Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Newest MSN Worm/Trojan help.

Started by Angelboi , Nov 27 2006 09:55 PM

  • This topic is locked This topic is locked

#16
miekiemoes
Posted 15 January 2007 - 03:08 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

I need the log from the post fix. :whistling:
  • 0

Advertisements

#17
Angelboi
Posted 15 January 2007 - 05:43 PM

Angelboi

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 300 posts
I have a question, the Registry Fix thing you had me install is doing awkward things. Everytime I open a Windows Explorer, a "Windows Installer" pops-up. It doesn't do anything and goes away after awhile but it gets annoying.


Logfile of HijackThis v1.99.1
Scan saved at 3:42:55 PM, on 15/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Administrator\Desktop\Comp Protection\Mike screwing up\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Administrator\Desktop\BitComet_0.80\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll (file missing)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfaem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EGGS CAST FIRST BALM] C:\Documents and Settings\All Users\Application Data\ITCH CAKE EGGS CAST\BYTE DEAD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143733202\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BoreRoam] C:\DOCUME~1\ADMINI~1\APPLIC~1\UPLOAD~1\Drawdownload.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Administrator\Desktop\BitComet_0.80\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Administrator\Desktop\BitComet_0.80\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Administrator\Desktop\BitComet_0.80\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} - http://www.albatross...m/cabs/A18X.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard....des/cabs/si.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138938344945
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BC5E698E-77CF-45EF-80A3-090A4B6AAF83} (HGPlugin8USA Class) - http://gamedownload....GPlugin8USA.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by121fd.bay12...ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Btentlmc - Unknown owner - (no file)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: SmartProtection Agent Service - Unknown owner - C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
O23 - Service: SmartProtection Agent Service (SmartProtection Service) - Unknown owner - C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:43:14 PM 14/01/2007

+ Scan result:



C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP781\A0159052.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nfomon\nfo.ocx -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nfomon\nfom.dll -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2595F37-48D0-46A1-9B51-478591A97764} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2595F37-48D0-46A1-9B51-478591A97764} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-606747145-484061587-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-606747145-484061587-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2595F37-48D0-46A1-9B51-478591A97764} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\012ZC12F\122[1].net -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\b122.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP755\A0157447.exe -> Adware.NetPumper : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\b130.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\b131.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz10E.tmp\Telecharger.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\mc2.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP729\A0149269.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP729\A0149270.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP729\A0149271.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP729\A0149860.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP730\A0150057.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP730\A0150058.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP761\A0158471.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP761\A0158474.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\mc2.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mc2.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP761\A0158472.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP761\A0158475.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\012ZC12F\116[1].net -> Downloader.PurityScan.dy : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\b116.exe -> Downloader.PurityScan.dy : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp134.tmp -> Not-A-Virus.Hoax.Win32.Renos.ec : Cleaned with backup (quarantined).
C:\Program Files\NOD\NOD32.2.12.4-Patcher.cht.rar/NOD32.2.12.4-Patcher.cht\NOD32.2.12.4-Patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Program Files\NOD\NOD32.2.12.4-Patcher.cht\NOD32.2.12.4-Patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Program Files\NOD\NOD32.2.12.4.cht.xp.rar/NOD32.2.12.4-Patcher.cht.rar/NOD32.2.12.4-Patcher.cht\NOD32.2.12.4-Patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WinHound.com -> Spyware.WinHound : Error during cleaning.
HKLM\SOFTWARE\WinHound.com\WinHound -> Spyware.WinHound : Error during cleaning.
HKLM\SOFTWARE\WinHound.com\WinHound\WinHound -> Spyware.WinHound : Error during cleaning.
HKLM\SOFTWARE\WinHound.com\WinHound\WinHound\License -> Spyware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
E:\Burning List\Cookies\adminboi@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
E:\Burning List\Cookies\adminboi@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
E:\Burning List\Cookies\adminboi@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
E:\Burning List\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Addcontrol : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Addcontrol : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Adition : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
E:\Burning List\Cookies\adminboi@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
E:\Burning List\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Co : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned.
E:\Burning List\Cookies\adminboi@com[2].txt -> TrackingCookie.Com : Cleaned.
E:\Burning List\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
E:\Burning List\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.127:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Information : Cleaned.
E:\Burning List\Cookies\[email protected][1].txt -> TrackingCookie.Information : Cleaned.
E:\Burning List\Cookies\adminboi@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
E:\Burning List\Cookies\adminboi@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@komtrack[1].txt -> TrackingCookie.Komtrack : Cleaned.
E:\Burning List\Cookies\adminboi@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
E:\Burning List\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.125:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
E:\Burning List\Cookies\[email protected][1].txt -> TrackingCookie.Planetactive : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Popularix : Cleaned.
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
E:\Burning List\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned.
E:\Burning List\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.176:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
E:\Burning List\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
E:\Burning List\Cookies\adminboi@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
E:\Burning List\Cookies\adminboi@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hgzbqaut.Derek\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
E:\Burning List\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
E:\Burning List\Cookies\[email protected][3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\{3C8AC9B6-0BB6-1033-1001-040116060002}\888.dll -> Trojan.LuckyBar888.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP729\A0149272.dll -> Trojan.LuckyBar888.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP761\A0158473.dll -> Trojan.LuckyBar888.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\cset.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\isetup.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\ssetup.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\vset.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\vsset.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\xsetup.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP729\A0150008.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP729\A0150013.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17A784B9-A365-4253-895F-78575E2DA97A}\RP731\A0150062.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\isetup.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\isetup.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end



"Administrator" - 07-01-14 22:05:22 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\Administrator\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\INSTALL.LOG
C:\Program Files\Common Files\{3C8AC~1
C:\Program Files\Common Files\{DC8AC~1
C:\Program Files\Inetget2
C:\Program Files\InetGet2


((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 14:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-14 14:31 <DIR> d-------- C:\Program Files\Grisoft
2007-01-07 09:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\InstallShield
2006-12-27 23:20 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Activision
2006-12-27 23:19 <DIR> d--hs---- C:\WINDOWS\ftpcache
2006-12-27 23:01 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-12-27 23:01 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-12-27 23:01 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-12-22 21:31 <DIR> d--h----- C:\WINDOWS\system32\vidmon
2006-12-22 21:31 <DIR> d--h----- C:\WINDOWS\system32\nfomon
2006-12-22 21:31 <DIR> d--h----- C:\Program Files\Common Files\Uninstall Information
2006-12-22 21:31 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Application Data\vidmon
2006-12-22 21:31 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Application Data\nfo
2006-12-20 22:31 <DIR> d-------- C:\Program Files\uploadwayace
2006-12-20 22:31 <DIR> d-------- C:\Program Files\NetPumper
2006-12-20 22:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\ITCH CAKE EGGS CAST
2006-12-20 22:31 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\uploadwayace
2006-12-20 22:31 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\NetPumper
2006-12-20 20:47 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\IMVU
2006-12-20 20:46 <DIR> d-------- C:\Program Files\IMVU
2006-12-20 16:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-12-18 21:53 286,208 --a------ C:\WINDOWS\system32\cncs232.dll
2006-12-16 16:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-16 16:27 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-16 03:16 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2006-12-16 03:13 <DIR> d-------- C:\Program Files\WinPcap


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 22:03 -------- d-------- C:\Program Files\flashget
2007-01-07 09:25 -------- d--h----- C:\Program Files\installshield installation information
2007-01-07 06:39 -------- d-------- C:\Program Files\steam
2007-01-02 15:12 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2006-12-27 23:20 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-23 13:31 -------- d-------- C:\Program Files\starcraft
2006-12-20 22:30 -------- d-------- C:\Program Files\mozilla firefox
2006-12-20 16:31 -------- d-------- C:\Program Files\konami
2006-12-15 15:48 -------- d-------- C:\Program Files\Common Files\scanner
2006-12-15 00:51 75280 --a------ C:\WINDOWS\system32\isafprod.dll
2006-12-15 00:51 32528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-12-15 00:51 26640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2006-12-15 00:51 21648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-12-15 00:51 21392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2006-12-13 16:41 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\cr120twn
2006-12-07 23:50 -------- d---s---- C:\DOCUME~1\ADMINI~1\Application Data\microsoft
2006-11-27 22:46 -------- d-------- C:\Program Files\msn messenger
2006-11-27 19:50 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-26 10:39 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\trojanhunter
2006-11-26 09:05 -------- d-------- C:\Program Files\trojanhunter 4.6
2006-11-25 22:50 -------- d-------- C:\Program Files\ca
2006-11-25 22:47 -------- d-------- C:\Program Files\norton antivirus
2006-11-25 22:47 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-11-25 22:47 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\symantec
2006-11-25 22:46 -------- d-------- C:\Program Files\symantec
2006-11-20 05:01 -------- d-------- C:\Program Files\msxml 4.0
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-01 13:36 95760 --a------ C:\WINDOWS\system32\isafeif.dll
2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS�
  • 0

#18
Angelboi
Posted 15 January 2007 - 05:44 PM

Angelboi

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 300 posts
Remainder of Combo Fix.
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BoreRoam"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\UPLOAD~1\\Drawdownload.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"MultiRes"="C:\\Program Files\\MultiRes\\MultiRes.exe"
@=""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.0.419.0\\QOELoader.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"
"capfaem"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\capfaem.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.2\\THGuard.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EGGS CAST FIRST BALM"="C:\\Documents and Settings\\All Users\\Application Data\\ITCH CAKE EGGS CAST\\BYTE DEAD.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"WinVNC"="\"C:\\Program Files\\UltraVNC\\WinVNC.exe\" -servicehelper"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1143733202\\ee\\AOLSoftware.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Exif Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe "
"item"="Exif Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Loadout Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Loadout Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\Loadout Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Belkin\\Nostromo\\nost_LM.exe -startup"
"item"="Loadout Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VM_STI"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VM_STI.EXE Yht PC Camera"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I2H1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2H1.EXE /P30 \"EPSON Stylus Photo R200 Series\" /O6 \"USB001\" /M \"Stylus Photo R200\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Application Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"hubbsi"="{7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc7c326a-2a79-11db-a380-00112fd5870f}]
Shell\AutoRun\command G:\AutoRun.exe
Shell\configure\command G:\ThumbDriveGuardSetup.exe
Shell\install\command G:\ThumbDriveGuardSetup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVG_ANTI-SPYWARE_DRIVER
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVG_ANTI-SPYWARE_GUARD
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NPKCRYPT


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\B4E0BE9D984F3351.job

Completion time: 07-01-14 22:20:10
  • 0

#19
miekiemoes
Posted 15 January 2007 - 06:27 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

The errors have nothing to do with the registry fix though, because that only deleted a policies explorer run key, which was created by the malware you were also dealing with -- actually I see you managed to got more malware installed in a meanwhile. Instead of fixing your problems earlier, you just installed additional software including malware :whistling:
Malware corrupts your system and the longer you wait, the worse it gets and not everything can be properly restored in such cases.

Please uninstall Netpumper
This because it is bundled with the malware you are dealing with (swizzor aka lop).
Also look if next are present in software > add/remove programs and uninstall them:

CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media

In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window

Then reboot. Important!

After reboot,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll (file missing)
O4 - HKLM\..\Run: [EGGS CAST FIRST BALM] C:\Documents and Settings\All Users\Application Data\ITCH CAKE EGGS CAST\BYTE DEAD.exe
O4 - HKCU\..\Run: [BoreRoam] C:\DOCUME~1\ADMINI~1\APPLIC~1\UPLOAD~1\Drawdownload.exe
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} - http://www.albatross...m/cabs/A18X.ocx
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O23 - Service: Btentlmc - Unknown owner - (no file)

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

Delete next folders:

C:\WINDOWS\system32\vidmon
C:\WINDOWS\system32\nfomon
C:\DOCUMENTS AND SETTINGS\ALLUSERS\Application Data\vidmon
C:\DOCUMENTS AND SETTINGS\ALLUSERS\Application Data\nfo
C:\Program Files\uploadwayace
C:\Program Files\NetPumper
C:\DOCUMENTS AND SETTINGS\ALLUSERS\Application Data\ITCH CAKE EGGS CAST
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Application Data\uploadwayace
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Application Data\NetPumper

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"hubbsi"=-

Save this as fix2.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

* Download Deljob.exe and save it on your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop
Post the contents of the logfile in your next reply together with a new Hijackthislog and new Combofixlog.

By the way..

Ever wondered how you get infected? I see you're not afraid of visiting cracksites and other illegal sites, because some cracks are being flagged as malicious.
If you visit cracksites, use cracks, you'll ALWAYS get infected. This not only because of the crack itself, but because one single click entering that site may already download and install a huge malware bundle.
You really have to change your surfing habits though, because these malware bundles may contain a keylogger, collecting all your passwords and other random malware, compromising your system. And this all, because you visited some illegal sites.
So is it really worth it? Get illegal software for "free", but compromise your computer instead.... :blink:
Better to avoid this instead and change your surfing habits. Then this wouldn't have happened.

Also,

I notice from your log that you are having more than one different Anti-Virus program installed.
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

I would strongly advise you to only have one Anti-Virus with the Auto-Protect feature running at any one time!
If you decide to only keep one Anti-Virus installed,
you should uninstall the other(s) through the Add or Remove Programs option in Control Panel.
  • 0

#20
Angelboi
Posted 15 January 2007 - 07:04 PM

Angelboi

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 300 posts
I would like to note that I do not know what my brother has done previously with this computer, but the only crack I use is Daemon Tools, which allows me to not need a CD when running my Warcraft 3 Frozen Throne, of which I have legally Purchased. I just don't want to always have to change CD's.

Secondly, is there anyway to stop this constant "Windows Installer" pop up? It happens ANY time I open any sort of Internet related window, whether it be a game, or just Internet browsing. Any new page will cause a "Windows Installer" to appear.

edit:
Net Pumper
Download Plugin
Zone Media

Is not present in the Add/Remove Program list.

Edited by Angelboi, 15 January 2007 - 07:06 PM.

  • 0

#21
Angelboi
Posted 15 January 2007 - 07:16 PM

Angelboi

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 300 posts
Serious Issue! My PC is no longer accessible. At start up, The monitor will constantly lose Signal and it will auto-reboot.

It will Constantly Prompt for what mode to Start in, even if I try Safe mode i cannot enter.

I am currently typing with my moms computer.
  • 0

#22
Angelboi
Posted 15 January 2007 - 09:49 PM

Angelboi

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 300 posts
I think I am going to have to reformat it.

Unless there's a way to do a System restore, back to the point before I deleted the CiD.

Any ideas?
  • 0

#23
Angelboi
Posted 15 January 2007 - 10:28 PM

Angelboi

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 300 posts
There are files I need to keep so Im hoping there's a way to restore it.

I tried to put my Windows CD to see if I can do a System restore, but it can't read a file:

[Files Needed]

The file 'Asms' on Windows XP Professional CD-ROM is needed. Type the path where the file is located, and then click OK.

So now im stuck in a Windows Setup page.


I would also like to note Ill be here refreshing this thread for the next 2 hours if you ever get back. If not then I hope I can catch you some other time to help me periodically rather than 1 post every several hours.
  • 0

#24
Angelboi
Posted 16 January 2007 - 12:05 AM

Angelboi

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 300 posts
So What ive finally done is followed these steps

http://support.microsoft.com/kb/311755

And the Windows Repair is currently... repairing. I see you are now online.
  • 0

#25
miekiemoes
Posted 16 January 2007 - 12:22 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Angelboi,

Unless there's a way to do a System restore, back to the point before I deleted the CiD.


Uninstalling CiD is not the cause of your system not to boot properly anymore. The error you are getting "
The file 'Asms' on Windows XP Professional CD-ROM is needed. Type the path where the file is located, and then click OK."

occurs due to scratches on the CD-ROM or corrupt files on the CD or CD-ROM drive not being able to read from the CD properly.

Here's the solution for your problem:
http://support.microsoft.com/kb/311755

By the way, I wonder how the CD comes up in your CDRom anyway, because you only get that message then.
Was there any cd inserted during the steps we did?
When did you install this "Thumdrive Guard" ?

I would also like to note Ill be here refreshing this thread for the next 2 hours if you ever get back. If not then I hope I can catch you some other time to help me periodically rather than 1 post every several hours.

Excuse me, but you have to understand that we probably live in different timezones and now it is 7.21h in the morning (so actually I was in bed). You cannot expect from me that I stay up all night.
  • 0

Advertisements

#26
miekiemoes
Posted 16 January 2007 - 12:28 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
By the way, I won't be able to be online in the next few hours, because I also have a fulltime job and have to go to work within 15 minutes.
At my work, I won't be able to access a computer anyway. So I'll reply as soon as I get back. :whistling:

So as I understand from your previous post, you are doing a repair install now?
Once Windows is repaired, it will be a good idea to back up your important data anyway and put it on cd rom, because you never know what other errors etc may appear afterwards because of corruption.
This is in case a full format will be needed.
  • 0

#27
Angelboi
Posted 16 January 2007 - 12:29 AM

Angelboi

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 300 posts
I didn't expect you to stay up all night. I was just hoping you would come online while I was still here.

And I thank you for your time.
During our steps, yes there was a CD in the Drive, but it was for one of my games.

The ThumbDrive Guard thing my brother installed recently because his 512MB ThumbDrive came with an Anti-Virus.

I also understand that having multiple Anti-Viruses is bad (Ive read your "Help! My Computer is slow!" Segment)

But all the other currently installed ones are going to be removed as they have expired or not functioning.

And yes I have followed the steps provided by Microsoft, and my computer is currently setting itself up
  • 0

#28
Angelboi
Posted 16 January 2007 - 12:31 AM

Angelboi

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 300 posts
Oh, sorry to bother you from your job ^^
Well, in exactly 15 hours from now Ill be home from school, Maybe you'll be available then.

Do you have any Online contact such as msn?
  • 0

#29
Angelboi
Posted 16 January 2007 - 12:40 AM

Angelboi

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 300 posts
Errr you might not get this message but I was hoping you could answer this question before you go.

The Windows Repair is trying to Reinstall my Ethernet Adapter Which is a Marvell Yukon Gigabit Ethernet Adapter but I don't have files for it as it came with the computer Originally.

If I choose not to install it, will it still be present? As nothing is technically getting erased, rather repaired.
  • 0

#30
miekiemoes
Posted 16 January 2007 - 12:41 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

I guess it is a good idea to temporary uninstall this Thumbdrive Guard as well for now. This because it may cause extra problems. And since you say it has been installed very recently, it could be causing these extra problems as well, because you didn't have it before.

In anyway, the extra Antivirus should be removed.
Also, did you purchase CA Internet Security Suite? In case you didn't, I also suggest you uninstall it.
There are a lot of Great free antivirus and firewalls out there that you can use instead (only install one AV and one Firewall). Look in my signature under Firewalls and Antivirus.

No, I don't use Messenger or any other IM Client for the moment.

Well, in exactly 15 hours from now Ill be home from school, Maybe you'll be available then.

Yes, I'll be available then normally :whistling:

If I choose not to install it, will it still be present? As nothing is technically getting erased, rather repaired.

Normally yes.

Edited by miekiemoes, 16 January 2007 - 12:42 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP