Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SYSTEMERRORFIX [CLOSED]


  • This topic is locked This topic is locked

#1
badmelvin

badmelvin

    New Member

  • Member
  • Pip
  • 6 posts
it escaped all my spareware killers-cant shake this one please help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:58 AM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\StopHid.exe
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\PestPatrol\ppmemcheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Devin\Start Menu\Programs\Maintance\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prague.tv/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {08A8068E-53D1-42B2-B197-6D568843721F} - C:\WINDOWS\system32\geBtqRKE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {E355498E-72DE-4452-97BF-02C1A252629D} - C:\WINDOWS\system32\khfGvUKC.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Refresh Bar - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - C:\Program Files\Refresh Bar\IERefresh.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [CNYHKey] CNYHKey.exe
O4 - HKLM\..\Run: [StopHid] StopHid.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll
O9 - Extra 'Tools' menuitem: Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200701451890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: geBtqRKE - C:\WINDOWS\SYSTEM32\geBtqRKE.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Devin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9156 bytes
  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi badmelvin,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
ComboFix
SmitfraudFix (by S!Ri)

Start the Smitfraud scan:
  • Double-click SmitfraudFix.exe
  • Select option #1 - Search by typing 1 and press "Enter". A text file will appear, which lists infected files (if present). It is saved as C:\rapport.txt
  • Please copy/paste the content of that file into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm


Run ComboFix:
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please post the text from C:\rapport.txt & C:\Combofix.txt
Cheers,

sage5
  • 0

#3
badmelvin

badmelvin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
sage5
Thanks so much for your speedy help.
I actually ran the second one (combofix) first because I didnt think SmitfraudFix.exe was going to work, but it did. Not sure if this makes a difference... Popups seem to have stop but I havent opened IE yet :)
Here is SmitfraudFix.exe report:


SmitFraudFix v2.314

Scan done at 15:57:19.54, Fri 04/18/2008
Run from C:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\StopHid.exe
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Devin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Devin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Devin\MYDOCU~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/Devin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/Devin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3DC62886-88B7-4853-B8C5-119710C4D0F1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9AE26FFD-AE45-406C-A9D8-37F482D2E3CD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3DC62886-88B7-4853-B8C5-119710C4D0F1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9AE26FFD-AE45-406C-A9D8-37F482D2E3CD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3DC62886-88B7-4853-B8C5-119710C4D0F1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9AE26FFD-AE45-406C-A9D8-37F482D2E3CD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


And here is ComboFix report:

ComboFix 08-04-17.1 - Devin 2008-04-18 14:21:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.135 [GMT 2:00]
Running from: C:\Documents and Settings\Devin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\CKUvGfhk.ini
C:\WINDOWS\system32\CKUvGfhk.ini2
C:\WINDOWS\system32\fclhntrk.ini
C:\WINDOWS\system32\geBtqRKE.dll
C:\WINDOWS\system32\jclugwos.dll
C:\WINDOWS\system32\khfGvUKC.dll
C:\WINDOWS\system32\krtnhlcf.dll
C:\WINDOWS\system32\sowgulcj.ini
C:\WINDOWS\system32\ssqRJAtU.dll
C:\WINDOWS\system32\UtAJRqss.ini
C:\WINDOWS\system32\UtAJRqss.ini2
C:\WINDOWS\system32\wvUkJCro.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2030-08-31 02:38 . 2006-11-23 20:55 <DIR> d-------- C:\Program Files\ESET
2030-08-31 02:38 . 2030-08-31 02:38 245,760 --a------ C:\WINDOWS\system32\imon.dll
2030-08-31 02:38 . 2030-08-31 02:38 114,688 --a------ C:\WINDOWS\system32\nms32.dll
2030-08-31 02:38 . 2030-08-31 02:38 442 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-04-18 14:18 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-18 14:18 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-18 14:18 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-18 14:18 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-18 14:18 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-18 14:16 . 2008-04-18 14:11 1,308,557 --a------ C:\SmitfraudFix.exe
2008-04-18 14:15 . 2008-04-18 14:18 <DIR> d-------- C:\SmitfraudFix
2008-04-18 14:15 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-18 14:15 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-18 05:33 . 2008-04-18 05:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-17 16:57 . 2008-04-17 16:57 <DIR> d-------- C:\Program Files\iTunes
2008-04-17 16:57 . 2008-04-17 16:57 <DIR> d-------- C:\Program Files\iPod
2008-04-17 16:55 . 2008-04-17 16:55 <DIR> d-------- C:\Program Files\QuickTime
2008-04-17 16:39 . 2008-04-17 16:39 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-17 06:14 . 2008-04-17 18:29 <DIR> d-------- C:\Program Files\IBP 9
2008-04-17 00:17 . 2008-04-17 00:17 32,768 --a------ C:\WINDOWS\AutoUpdateWin33.exe
2008-04-17 00:13 . 2008-04-17 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-04-16 21:16 . 2008-04-17 06:13 <DIR> d-------- C:\Program Files\IBP 10
2008-04-16 21:16 . 2008-04-17 18:34 <DIR> d-------- C:\Documents and Settings\Devin\Application Data\IBP
2008-04-15 02:57 . 2008-04-17 18:36 <DIR> d-------- C:\Program Files\e-Campaign 6
2008-04-15 02:57 . 2008-04-17 00:22 <DIR> d-------- C:\Documents and Settings\Devin\Application Data\e-Campaign
2008-04-13 19:07 . 2008-04-13 19:07 21,176 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-12 02:28 . 2008-04-12 02:28 131 --a------ C:\WINDOWS\mix-fx.ini
2008-04-12 01:42 . 2008-04-12 01:42 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-04-12 01:41 . 2008-04-12 01:41 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-04-12 01:40 . 2008-04-12 01:40 <DIR> d-------- C:\Program Files\Macromedia
2008-04-12 01:02 . 2008-04-12 01:02 <DIR> d-------- C:\Program Files\Mix-FX
2008-04-12 00:49 . 2008-04-12 00:49 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-04-12 00:49 . 2008-04-12 00:49 <DIR> d-------- C:\Program Files\TechSmith
2008-04-12 00:49 . 2006-06-14 21:13 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-04-11 20:08 . 2008-04-11 22:03 19 --a------ C:\Documents and Settings\Devin\~datefaker.ini
2008-04-08 20:20 . 2008-04-18 14:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 20:20 . 2008-04-08 20:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 06:54 . 2008-04-03 10:33 <DIR> d-------- C:\Program Files\WDE
2008-04-03 06:03 . 2008-04-03 10:40 <DIR> d-------- C:\Program Files\Web Data Extractor 4.3
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-20 16:07 . 2008-04-17 16:43 <DIR> d-------- C:\Program Files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-08-31 00:38 300,048 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-04-18 02:39 --------- d-----w C:\Program Files\PestPatrol
2008-04-14 20:50 --------- d-----w C:\Program Files\Group Mail
2008-04-13 17:01 --------- d-----w C:\Documents and Settings\Devin\Application Data\Apple Computer
2008-04-11 23:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 20:47 --------- d-----w C:\Program Files\Advanced Email Extractor PRO
2008-04-05 10:11 --------- d-----w C:\Documents and Settings\Alice\Application Data\Skype
2008-04-03 03:17 --------- d-----w C:\Program Files\Lencom Software Inc
2008-04-03 03:17 --------- d-----w C:\Program Files\Common Files\LencomShare
2008-04-03 00:08 94,817 ----a-w C:\Program Files\Common Files\Engines.lnl
2008-03-27 01:59 --------- d-----w C:\Documents and Settings\Devin\Application Data\Skype
2008-03-23 21:39 --------- d-----w C:\Program Files\7-Zip
2008-03-23 21:27 --------- d-----w C:\Program Files\CoolMenu
2008-03-17 20:49 --------- d-----w C:\Documents and Settings\Devin\Application Data\AdobeUM
2008-03-16 23:21 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-16 23:19 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-03-06 17:32 --------- d-----w C:\Program Files\Avanquest update
2008-03-06 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-06 17:30 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-06 17:30 --------- d-----w C:\Documents and Settings\Devin\Application Data\InstallShield
2008-03-06 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-06 15:58 --------- d-----w C:\Program Files\T-Mobile
2008-02-10 12:32 19,552 ----a-w C:\Documents and Settings\Alice\Application Data\GDIPFONTCACHEV1.DAT
2008-01-30 21:42 19,552 ----a-w C:\Documents and Settings\Devin\Application Data\GDIPFONTCACHEV1.DAT
2007-04-25 03:25 1,205,365 ----a-w C:\Program Files\wrar361.exe
2006-08-13 21:30 182 ----a-w C:\Program Files\readme.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 14:14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-14 03:24 913408]
"CHotkey"="mHotkey.exe" [2004-02-23 23:41 539136 C:\WINDOWS\mHotkey.exe]
"CNYHKey"="CNYHKey.exe" [2004-02-23 23:40 338944 C:\WINDOWS\CNYHKey.exe]
"StopHid"="StopHid.exe" [2004-02-23 23:41 40960 C:\WINDOWS\StopHid.exe]
"CreativeMouse "="C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe" [2003-08-01 06:03 499712]
"PPMemCheck"="c:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-03 00:11 148480]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-14 20:28 180269]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 2004-10-14 03:29 102400 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtqRKE]
geBtqRKE.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Microsoft Outlook"=C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE Outlook:Inbox /recycle
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"C:\\Documents and Settings\\Devin\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=
"C:\\Program Files\\tswebeditor\\tswebeditor.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\IBP 10\\IBP.exe"=
"C:\\Program Files\\IBP 9\\IBP.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 Ethpdrv;Ethernet Packet Driver;C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 01:18]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2004-08-05 01:58]
R3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys [2004-08-05 01:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{203f34dd-f3c1-11db-a637-000129d434df}]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{773480ec-4741-11db-a586-000129d434df}]
\Shell\AutoRun\command - H:\SafeGuard\Windows\SafeGuard20.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-17 14:39:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-18 04:00:02 C:\WINDOWS\Tasks\SyncBack Devin.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
"2008-04-18 04:15:20 C:\WINDOWS\Tasks\SyncBack Drive C Backup.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
"2008-04-18 04:52:17 C:\WINDOWS\Tasks\SyncBack Drive E Backup.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 14:35:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\DigitalPersona\Bin\DpOFeedb.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-04-18 14:48:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-18 12:47:30

Pre-Run: 28,621,762,560 bytes free

And Hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:58 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\StopHid.exe
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prague.tv/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Refresh Bar - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - C:\Program Files\Refresh Bar\IERefresh.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [CNYHKey] CNYHKey.exe
O4 - HKLM\..\Run: [StopHid] StopHid.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll
O9 - Extra 'Tools' menuitem: Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200701451890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: geBtqRKE - geBtqRKE.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Devin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9331 bytes
  • 0

#4
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi badmelvin,


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O2 - BHO: (no name) - {08A8068E-53D1-42B2-B197-6D568843721F} - C:\WINDOWS\system32\geBtqRKE.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {E355498E-72DE-4452-97BF-02C1A252629D} - C:\WINDOWS\system32\khfGvUKC.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O20 - Winlogon Notify: geBtqRKE - C:\WINDOWS\SYSTEM32\geBtqRKE.dll

  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Remove folders & files:
  • Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these folders, (if present):
    C:\Program Files\IBP 9
    C:\Program Files\IBP 10
  • Delete these files, (if present):
    C:\WINDOWS\AutoUpdateWin33.exe


Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to C:\active_scan.txt
  • Post the contents of the TotalScan report


Cheers,

sage5
  • 0

#5
badmelvin

badmelvin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
one question- Why is it necessary to remove IBP 9? This is my optimizing software- can it be reinstallled after this is all finieshed.
  • 0

#6
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
You can leave that in place, just continue on with the rest of the instructions
  • 0

#7
badmelvin

badmelvin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok here is the Panda Total Scan and with 78 infections!!!!

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-21 01:31:10
PROTECTIONS: 1
MALWARE: 78
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Eset NOD32 Antivirus 2.0 2.0 Yes No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00047467 Trj/Qhost.gen Virus/Trojan No 0 Yes No F:\zaloha\WINDOWS\system32\drivers\etc\hosts
00055522 Eicar.Mod Virus No 0 No No F:\zaloha\Program Files\PestPatrol\Help.chm[/HowCanITestDetection.html]
00055522 Eicar.Mod Virus No 0 No No C:\Program Files\PestPatrol\Help.chm[/HowCanITestDetection.html]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114155410.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061204041239.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080203132710.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061126194050.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080314010055.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080314010055.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061126194050.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080203132710.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114155410.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061204041239.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{64543C3C-5CEF-4EA2-85F7-31A34CAC01C3}\RP457\A0094426.exe
00139535 Application/Processor HackTools No 0 Yes No C:\SmitfraudFix\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\SmitfraudFix\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080314010055.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114155410.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061204041239.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061126194050.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114155410.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080203132710.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061126194050.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114155410.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061126194050.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080203132710.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061204041239.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061204041239.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061204041239.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080203132710.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20060919093450.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114155410.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080203132710.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070428055703.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061204041239.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Alice\Cookies\[email protected][1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\zaloha\Documents and Settings\Devin\Cookies\[email protected][1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No F:\zaloha\Documents and Settings\Alice\Cookies\[email protected][1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Alice\Cookies\[email protected][3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No F:\zaloha\Documents and Settings\Devin\Cookies\[email protected][1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Alice\Cookies\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061204041239.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080203132710.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114155410.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061126194050.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167762 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167765 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167765 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114155410.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070528203719.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061123111355.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114003642.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061126194050.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20060919093450.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080203132710.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080417213459.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061204041239.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Alice\Cookies\[email protected][2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114003642.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070918134558.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070826160359.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080203132710.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20060919093450.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Alice\Cookies\[email protected][2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061123111355.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114155410.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061114155410.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080114091550.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070509233231.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071022140732.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071109225153.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080415144950.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Alice\Cookies\[email protected][1].txt
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080203132710.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20061204041239.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][1].txt]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080215093021.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070716172936.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20070726083248.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20071228091929.zip[Documents and Settings/Devin/Cookies/[email protected][2].txt]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20080203132710.zip[Documents an
  • 0

#8
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
That log file got cut off before the end.
Please attach the file instead using the Browse button, at the bottom of the Reply window, to locate the file.
Then click the Green UPLOAD button to attach it to your next reply.
  • 0

#9
badmelvin

badmelvin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I thought I posted this already but now I see it isnt there... here you go...

Attached Files


  • 0

#10
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi badmelvin,


Create a CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:
File::
F:\zaloha\WINDOWS\system32\drivers\etc\hosts
F:\zaloha\WINDOWS\system32\xp215933.dll
F:\zaloha\WINDOWS\svchv.Vexe
F:\zaloha\WINDOWS\system32\winmgmt32.dll
F:\zaloha\WINDOWS\system32\KB681499.exe

  • Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
    Posted Image
  • After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#11
badmelvin

badmelvin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Done, here the reports-

combo fix:
ComboFix 08-05-01.3 - Devin 2008-05-05 17:21:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.164 [GMT 2:00]
Running from: C:\Documents and Settings\Devin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Devin\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
F:\zaloha\WINDOWS\svchv.Vexe
F:\zaloha\WINDOWS\system32\drivers\etc\hosts
F:\zaloha\WINDOWS\system32\KB681499.exe
F:\zaloha\WINDOWS\system32\winmgmt32.dll
F:\zaloha\WINDOWS\system32\xp215933.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\zaloha\WINDOWS\svchv.Vexe
F:\zaloha\WINDOWS\system32\drivers\etc\hosts
F:\zaloha\WINDOWS\system32\KB681499.exe
F:\zaloha\WINDOWS\system32\winmgmt32.dll
F:\zaloha\WINDOWS\system32\xp215933.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2030-08-31 02:38 . 2006-11-23 20:55 <DIR> d-------- C:\Program Files\ESET
2030-08-31 02:38 . 2030-08-31 02:38 245,760 --a------ C:\WINDOWS\system32\imon.dll
2030-08-31 02:38 . 2030-08-31 02:38 114,688 --a------ C:\WINDOWS\system32\nms32.dll
2030-08-31 02:38 . 2030-08-31 02:38 442 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-04-24 22:08 . 2008-04-18 14:10 1,770,815 --a------ C:\Program Files\ComboFix.exe
2008-04-21 01:27 . 2008-04-21 01:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-19 17:40 . 2008-04-19 17:40 <DIR> d-------- C:\Program Files\Panda Security
2008-04-19 17:27 . 2008-04-19 17:29 23,110 --a------ C:\WINDOWS\system32\productregistry
2008-04-19 15:53 . 2008-04-19 15:53 <DIR> d-------- C:\Sun
2008-04-18 16:05 . 2008-04-18 16:05 2,108 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-18 14:16 . 2008-04-18 14:11 1,308,557 --a------ C:\SmitfraudFix.exe
2008-04-18 14:15 . 2008-04-18 15:54 <DIR> d-------- C:\SmitfraudFix
2008-04-18 05:33 . 2008-04-18 05:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-17 16:57 . 2008-04-17 16:57 <DIR> d-------- C:\Program Files\iTunes
2008-04-17 16:57 . 2008-04-17 16:57 <DIR> d-------- C:\Program Files\iPod
2008-04-17 16:55 . 2008-04-17 16:55 <DIR> d-------- C:\Program Files\QuickTime
2008-04-17 16:39 . 2008-04-17 16:39 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-17 06:14 . 2008-04-17 18:29 <DIR> d-------- C:\Program Files\IBP 9
2008-04-17 00:13 . 2008-04-17 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-04-16 21:16 . 2008-04-21 22:15 <DIR> d-------- C:\Documents and Settings\Devin\Application Data\IBP
2008-04-15 02:57 . 2008-04-17 18:36 <DIR> d-------- C:\Program Files\e-Campaign 6
2008-04-15 02:57 . 2008-04-17 00:22 <DIR> d-------- C:\Documents and Settings\Devin\Application Data\e-Campaign
2008-04-13 19:07 . 2008-04-13 19:07 21,176 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-12 02:28 . 2008-04-12 02:28 131 --a------ C:\WINDOWS\mix-fx.ini
2008-04-12 01:02 . 2008-04-12 01:02 <DIR> d-------- C:\Program Files\Mix-FX
2008-04-12 00:49 . 2008-04-12 00:49 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-04-12 00:49 . 2008-04-12 00:49 <DIR> d-------- C:\Program Files\TechSmith
2008-04-12 00:49 . 2006-06-14 21:13 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-04-11 20:08 . 2008-04-28 23:54 19 --a------ C:\Documents and Settings\Devin\~datefaker.ini
2008-04-08 20:20 . 2008-05-05 14:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 20:20 . 2008-04-08 20:20 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-08-31 00:38 300,048 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-05-05 00:12 --------- d-----w C:\Program Files\PestPatrol
2008-05-02 11:29 --------- d-----w C:\Documents and Settings\Devin\Application Data\Skype
2008-04-29 13:36 --------- d-----w C:\Program Files\Winamp
2008-04-28 22:08 --------- d-----w C:\Program Files\Group Mail
2008-04-19 15:11 --------- d-----w C:\Program Files\Java
2008-04-17 14:43 --------- d-----w C:\Program Files\Safari
2008-04-13 17:01 --------- d-----w C:\Documents and Settings\Devin\Application Data\Apple Computer
2008-04-11 23:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 20:47 --------- d-----w C:\Program Files\Advanced Email Extractor PRO
2008-04-05 10:11 --------- d-----w C:\Documents and Settings\Alice\Application Data\Skype
2008-04-03 08:40 --------- d-----w C:\Program Files\Web Data Extractor 4.3
2008-04-03 08:33 --------- d-----w C:\Program Files\WDE
2008-04-03 03:17 --------- d-----w C:\Program Files\Lencom Software Inc
2008-04-03 03:17 --------- d-----w C:\Program Files\Common Files\LencomShare
2008-04-03 00:08 94,817 ----a-w C:\Program Files\Common Files\Engines.lnl
2008-03-23 21:39 --------- d-----w C:\Program Files\7-Zip
2008-03-23 21:27 --------- d-----w C:\Program Files\CoolMenu
2008-03-17 20:49 --------- d-----w C:\Documents and Settings\Devin\Application Data\AdobeUM
2008-03-16 23:21 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-16 23:19 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-03-06 17:32 --------- d-----w C:\Program Files\Avanquest update
2008-03-06 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-06 17:30 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-06 17:30 --------- d-----w C:\Documents and Settings\Devin\Application Data\InstallShield
2008-03-06 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-06 15:58 --------- d-----w C:\Program Files\T-Mobile
2008-02-10 12:32 19,552 ----a-w C:\Documents and Settings\Alice\Application Data\GDIPFONTCACHEV1.DAT
2008-01-30 21:42 19,552 ----a-w C:\Documents and Settings\Devin\Application Data\GDIPFONTCACHEV1.DAT
2007-04-25 03:25 1,205,365 ----a-w C:\Program Files\wrar361.exe
2006-08-13 21:30 182 ----a-w C:\Program Files\readme.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 14:14 68856]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-14 03:24 913408]
"CHotkey"="mHotkey.exe" [2004-02-23 23:41 539136 C:\WINDOWS\mHotkey.exe]
"CNYHKey"="CNYHKey.exe" [2004-02-23 23:40 338944 C:\WINDOWS\CNYHKey.exe]
"StopHid"="StopHid.exe" [2004-02-23 23:41 40960 C:\WINDOWS\StopHid.exe]
"CreativeMouse "="C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe" [2003-08-01 06:03 499712]
"PPMemCheck"="c:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-03 00:11 148480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-14 20:28 180269]

C:\Documents and Settings\Devin\Start Menu\Programs\Startup\
SDK Tray Menu.lnk - C:\Sun\SDK\jdk\bin\javaw.exe [2008-04-19 17:26:54 135168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 2004-10-14 03:29 102400 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.l3codec"= l3codecp.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Microsoft Outlook"=C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE Outlook:Inbox /recycle
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"C:\\Documents and Settings\\Devin\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=
"C:\\Program Files\\tswebeditor\\tswebeditor.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\IBP 9\\IBP.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AppServer9PE;SunJavaSystemAppserver9PE;C:\Sun\SDK\lib\appservService.exe "\"C:\Sun\SDK\bin\asadmin.bat\" start-domain --user admin domain1" "\"C:\Sun\SDK\bin\asadmin.bat\" stop-domain domain1\" []
R2 Ethpdrv;Ethernet Packet Driver;C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 01:18]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2004-08-05 01:58]
R3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys [2004-08-05 01:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{203f34dd-f3c1-11db-a637-000129d434df}]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{773480ec-4741-11db-a586-000129d434df}]
\Shell\AutoRun\command - H:\SafeGuard\Windows\SafeGuard20.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 13:13:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-05 04:00:04 C:\WINDOWS\Tasks\SyncBack Devin.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
"2008-05-05 04:15:10 C:\WINDOWS\Tasks\SyncBack Drive C Backup.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
"2008-05-05 04:52:29 C:\WINDOWS\Tasks\SyncBack Drive E Backup.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 17:26:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-05-05 17:33:27
ComboFix-quarantined-files.txt 2008-05-05 15:33:08

Pre-Run: 31,862,501,376 bytes free
Post-Run: 32,073,170,944 bytes free

185

And Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:38 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Sun\SDK\lib\appservService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Sun\SDK\jdk\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\StopHid.exe
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prague.tv/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Refresh Bar - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - C:\Program Files\Refresh Bar\IERefresh.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [CNYHKey] CNYHKey.exe
O4 - HKLM\..\Run: [StopHid] StopHid.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: SDK Tray Menu.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll
O9 - Extra 'Tools' menuitem: Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200701451890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - C:\Sun\SDK\lib\appservService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Devin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8199 bytes
  • 0

#12
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi badmelvin,


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O4 - HKLM\..\Run: [StopHid] StopHid.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Devin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Reboot into Safe Mode:
  • Restart your Computer
  • As soon as it starts to boot up, tap your F8 key repeatedly.
  • This should bring up the Windows Advanced Options Menu.
  • Use your arrow keys to select Safe Mode and click the Enter key.


Remove folders & files:
  • Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these files, (if present):
    C:\WINDOWS\StopHid.exe
    C:\WINDOWS\system32\mlfcache.dat


You don't appear to be running a 3rd party firewall. These are essential to protect from trojans, viruses, spyware etc.

You should check out:- Comodo Firewall Pro or Sunbelt Personal Firewall

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

Sunbelt Manual Here

Both are simple to install & free to use.
Please install only 1

I need you to post me a fresh HijackThis log to confirm correct installation of the Firewall.

Cheers,

sage5
  • 0

#13
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP