Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow System jfrrvthk.dll error


  • Please log in to reply

#1
999Virus999

999Virus999

    Member

  • Member
  • PipPip
  • 32 posts
I get the following error when booting up and my system is really lagging badly:

error loading c:\windows\system32\jfrrvthk.dll

Here is my log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Insider\Insider.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\TCRL\Desktop\HiJackThis_v2.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\avciman.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45E1A125-41A3-4253-A5EC-3354A4E7C56D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8732EF27-971C-4405-9F70-30538C15EE3D} - C:\WINDOWS\system32\awvts.dll
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\urqnoop.dll (file missing)
O2 - BHO: {a6c08502-f04c-8a69-4e64-db9492ae317d} - {d713ea29-49bd-46e4-96a8-c40f20580c6a} - C:\WINDOWS\system32\pgplbmta.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [f021167d] rundll32.exe "C:\WINDOWS\system32\jfrrvthk.dll",b
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googl...en/preview.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O20 - Winlogon Notify: urqnoop - urqnoop.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vcqdhhxg.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\progy.html

--
End of file - 11436 bytes

Thanks!!!

Edited by 999Virus999, 08 December 2007 - 03:13 AM.

  • 0

Advertisements


#2
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,662 posts
Hello 999Virus999 and welcome to G2G, you have quite a collection, let's get started.

P2P - I see you have P2P software (i.e. Bearshare) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please go HERE and click the "Download VundoFix" link.
Download VundoFix to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Edited by racenutalways, 12 December 2007 - 02:23 PM.

  • 0

#3
999Virus999

999Virus999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thanks a bunch for your help!!! and yes I am getting rid of that file sharing crap program because that is where this all started.

FYI - I installed and ran new antivirus and spyware programs. This may have changed the results a little (eg - vundo wasnt located). I will continue with your instructions to make sure we are clean. Again thanks!!!!!!!!

Here are the Vundo and Hijack logs

*******************************

VundoFix V6.7.0

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 6:18:25 PM 12/12/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

************************************************

Scan saved at 7:00:13 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TCRL\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {6F9A866E-35D6-4ED2-A4DC-BFBF1286AD81} - (no file)
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googl...en/preview.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: urqnoop - urqnoop.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vcqdhhxg.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9619 bytes

Edited by 999Virus999, 12 December 2007 - 08:12 PM.

  • 0

#4
999Virus999

999Virus999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OK - here are the SDFix and new Hijack logs:

***************************************


SDFix: Version 1.118

Run by TCRL on Wed 12/12/2007 at 07:46 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CMMGR32.EXE - Deleted
C:\PROGRA~1\WINDOW~3\LAWU - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Program Files\Insider\UnInstall.exe - Deleted
C:\n.bat - Deleted
C:\WINDOWS\Fonts\Setup.exe - Deleted
C:\WINDOWS\system32\pac.txt - Deleted

x.dat and z.dat data copied to \SDFix\Data.txt


Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Insider - Removed
Folder C:\Temp\1cb - Removed
Folder C:\WINDOWS\Fonts\' - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 19:52:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:a29e5cf2
"s1"=dword:59aded4b
"s2"=dword:a3408bc1
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:04,47,b9,40,b3,ea,57,ae,af,4c,20,28,6d,ad,bd,9e,20,fd,c2,4d,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:04,47,b9,40,b3,ea,57,ae,af,4c,20,28,6d,ad,bd,9e,20,fd,c2,4d,7e,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Call of Duty\\CoDUOMP.exe"="C:\\Program Files\\Call of Duty\\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\\Program Files\\NovaLogic\\Joint Operations Demo\\jodemo.exe"="C:\\Program Files\\NovaLogic\\Joint Operations Demo\\jodemo.exe:*:Enabled:jodemo"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE:*:Enabled:UPDATE"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHD.EXE"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHD.EXE:*:Disabled:DFBHD"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Hard Truck 2\\htruck2.exe"="C:\\Program Files\\Hard Truck 2\\htruck2.exe:*:Disabled:htruck2"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"="C:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe:*:Enabled:UltimateDefragV1.05 Beta"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\SIMS\\RACER\\racer.exe"="C:\\SIMS\\RACER\\racer.exe:*:Enabled:racer"
"C:\\Program Files\\123CopyDVD Pro\\123CopyDVD.exe"="C:\\Program Files\\123CopyDVD Pro\\123CopyDVD.exe:*:Enabled:123 Copy DVD Pro"
"C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"="C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe:*:Enabled:fgfs"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\vcqdhhxg.exe"="C:\\WINDOWS\\system32\\vcq"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 27 Feb 2006 152 ..SHR --- "C:\WINDOWS\system32\08FCA72C34.sys"
Sat 8 Dec 2007 1,682 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 8 Dec 2007 121,453 ..SH. --- "C:\WINDOWS\system32\stvwa.tmp"
Fri 30 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 22 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Finished!

****************************************

Scan saved at 7:58:35 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TCRL\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {6F9A866E-35D6-4ED2-A4DC-BFBF1286AD81} - (no file)
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googl...en/preview.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: urqnoop - urqnoop.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vcqdhhxg.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9561 bytes

Edited by 999Virus999, 12 December 2007 - 08:00 PM.

  • 0

#5
999Virus999

999Virus999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here are the Combofix and Hijack logs:

*******************************

ComboFix 07-12-12.3 - TCRL 2007-12-12 20:03:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.552 [GMT -6:00]
Running from: C:\Documents and Settings\TCRL\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\WINDOWS\cookies.ini
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-12 19:46 . 2007-12-12 19:46 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-12 18:18 . 2007-12-12 18:18 <DIR> d-------- C:\VundoFix Backups
2007-12-08 19:49 . 2007-12-12 08:00 <DIR> d-------- C:\Documents and Settings\TCRL\Application Data\AVG7
2007-12-08 19:48 . 2007-12-08 19:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-08 19:48 . 2007-12-08 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 19:48 . 2007-12-08 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-08 18:20 . 2007-12-08 18:30 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-08 12:13 . 2007-12-08 12:13 294 ---hs---- C:\WINDOWS\system32\kffjbqwm.ini
2007-12-08 07:13 . 2007-12-08 18:30 112,614 ---hs---- C:\WINDOWS\system32\stvwa.ini2
2007-12-08 07:06 . 2007-12-08 07:03 122,235 --ahs---- C:\WINDOWS\system32\stvwa.ini
2007-12-08 03:24 . 2007-12-08 03:24 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-08 03:17 . 2007-12-08 18:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-08 03:17 . 2007-12-08 03:17 <DIR> d-------- C:\Documents and Settings\TCRL\Application Data\SUPERAntiSpyware.com
2007-12-08 03:17 . 2007-12-08 03:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-07 20:06 . 2007-12-07 21:44 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-07 20:06 . 2007-12-08 03:29 121,453 ---hs---- C:\WINDOWS\system32\stvwa.tmp
2007-12-07 19:55 . 2007-12-08 06:16 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2007-12-07 19:44 . 2007-12-07 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-12-07 19:38 . 2007-12-07 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2007-12-07 13:48 . 2002-09-17 06:03 897,024 --------- C:\WINDOWS\NuNinst.exe
2007-12-07 13:48 . 2002-09-13 06:35 448,640 --a------ C:\WINDOWS\system32\drivers\bsudf.sys
2007-12-07 13:48 . 2002-09-20 09:22 74,991 --------- C:\WINDOWS\NuNinst.cfg
2007-12-07 13:48 . 2002-06-05 17:07 9,344 --a------ C:\WINDOWS\system32\drivers\bsstor.sys
2007-12-07 12:14 . 2007-12-07 12:14 6,687 --a------ C:\WINDOWS\system32\iygmyojv.dll
2007-12-07 07:57 . 2007-12-07 07:58 <DIR> d-------- C:\Program Files\LimeWire
2007-12-06 13:20 . 2007-12-06 13:20 6,687 --a------ C:\WINDOWS\system32\csavspnl.dll
2007-12-05 13:17 . 2007-12-05 13:17 6,687 --a------ C:\WINDOWS\system32\phywtpsh.dll
2007-12-04 18:20 . 2007-12-04 18:22 <DIR> d-------- C:\Program Files\18 Wheels of Steel American Long Haul
2007-12-04 13:14 . 2007-12-04 13:14 6,687 --a------ C:\WINDOWS\system32\odcsalup.dll
2007-12-04 12:02 . 2007-12-04 12:15 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2007-12-04 10:42 . 2007-12-04 10:42 6,687 --a------ C:\WINDOWS\system32\qdwrgmyx.dll
2007-12-03 10:36 . 2007-12-03 10:36 6,687 --a------ C:\WINDOWS\system32\jaxxoajv.dll
2007-12-02 10:35 . 2007-12-04 10:36 803,317 --ahs---- C:\WINDOWS\system32\khtvrrfj.ini
2007-12-02 10:32 . 2007-12-08 12:09 70,792 ---hs---- C:\WINDOWS\system32\stvwa.bak2
2007-12-02 09:17 . 2007-12-02 10:31 793,724 --ahs---- C:\WINDOWS\system32\jahpexie.ini
2007-12-01 21:13 . 2007-12-07 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-01 21:08 . 2007-12-05 13:09 69,506 --ahs---- C:\WINDOWS\system32\stvwa.bak1
2007-12-01 17:20 . 2007-12-08 07:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-01 14:40 . 2007-12-07 21:41 <DIR> d--hs---- C:\WINDOWS\VENSTA
2007-12-01 14:40 . 2007-12-01 23:21 <DIR> d-------- C:\WINDOWS\system32\pr12
2007-12-01 14:40 . 2007-12-01 23:17 <DIR> d-------- C:\WINDOWS\system32\cv1
2007-12-01 14:39 . 2007-12-08 21:19 <DIR> d-------- C:\WINDOWS\system32\daSgo18
2007-11-30 23:30 . 2007-11-30 23:32 <DIR> d-------- C:\Program Files\Rigs of Rods 0.33d
2007-11-30 23:29 . 2007-11-30 23:30 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-11-30 19:06 . 2007-11-30 19:06 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-30 09:43 . 2007-12-07 07:58 <DIR> d-------- C:\Documents and Settings\TCRL\Shared
2007-11-30 09:43 . 2007-12-07 07:58 <DIR> d-------- C:\Documents and Settings\TCRL\Incomplete
2007-11-30 09:43 . 2007-12-07 07:58 <DIR> d-------- C:\Documents and Settings\TCRL\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 01:32 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-09 00:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 09:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 01:57 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd4141.sys
2007-12-07 20:03 --------- d-----w C:\Program Files\Ahead
2007-12-06 11:12 --------- d-----w C:\Documents and Settings\TCRL\Application Data\AdobeUM
2007-12-02 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-01 20:19 --------- d-----w C:\Documents and Settings\TCRL\Application Data\Uniblue
2007-11-30 23:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-05 13:02 --------- d-----w C:\Program Files\Electronic Arts
2007-10-25 16:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2004-10-01 21:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2006-02-27 21:48 152 --sh--r C:\WINDOWS\system32\08FCA72C34.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F9A866E-35D6-4ED2-A4DC-BFBF1286AD81}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 15:53]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 10:40]
"Handy Backup 5.4"="C:\Program Files\Novosoft\Handy Backup\hbagent.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2004-07-02 12:26]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" []
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2004-11-30 12:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 01:45]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 C:\WINDOWS\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-01-04 16:51]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 17:14]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 17:30]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 12:43]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 02:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-08 19:48]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-08 19:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-01 10:48:28]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnoop]
urqnoop.dll

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00d245a1-6890-11d9-890e-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-12 09:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
"2007-12-11 20:29:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-14 20:24:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2005-07-24 18:04:01 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 20:08:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-12 20:09:42 - machine was rebooted
.
2007-12-12 09:02:59 --- E O F ---

***************************************************************************

Scan saved at 8:11:51 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TCRL\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {6F9A866E-35D6-4ED2-A4DC-BFBF1286AD81} - (no file)
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googl...en/preview.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: urqnoop - urqnoop.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9498 bytes
  • 0

#6
999Virus999

999Virus999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here is the SmitfraudFix log:

*************************

SmitFraudFix v2.265

Scan done at 20:19:08.90, Wed 12/12/2007
Run from C:\Documents and Settings\TCRL\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TCRL


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TCRL\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TCRL\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 3Com Gigabit LOM (3C940) - Packet Scheduler Miniport
DNS Server Search Order: 172.16.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{29C8F4D4-0033-4C3D-82EB-429EBC83F9A4}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{29C8F4D4-0033-4C3D-82EB-429EBC83F9A4}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{29C8F4D4-0033-4C3D-82EB-429EBC83F9A4}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#7
999Virus999

999Virus999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Old java is out - new java is in.

BTW - when we are completely done here should I delete my above posts? Any info in there that I wouldnt want several unknown people looking at?

999Virus999

Edited by 999Virus999, 12 December 2007 - 08:41 PM.

  • 0

#8
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,662 posts
So far so good, but we have a little work to do to make certain all is well. There is no info in these logs that could be used against you.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\stvwa.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\kffjbqwm.ini
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\iygmyojv.dll
C:\WINDOWS\system32\csavspnl.dll
C:\WINDOWS\system32\phywtpsh.dll
C:\WINDOWS\system32\odcsalup.dll
C:\WINDOWS\system32\qdwrgmyx.dll
C:\WINDOWS\system32\jaxxoajv.dll
C:\WINDOWS\system32\khtvrrfj.ini
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\jahpexie.ini
C:\WINDOWS\system32\stvwa.bak1

Folder::
C:\WINDOWS\system32\pr12
C:\WINDOWS\system32\cv1
C:\WINDOWS\system32\daSgo18

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\vcqdhhxg.exe"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F9A866E-35D6-4ED2-A4DC-BFBF1286AD81}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnoop]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
Panda only works if you are using Internet Explorer.

This will clean out all cookies and Temp file, making the Panda Scan a little quicker.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you also use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you also use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#9
999Virus999

999Virus999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here are the new combo and hijack logs

ComboFix 07-12-12.3 - TCRL 2007-12-14 23:27:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.637 [GMT -6:00]
Running from: C:\Documents and Settings\TCRL\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\TCRL\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\csavspnl.dll
C:\WINDOWS\system32\iygmyojv.dll
C:\WINDOWS\system32\jahpexie.ini
C:\WINDOWS\system32\jaxxoajv.dll
C:\WINDOWS\system32\kffjbqwm.ini
C:\WINDOWS\system32\khtvrrfj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\odcsalup.dll
C:\WINDOWS\system32\phywtpsh.dll
C:\WINDOWS\system32\qdwrgmyx.dll
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\stvwa.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\csavspnl.dll
C:\WINDOWS\system32\cv1
C:\WINDOWS\system32\daSgo18
C:\WINDOWS\system32\iygmyojv.dll
C:\WINDOWS\system32\jahpexie.ini
C:\WINDOWS\system32\jaxxoajv.dll
C:\WINDOWS\system32\kffjbqwm.ini
C:\WINDOWS\system32\khtvrrfj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\odcsalup.dll
C:\WINDOWS\system32\phywtpsh.dll
C:\WINDOWS\system32\pr12
C:\WINDOWS\system32\qdwrgmyx.dll
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\stvwa.tmp

.
((((((((((((((((((((((((( Files Created from 2007-11-15 to 2007-12-15 )))))))))))))))))))))))))))))))
.

2007-12-12 20:37 . 2007-12-12 20:37 <DIR> d-------- C:\Program Files\Java
2007-12-12 20:37 . 2007-12-12 20:37 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-12 20:37 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-12 20:19 . 2007-12-12 20:19 3,576 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-12 19:46 . 2007-12-12 19:46 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-12 18:18 . 2007-12-12 18:18 <DIR> d-------- C:\VundoFix Backups
2007-12-08 19:49 . 2007-12-14 08:00 <DIR> d-------- C:\Documents and Settings\TCRL\Application Data\AVG7
2007-12-08 19:48 . 2007-12-08 19:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-08 19:48 . 2007-12-08 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 19:48 . 2007-12-08 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-08 03:24 . 2007-12-08 03:24 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-08 03:17 . 2007-12-08 18:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-08 03:17 . 2007-12-08 03:17 <DIR> d-------- C:\Documents and Settings\TCRL\Application Data\SUPERAntiSpyware.com
2007-12-08 03:17 . 2007-12-08 03:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-07 20:06 . 2007-12-07 21:44 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-07 19:55 . 2007-12-08 06:16 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2007-12-07 19:44 . 2007-12-07 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-12-07 19:38 . 2007-12-07 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2007-12-07 13:48 . 2002-09-17 06:03 897,024 --------- C:\WINDOWS\NuNinst.exe
2007-12-07 13:48 . 2002-09-13 06:35 448,640 --a------ C:\WINDOWS\system32\drivers\bsudf.sys
2007-12-07 13:48 . 2002-09-20 09:22 74,991 --------- C:\WINDOWS\NuNinst.cfg
2007-12-07 13:48 . 2002-06-05 17:07 9,344 --a------ C:\WINDOWS\system32\drivers\bsstor.sys
2007-12-07 07:57 . 2007-12-07 07:58 <DIR> d-------- C:\Program Files\LimeWire
2007-12-04 18:20 . 2007-12-04 18:22 <DIR> d-------- C:\Program Files\18 Wheels of Steel American Long Haul
2007-12-04 12:02 . 2007-12-04 12:15 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2007-12-01 21:13 . 2007-12-07 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-01 17:20 . 2007-12-08 07:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-01 14:40 . 2007-12-07 21:41 <DIR> d--hs---- C:\WINDOWS\VENSTA
2007-11-30 23:30 . 2007-11-30 23:32 <DIR> d-------- C:\Program Files\Rigs of Rods 0.33d
2007-11-30 23:29 . 2007-11-30 23:30 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-11-30 19:06 . 2007-11-30 19:06 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-30 09:43 . 2007-12-07 07:58 <DIR> d-------- C:\Documents and Settings\TCRL\Shared
2007-11-30 09:43 . 2007-12-07 07:58 <DIR> d-------- C:\Documents and Settings\TCRL\Incomplete
2007-11-30 09:43 . 2007-12-07 07:58 <DIR> d-------- C:\Documents and Settings\TCRL\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 04:49 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-15 04:48 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-09 00:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 09:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 01:57 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd4141.sys
2007-12-07 20:03 --------- d-----w C:\Program Files\Ahead
2007-12-06 11:12 --------- d-----w C:\Documents and Settings\TCRL\Application Data\AdobeUM
2007-12-02 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-01 20:19 --------- d-----w C:\Documents and Settings\TCRL\Application Data\Uniblue
2007-11-30 23:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-05 13:02 --------- d-----w C:\Program Files\Electronic Arts
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 16:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-22 09:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 09:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-13 15:31 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-10-13 15:31 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-12 21:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 21:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-08 22:03 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-02 15:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2004-10-01 21:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2003-07-31 09:53 147,456 -c--a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 -c--a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 -c--a-w C:\WINDOWS\inf\EL2K_2K.sys
2006-02-27 21:48 152 --sh--r C:\WINDOWS\system32\08FCA72C34.sys
.

((((((((((((((((((((((((((((( [email protected]_20.09.09.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-09 20:28:20 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 04:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-11-09 20:28:30 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 04:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-11-09 22:07:32 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 05:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 15:53]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 10:40]
"Handy Backup 5.4"="C:\Program Files\Novosoft\Handy Backup\hbagent.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2004-07-02 12:26]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" []
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2004-11-30 12:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 01:45]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 C:\WINDOWS\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-01-04 16:51]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 17:14]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 17:30]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 12:43]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 02:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-08 19:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-08 19:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-01 10:48:28]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00d245a1-6890-11d9-890e-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-14 09:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
"2007-12-11 20:29:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-14 20:24:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2005-07-24 18:04:01 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 23:29:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-14 23:30:09
C:\ComboFix2.txt ... 2007-12-12 20:09
.
2007-12-12 09:02:59 --- E O F ---

******************
******************

ComboFix 07-12-12.3 - TCRL 2007-12-14 23:27:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.637 [GMT -6:00]
Running from: C:\Documents and Settings\TCRL\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\TCRL\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\csavspnl.dll
C:\WINDOWS\system32\iygmyojv.dll
C:\WINDOWS\system32\jahpexie.ini
C:\WINDOWS\system32\jaxxoajv.dll
C:\WINDOWS\system32\kffjbqwm.ini
C:\WINDOWS\system32\khtvrrfj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\odcsalup.dll
C:\WINDOWS\system32\phywtpsh.dll
C:\WINDOWS\system32\qdwrgmyx.dll
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\stvwa.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\csavspnl.dll
C:\WINDOWS\system32\cv1
C:\WINDOWS\system32\daSgo18
C:\WINDOWS\system32\iygmyojv.dll
C:\WINDOWS\system32\jahpexie.ini
C:\WINDOWS\system32\jaxxoajv.dll
C:\WINDOWS\system32\kffjbqwm.ini
C:\WINDOWS\system32\khtvrrfj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\odcsalup.dll
C:\WINDOWS\system32\phywtpsh.dll
C:\WINDOWS\system32\pr12
C:\WINDOWS\system32\qdwrgmyx.dll
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\stvwa.tmp

.
((((((((((((((((((((((((( Files Created from 2007-11-15 to 2007-12-15 )))))))))))))))))))))))))))))))
.

2007-12-12 20:37 . 2007-12-12 20:37 <DIR> d-------- C:\Program Files\Java
2007-12-12 20:37 . 2007-12-12 20:37 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-12 20:37 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-12 20:19 . 2007-12-12 20:19 3,576 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-12 19:46 . 2007-12-12 19:46 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-12 18:18 . 2007-12-12 18:18 <DIR> d-------- C:\VundoFix Backups
2007-12-08 19:49 . 2007-12-14 08:00 <DIR> d-------- C:\Documents and Settings\TCRL\Application Data\AVG7
2007-12-08 19:48 . 2007-12-08 19:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-08 19:48 . 2007-12-08 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 19:48 . 2007-12-08 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-08 03:24 . 2007-12-08 03:24 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-08 03:17 . 2007-12-08 18:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-08 03:17 . 2007-12-08 03:17 <DIR> d-------- C:\Documents and Settings\TCRL\Application Data\SUPERAntiSpyware.com
2007-12-08 03:17 . 2007-12-08 03:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-07 20:06 . 2007-12-07 21:44 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-07 19:55 . 2007-12-08 06:16 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2007-12-07 19:44 . 2007-12-07 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-12-07 19:38 . 2007-12-07 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2007-12-07 13:48 . 2002-09-17 06:03 897,024 --------- C:\WINDOWS\NuNinst.exe
2007-12-07 13:48 . 2002-09-13 06:35 448,640 --a------ C:\WINDOWS\system32\drivers\bsudf.sys
2007-12-07 13:48 . 2002-09-20 09:22 74,991 --------- C:\WINDOWS\NuNinst.cfg
2007-12-07 13:48 . 2002-06-05 17:07 9,344 --a------ C:\WINDOWS\system32\drivers\bsstor.sys
2007-12-07 07:57 . 2007-12-07 07:58 <DIR> d-------- C:\Program Files\LimeWire
2007-12-04 18:20 . 2007-12-04 18:22 <DIR> d-------- C:\Program Files\18 Wheels of Steel American Long Haul
2007-12-04 12:02 . 2007-12-04 12:15 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2007-12-01 21:13 . 2007-12-07 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-01 17:20 . 2007-12-08 07:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-01 14:40 . 2007-12-07 21:41 <DIR> d--hs---- C:\WINDOWS\VENSTA
2007-11-30 23:30 . 2007-11-30 23:32 <DIR> d-------- C:\Program Files\Rigs of Rods 0.33d
2007-11-30 23:29 . 2007-11-30 23:30 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-11-30 19:06 . 2007-11-30 19:06 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-30 09:43 . 2007-12-07 07:58 <DIR> d-------- C:\Documents and Settings\TCRL\Shared
2007-11-30 09:43 . 2007-12-07 07:58 <DIR> d-------- C:\Documents and Settings\TCRL\Incomplete
2007-11-30 09:43 . 2007-12-07 07:58 <DIR> d-------- C:\Documents and Settings\TCRL\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 04:49 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-15 04:48 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-09 00:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 09:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 01:57 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd4141.sys
2007-12-07 20:03 --------- d-----w C:\Program Files\Ahead
2007-12-06 11:12 --------- d-----w C:\Documents and Settings\TCRL\Application Data\AdobeUM
2007-12-02 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-01 20:19 --------- d-----w C:\Documents and Settings\TCRL\Application Data\Uniblue
2007-11-30 23:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-05 13:02 --------- d-----w C:\Program Files\Electronic Arts
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 16:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-22 09:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 09:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-13 15:31 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-10-13 15:31 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-12 21:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 21:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-08 22:03 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-02 15:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2004-10-01 21:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2003-07-31 09:53 147,456 -c--a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 -c--a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 -c--a-w C:\WINDOWS\inf\EL2K_2K.sys
2006-02-27 21:48 152 --sh--r C:\WINDOWS\system32\08FCA72C34.sys
.

((((((((((((((((((((((((((((( [email protected]_20.09.09.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-09 20:28:20 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 04:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-11-09 20:28:30 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 04:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-11-09 22:07:32 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 05:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 15:53]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 10:40]
"Handy Backup 5.4"="C:\Program Files\Novosoft\Handy Backup\hbagent.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2004-07-02 12:26]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" []
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2004-11-30 12:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 01:45]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 C:\WINDOWS\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-01-04 16:51]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 17:14]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 17:30]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 12:43]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 02:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-08 19:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-08 19:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-01 10:48:28]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00d245a1-6890-11d9-890e-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-14 09:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
"2007-12-11 20:29:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-14 20:24:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2005-07-24 18:04:01 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 23:29:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-14 23:30:09
C:\ComboFix2.txt ... 2007-12-12 20:09
.
2007-12-12 09:02:59 --- E O F ---


********************
********************

Logfile of Trend Micro
Scan saved at 6:32:14 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\TCRL\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googl...en/preview.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9646 bytes
  • 0

#10
999Virus999

999Virus999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here is the Panda scan results (in 4 parts due to length).

Incident Status Location

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[searchportal.information.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[counter.hitslink.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.bs.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[server.iad.liveperson.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-1.txt[.hg1.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.mediaplex.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[searchportal.information.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[counter.hitslink.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.bs.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[server.iad.liveperson.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-10.txt[.hg1.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.mediaplex.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[searchportal.information.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[counter.hitslink.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.bs.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[server.iad.liveperson.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-11.txt[.hg1.hitbox.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.mediaplex.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.revenue.net/]

Edited by 999Virus999, 15 December 2007 - 08:45 PM.

  • 0

Advertisements


#11
999Virus999

999Virus999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
part 2 of panda scan

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[searchportal.information.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[counter.hitslink.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.bs.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[server.iad.liveperson.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-2.txt[.hg1.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.mediaplex.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[searchportal.information.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[counter.hitslink.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.bs.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[server.iad.liveperson.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-3.txt[.hg1.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.mediaplex.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[searchportal.information.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[counter.hitslink.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.bs.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[server.iad.liveperson.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-4.txt[.hg1.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.mediaplex.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[searchportal.information.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[counter.hitslink.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.as-us.falkag.net/]
  • 0

#12
999Virus999

999Virus999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
part 3

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.bs.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[server.iad.liveperson.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-5.txt[.hg1.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.mediaplex.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[searchportal.information.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[counter.hitslink.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.bs.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[server.iad.liveperson.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-6.txt[.hg1.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.mediaplex.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[searchportal.information.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[counter.hitslink.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.xiti.com/]
  • 0

#13
999Virus999

999Virus999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
and part 4 (OMG this is long - is that bad?)

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.bs.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[server.iad.liveperson.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-7.txt[.hg1.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.mediaplex.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[searchportal.information.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[counter.hitslink.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.bs.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[server.iad.liveperson.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-8.txt[.hg1.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.mediaplex.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[searchportal.information.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[counter.hitslink.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.bs.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[server.iad.liveperson.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TCRL\Application Data\Mozilla\Firefox\Profiles\xzvuwuq2.default\cookies-9.txt[.hg1.hitbox.com/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\TCRL\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\TCRL\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TCRL\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
  • 0

#14
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,662 posts
Everything is looking good, well except for the cookie collection. :)
ATF cleaner will take care of those cookies:

When you open ATF;

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

How is everything running????
  • 0

#15
999Virus999

999Virus999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Cookies have been cleaned. The stuff that Panda found - not too important?

It is running much better. I no longer have processes running that seem to take up 20-40% of my resources, programs no longer hang and I dont get mysterious little error messages. Its a big improvement - and I learned a little too.

Now its going to get an overhaul - I just have to decide on either SLI or Crossfire / dual or quad. :)

Thank you so much - I will donate to your cause so you keep helping people like me.

This is the best forum I have encountered for comp stuff.

THANKS
9V9
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP