ComboFix 08-01-10.2 - Anwar Huneidi 2008-01-11 2:27:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247 [GMT -8:00]
Running from: C:\Documents and Settings\Anwar Huneidi\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:C:\WINDOWS\system32\sockspy.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Anwar Huneidi\Application Data\macromedia\Flash Player\#SharedObjects\KCAQGE7A\www.broadcaster.com
C:\Documents and Settings\Anwar Huneidi\Application Data\macromedia\Flash Player\#SharedObjects\KCAQGE7A\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Anwar Huneidi\Application Data\macromedia\Flash Player\#SharedObjects\KCAQGE7A\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Anwar Huneidi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Anwar Huneidi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Anwar Huneidi\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Anwar Huneidi\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Anwar Huneidi\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.
2008-01-11 02:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 01:11 . 2008-01-10 01:11 <DIR> d-------- C:\Program Files\CUE Splitter
2008-01-07 01:28 . 2008-01-07 01:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-02 03:17 . 2008-01-02 03:17 1,033 --a------ C:\Ugxu.exe
2008-01-02 03:17 . 2008-01-02 03:17 1,033 --a------ C:\iIbs.exe
2007-12-28 23:40 . 2007-12-28 23:40 <DIR> d-------- C:\Program Files\RcvSystem
2007-12-26 20:49 . 2007-12-26 20:49 <DIR> d-------- C:\Program Files\Comcast
2007-12-26 20:49 . 2007-12-26 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-26 20:49 . 2007-05-17 13:43 15,086 --a------ C:\WINDOWS\ComcastWebmail.ico
2007-12-26 20:46 . 2007-12-26 20:46 1,140 --a------ C:\net_save.dna
2007-12-26 20:45 . 2007-12-26 20:45 <DIR> d-------- C:\Program Files\support.com
2007-12-26 20:45 . 2007-12-26 20:45 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-12-23 23:32 . 2007-12-23 23:32 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-23 23:32 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-23 03:26 . 2007-12-23 03:26 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\DivX
2007-12-20 18:37 . 2008-01-10 13:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 18:37 . 2007-12-20 18:37 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 10:34 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-01-10 22:41 --------- d-----w C:\Documents and Settings\Anwar Huneidi\Application Data\Azureus
2008-01-09 23:03 --------- d-----w C:\Program Files\World of Warcraft
2007-12-25 07:36 --------- d-----w C:\Program Files\Azureus
2007-12-24 07:32 --------- d-----w C:\Program Files\Java
2007-12-11 23:14 --------- d-----w C:\Program Files\Winamp
2007-12-09 12:09 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-08 20:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-07 22:22 --------- d-----w C:\Program Files\iTunes
2007-12-07 22:21 --------- d-----w C:\Program Files\iPod
2007-12-07 22:18 --------- d-----w C:\Program Files\QuickTime
2007-11-25 12:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-25 12:05 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-25 06:22 --------- d-----w C:\Documents and Settings\Anwar Huneidi\Application Data\SUPERAntiSpyware.com
2007-11-25 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-24 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-24 21:46 --------- d-----w C:\Program Files\Microsoft Works
2007-11-24 21:45 --------- d-----w C:\Program Files\MSBuild
2007-11-24 05:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-20 12:11 --------- d-----w C:\Documents and Settings\Administrator.ANWAR\Application Data\Bitdefender
2007-11-17 03:08 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 07:25 8,454,584 ----a-w C:\winamp55_full_emusic-7plus_en-us.exe
2007-10-31 21:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-01-19 09:57 92,064 -c--a-w C:\Documents and Settings\Anwar Huneidi\mqdmmdm.sys
2007-01-19 09:57 9,232 -c--a-w C:\Documents and Settings\Anwar Huneidi\mqdmmdfl.sys
2007-01-19 09:57 79,328 -c--a-w C:\Documents and Settings\Anwar Huneidi\mqdmserd.sys
2007-01-19 09:57 66,656 -c--a-w C:\Documents and Settings\Anwar Huneidi\mqdmbus.sys
2007-01-19 09:57 6,208 -c--a-w C:\Documents and Settings\Anwar Huneidi\mqdmcmnt.sys
2007-01-19 09:57 5,936 -c--a-w C:\Documents and Settings\Anwar Huneidi\mqdmwhnt.sys
2007-01-19 09:57 4,048 -c--a-w C:\Documents and Settings\Anwar Huneidi\mqdmcr.sys
2007-01-19 09:57 25,600 -c--a-w C:\Documents and Settings\Anwar Huneidi\usbsermptxp.sys
2007-01-19 09:57 22,768 -c--a-w C:\Documents and Settings\Anwar Huneidi\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
C:\Program Files\QdrDrive\QdrDrive8.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-04-14 02:24 69632]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 04:00 158208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-06 21:06 5181440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Anwar Huneidi^Start Menu^Programs^Startup^Anapod Manager.lnk]
path=C:\Documents and Settings\Anwar Huneidi\Start Menu\Programs\Startup\Anapod Manager.lnk
backup=C:\WINDOWS\pss\Anapod Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2007-04-19 14:21 198184 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-03-06 21:06 5181440 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-01-19 23:09 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule10]
C:\Program Files\QdrModule\QdrModule10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]
C:\Program Files\QdrPack\QdrPack11.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 13:12 1266936 c:\program files\valve\steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-09 21:28 36352 C:\Program Files\Winamp\winampa.exe
R1 bdftdif;BitDefender Firewall TDI Filter;C:\Program Files\Common Files\Softwin\BitDefender Firewall\bdftdif.sys [2007-02-15 08:41]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-15 07:41]
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 12:12]
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 09:11]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0d30784-8a7f-11dc-8c79-000d87bc707c}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F3E5D49A-C1F4-FFD8-651F-7DED939481DF}]
C:\WINDOWS: .exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 20:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 19:20:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-11 02:34:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\sockspy.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\sockspy.dll
.
Completion time: 2008-01-11 2:35:00
ComboFix-quarantined-files.txt 2008-01-11 10:34:33
.
2007-12-22 11:04:17 --- E O F ---
----------------------------------------------------------------------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 01/11/2008 at 03:37 AM
Application Version : 3.9.1008
Core Rules Database Version : 3349
Trace Rules Database Version: 1349
Scan type : Complete Scan
Total Scan Time : 00:57:50
Memory items scanned : 437
Memory threats detected : 0
Registry items scanned : 5393
Registry threats detected : 10
File items scanned : 35688
File threats detected : 78
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{875A1348-7674-42aa-ADAC-B4F36A004A2D}
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}#AppID
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\InprocServer32
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\InprocServer32#ThreadingModel
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\ProgID
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\TypeLib
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\VersionIndependentProgID
C:\PROGRAM FILES\QDRDRIVE\QDRDRIVE8.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{32F4080D-E1F0-402B-8442-7BC3795FE35E}\RP288\A0285452.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@findwhat[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@tradedoubler[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@eyewonder[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@hitbox[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@revsci[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@doubleclick[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@cgi-bin[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@enhance[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@redorbit[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@burstnet[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@90874191[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@2o7[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@adultadworld[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@adrevolver[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@html[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@trafficmp[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@sextracker[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@entrepreneur[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@specificclick[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@bluestreak[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@mediaplex[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@realmedia[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@adbrite[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@atdmt[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@adrevolver[3].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@mediatraffic[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@web-stat[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@fastclick[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@atwola[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@exitexchange[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@casalemedia[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@tribalfusion[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@questionmarket[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@interclick[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@cgi-bin[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@adlegend[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@statcounter[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@advertising[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@roiservice[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@apmebf[2].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@adserver[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@zedo[1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar
[email protected][1].txt
C:\Documents and Settings\Anwar Huneidi\Cookies\anwar huneidi@traffic-tracker[2].txt
Adware.Vundo-Variant/Small
C:\SYSTEM VOLUME INFORMATION\_RESTORE{32F4080D-E1F0-402B-8442-7BC3795FE35E}\RP254\A0216086.DLL
----------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:14 AM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1005.cabO16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 4949 bytes
think i did everything right, well let me know what to do next
thanks
Edited by blakh, 11 January 2008 - 06:17 AM.