00 C:\WINDOWS\system32\osk.exe
----a-w 63,392 2007-08-04 08:02:59 C:\WINDOWS\system32\perfc009.dat
----a-w 404,298 2007-08-04 08:02:59 C:\WINDOWS\system32\perfh009.dat
-c--a-w 46,592 2004-08-04 12:00:00 C:\WINDOWS\system32\rcimlby.exe
----a-w 44,032 2004-08-04 12:00:00 C:\WINDOWS\system32\rundll32.exe
-c--a-w 14,336 2004-08-04 12:00:00 C:\WINDOWS\system32\runonce.exe
-c--a-w 13,312 2004-08-04 12:00:00 C:\WINDOWS\system32\savedump.exe
-c--a-w 142,336 2004-08-04 12:00:00 C:\WINDOWS\system32\sndrec32.exe
-c--a-w 182,272 2004-08-04 12:00:00 C:\WINDOWS\system32\sndvol32.exe
-c--a-w 100,352 2004-08-04 12:00:00 C:\WINDOWS\system32\sol.exe
----a-w 614,912 2004-08-04 12:00:00 C:\WINDOWS\system32\spider.exe
-c--a-w 279,552 2007-07-22 23:39:27 C:\WINDOWS\system32\swreg.exe
-c--a-w 40,960 2006-01-09 15:36:06 C:\WINDOWS\system32\swsc.exe
-c--a-w 79,360 2006-12-01 11:20:34 C:\WINDOWS\system32\swxcacls.exe
----a-w 357,888 2004-08-04 12:00:00 C:\WINDOWS\system32\tourstart.exe
-c--a-w 50,176 2004-08-04 12:00:00 C:\WINDOWS\system32\utilman.exe
----a-w 49,152 2006-11-27 07:34:46 C:\WINDOWS\system32\VFind.exe
-c--a-w 444,416 2004-08-04 12:00:00 C:\WINDOWS\system32\wiaacmgr.exe
-c--a-w 75,776 2004-08-04 12:00:00 C:\WINDOWS\system32\wupdmgr.exe
-c--a-w 32,768 2007-09-10 20:44:50 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
-c--a-w 65,536 2007-09-10 20:44:50 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
-c--a-w 114,688 2007-09-10 20:44:50 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 391,168 2004-08-04 12:00:00 C:\WINDOWS\system32\Restore\rstrui.exe
----a-w 256,000 2005-04-28 00:12:57 C:\WINDOWS\system32\usmt\migwiz.exe
-c--a-w 16,384 2004-08-04 12:00:00 C:\WINDOWS\system32\wbem\mofcomp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0723CAE4-C2AB-4995-B749-6BC9BE984564}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9}]
C:\WINDOWS\system32\91261855.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C8DE14D-EF92-492f-BBF7-B61F1405F328}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}]
2007-09-16 17:31 428544 --a------ C:\WINDOWS\system32\AClient.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F1D47EA-80B7-4f21-A9D3-3738F20596EE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236}]
2007-09-05 15:20 21504 --a------ C:\WINDOWS\system32\oembios32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{6A-AA-A9-98-ZN}"="c:\windows\system32\dwdsrngt.exe" [2007-09-16 17:41]
"ExploreUpdSched"="C:\WINDOWS\system32\mwinqldt.exe" [2007-09-16 17:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-09-12 20:53]

C:\DOCUME~1\owner\STARTM~1\Programs\Startup\
TA_Start.lnk - C:\WINDOWS\system32\dwdsrngt.exe [2007-09-16 17:41:14]
Think-Adz.lnk - C:\WINDOWS\system32\mwinqldt.exe [2007-09-16 17:41:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"MSN Messenger"= {280A7B65-8F00-438F-3E5A-1F039433FE60} - %SystemRoot%\system32\dssdll32.dll [ ]

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 dsniff;dsniff;\??\C:\WINDOWS\system32\drivers\dsniff.sys
S2 DhcpMSCSPTISRV;DHCP Client DhcpMSCSPTISRV;C:\WINDOWS\system32\a15h.exe srv
S2 MSDPSV;Distributed Process Services;"C:\WINDOWS\system32\msdpsv.exe"
S2 Themes System Manager;Themes Themes System Manager;C:\WINDOWS\system32\1028d.exe srv
S2 Windows Port Interpreter;Windows Port Interpreter For Service Pack 2 and Windows 2000;"C:\WINDOWS\repair\svchost.exe"
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys
S4 Data System Manager;Data System Manager;"C:\WINDOWS\system32\vcmon.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f481e91-b491-11db-be0f-00161735c9fe}]
AutoRun\command- J:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}]
C:\WINDOWS\system32\nusrmgr.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-09-16 17:40:58
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-16 17:43:32 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-16 17:43
.
--- E O F ---
luch559 is offline  
Old 09-16-2007, 06:52 PM   #19
Security Team
Colleague
 
Trevuren's Avatar
 
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC



Please read the following very carefully. You are not to use this computer for any purpose whatsoever until it is all clean. You are to physically disconnect this machine from the internet as soon as you have received my instructions and reconnect only for the purpose of seeing if there are any responses from me about your computer. Every time you go on line you just double the amount of infection and there will be no end to this. I will be able to tell if you have been on line just by your logs. Failure to comply will force me to refuse you any further help.


A. Please RUN HijackThis
  1. Click the SCAN button to produce a log.

  2. Place a check mark beside each one of the following items:

    F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\winlogon.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: as_ie_monitor.ie_monitor - {0723CAE4-C2AB-4995-B749-6BC9BE984564} - C:\Program Files\AntispyStorm\as_ie_monitor.dll
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\system32\9445817.dll
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
    O2 - BHO: Editor plugin - {9F1D47EA-80B7-4f21-A9D3-3738F20596EE} - diskdr.dll (file missing)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\winlogon.exe
    O4 - HKLM\..\Run: [pipmon] pipmon.exe
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\rwinqmdt.exe D4M001
    O4 - HKLM\..\Run: [{6A-AA-A9-98-ZN}] C:\WINDOWS\system32\lpdsrngm.exe D4M001
    O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
    O4 - HKLM\..\Run: [LiveProtect] "C:\Program Files\LiveProtect\LiveProtect.exe" -h
    O4 - HKLM\..\Run: [AntispyStorm] C:\Program Files\AntispyStorm\AntispyStorm.exe
    O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\winlogon.exe
    O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [con] C:\WINDOWS\system32\dllh8jkd1q2.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lpdsrngm.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\rwinqmdt.exe
    O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\b3duZXI\command.exe (file missing)
    O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Themes Themes System Manager (Themes System Manager) - Unknown owner - C:\WINDOWS\system32\1028d.exe
    O23 - Service: Windows Port Interpreter For Service Pack 2 and Windows 2000 (Windows Port Interpreter) - Unknown owner - C:\WINDOWS\repair\svchost.exe (file missing)


  3. Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.


B.1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
https://www.techsupportforum.com/security-center/hijackthis-log-help/179971-hjt-log-please-help-don-know-whats-wrong.html#post1082345

Collect::
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\pbar.dll
C:\WINDOWS\7search.dll
C:\WINDOWS\764.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\winh32.exe
C:\WINDOWS\winh32.exe
C:\WINDOWS\system32\drivers\dsniff.sys
C:\WINDOWS\system32\dssdll32.dll
C:\onjonuhx.exe
C:\sthgnm.exe
C:\DOCUME~1\LOCALS~1\Applic~1\NetMon
C:\WINDOWS\system32\fowlr.dll
C:\StubInstaller.exe
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\spredirect.dll
C:\WINDOWS\adbar.dll
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\kvnab.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\settn.dll
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\liqad.dll
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\liqui.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\drivers\dsniff.sys
C:\WINDOWS\system32\vcmon.exe
C:\WINDOWS\system32\1028d.exe srv

File::
C:\WINDOWS\system32\mwinqldt.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\system32\kwinrldt.exe
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\cookie1.dat
C:\WINDOWS\system32\drivers\fee
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\hbwpb.exe
C:\WINDOWS\system32\smuhdd.dll
C:\hxvaqsbo.exe
C:\fd5d5a3660e0ab26f62a9d752a47
C:\mcdumrks.exe
C:\voqw.exe
C:\WINDOWS\system32\kqdsrngk.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\fawcci.exe
C:\yydyre.exe
C:\bxykqg.exe
C:\WINDOWS\system32\diskdr.dll
C:\WINDOWS\system32\kernelw.sys
C:\jcsnyyk.exe
C:\WINDOWS\system32\1028d.exe
C:\pysvhk.exe
C:\WINDOWS\system32\oembios32.dll
C:\WINDOWS\system32\lpdsrngm.exe
C:\WINDOWS\system32\a15h.exe
C:\WINDOWS\system32\1358342808.dat
C:\WINDOWS\system32\AClient.dll
C:\WINDOWS\system32\stani.dll
C:\lxfvnm.exe
C:\Program Files\.autoreg
C:\WINDOWS\inf\WPN311\WPN311.sys
C:\WINDOWS\inf\WPN311\ME_INST.EXE
C:\WINDOWS\inf\WPN311\install.exe
C:\WINDOWS\aconti.exe
C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\a15h.exe srv
C:\WINDOWS\system32\msdpsv.exe

Folder::
C:\Program Files\p2pnetworks
C:\Program Files\3721
C:\Program Files\AntispyStorm
C:\Program Files\e-zshopper
C:\Program Files\amsys
C:\Program Files\akl
C:\Program Files\Accoona
C:\WINDOWS\system32\drvr2
C:\WINDOWS\system32\cfig322
C:\WINDOWS\system32\capcom

Driver::
oreans32
dsniff
DhcpMSCSPTISRV
Data System Manager
Themes System Manager

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}]
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. Additonally, ComboFix will generate the following files on your desktop
  • A zipped file on your desktop called Submit [Date Time].zip
  • And another file named - CF-Submit.htm
6. ComboFix may need to reboot to finish its work. Let it.

7. When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

8. Next, a window will popup prompting you to "Submit Files for further analysis". Click "OK"

9. Your system's browser will automatically respond by loading the CF-Submit.htm file and open a window :
  • Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.
  • Click on the file to Select it.
  • Submit the file by clicking "OK"
10. Once the file has been submitted, you may DELETE both files on your desktop.

11. Post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
Trevuren is offline  
Old 09-23-2007, 06:20 PM   #20
Guest
 
Join Date: Sep 2007
Posts: 13
OS:



Hello, Sorry about the time it took me to reply.

I ran the hijack this scan and a lot of the programs you told me to delete did not show up.
I copy/pasted that CFtxt and dragged it to Combo Fix, but when the computer restarted my screen showed up with no logs and no CF boot up screen

I produced a HJThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 20:05, on 2007-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\owner\Desktop\HJT\cool3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Editor plugin - {6C8DE14D-EF92-492f-BBF7-B61F1405F328} - smuhdd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: MSN Messenger - {280A7B65-8F00-438F-3E5A-1F039433FE60} - C:\WINDOWS\system32\dssdll32.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DHCP Client DhcpMSCSPTISRV (DhcpMSCSPTISRV) - Unknown owner - C:\WINDOWS\system32\a15h.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Themes Themes System Manager (Themes System Manager) - Unknown owner - C:\WINDOWS\system32\1028d.exe
O23 - Service: Windows Port Interpreter For Service Pack 2 and Windows 2000 (Windows Port Interpreter) - Unknown owner - C:\WINDOWS\repair\svchost.exe (file missing)

Thanx
luch559 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:46 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts