Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

not really sure, it started with blacksterscr [CLOSED]

Started by littleshu , May 28 2008 04:02 PM

  • This topic is locked This topic is locked

#1
littleshu
Posted 28 May 2008 - 04:02 PM

littleshu

    New Member

  • Member
  • Pip
  • 6 posts
i was really stupid and downloaded and ran an exe form a non trustworthy website. i cant really say one symptom at first it disabled my task manager and my windows automatic updates. It also tried to change a bunch of thing in my registry. it also wont let me shut down. and sometimes it will just start loading websites.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:59 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GIMP-2.0\bin\gimp-2.4.exe
C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Minesweeper.lnk = C:\WINDOWS\system32\winmine.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6574 bytes
  • 0

Advertisements

#2
koko_crunch
Posted 29 May 2008 - 11:14 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello littleshu and Welcome to Geeks to Go!

Sorry for the delay, busy week.

Looking at your log, I found signs of malware on your system.
Please stick with me until we get you cleaned up. :)

Please read this post completely before proceeding with the fix.
If you have questions, don't hesitate to ask.

Let's start.

First,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Finally,

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please post back with the following logs.

- MBAM log
- SDfix log
- Vundofix log
- New HijackThis log
  • 0

#3
littleshu
Posted 29 May 2008 - 12:52 PM

littleshu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
i have spybot s and d , and it keeps popping up with mljypNda is trying to change something, should i allow it?

Edited by littleshu, 29 May 2008 - 02:09 PM.

  • 0

#4
littleshu
Posted 29 May 2008 - 02:44 PM

littleshu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:37 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\ryan\Desktop\VundoFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Minesweeper.lnk = C:\WINDOWS\system32\winmine.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7127 bytes


here is the malwarebytes log

Malwarebytes' Anti-Malware 1.12
Database version: 799

Scan type: Quick Scan
Objects scanned: 45492
Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 33
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\khfCvVnO.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\naqmavke.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mlJYpNda.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{181e7381-adb7-4e52-a688-007fce085d7b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{181e7381-adb7-4e52-a688-007fce085d7b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{057299d6-7edb-47b8-934c-ed17535a501c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c54613a-a5ec-461b-9643-6f18598036a8} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{321fe2f3-d621-4fc2-97e6-f03b1e106163} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3510aa0d-c620-42a7-bca4-5424e887bfbe} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e4fbca2-cf8f-4897-ac8b-ad3fb68dd794} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{423e470a-efec-4b61-80df-7cebaea33912} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{465cd1ab-1a0e-4644-a818-4eea483137f1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48f5a09e-1f9a-45f6-9028-d3d4af690727} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9946c825-9e64-4cbb-99c3-d853a4ccb6d5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9b3f8419-b82f-439c-8d5c-0cf7b9ae00aa} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aef1cb9f-75c1-43d0-944d-773beb807c4e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bdabfcde-65ab-4fd8-9dd5-b250cabdc4b2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d74eb6f1-1c83-4d06-9dac-b6be82c5fe70} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eebd5970-8e94-4e4d-a2c8-124cb9b5ebac} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f928fa33-fdf8-4332-a626-ca9f7d12e5ad} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ffa41a18-f50e-459e-80b7-6ea78ad9d365} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3fb89201-04de-4430-b5c6-fd57ea654e56} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bcbeb0eb-744a-4f05-99a5-636b721c318e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bcbeb0eb-744a-4f05-99a5-636b721c318e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljypnda (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{698930f0-b033-46dc-82f8-8b6dd6bf84c3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{109c6d5d-2e6b-48ca-9584-4691aeea8fbf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\atfxqogp.bgsq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\78896bc5 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bcbeb0eb-744a-4f05-99a5-636b721c318e} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfcvvno -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfcvvno -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\khfCvVnO.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\OnVvCfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\OnVvCfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\naqmavke.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ekvamqan.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rcqgkgud.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dugkgqcr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ylsluyqn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nqyulsly.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blacksterscr.bad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmona.bad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmonb.bad (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\ryan\Local Settings\Temp\.tt66.tmp (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJYpNda.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\xmpstean.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\vregfwlx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\vltdfabw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\boqnrwdmtpe.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\atfxqogp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ryan\Local Settings\Temp\dat68.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ryan\Local Settings\Temp\msprint.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ryan\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

here is the SDFIx log

SDFix: Version 1.186
Run by ryan on Thu 05/29/2008 at 12:26 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 12:57:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:70,26,85,17,dc,76,d9,7f,ed,61,e7,e8,4e,f2,65,77,2b,bf,56,72,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a4,1a,7c,1b,05,93,ed,64,44,e6,9c,ec,98,c5,8c,da,6a,..
"khjeh"=hex:a3,9c,4a,1d,1d,01,94,dc,35,0b,ff,bf,13,dc,fb,24,6f,9b,f5,07,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,e3,e6,47,6b,82,9b,5d,89,65,1e,e8,c4,de,36,a9,12,f3,7e,89,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:a1,23,78,19,f4,fa,bd,ed,c9,a6,13,d3,c8,2a,c6,16,e7,d8,57,af,27,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:04,e9,bd,a9,8f,f4,5f,27,b0,29,bc,28,3f,c5,af,5b,4d,02,7f,61,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:fc,ad,b2,20,9c,8d,95,3b,26,ba,f5,1a,23,a1,a9,55,af,8c,ce,a0,c7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:9d,36,76,cd,cf,e9,ea,ba,51,40,80,86,90,fb,57,29,b0,c6,59,c9,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ca,2f,26,1f,53,76,98,01,de,8e,80,8f,ba,f1,9c,8d,ec,..
"khjeh"=hex:f7,53,9f,ac,e9,f9,fa,26,61,53,1b,2e,ce,cb,24,ef,0b,58,98,1d,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a7,b6,51,bb,dc,2d,71,21,de,44,56,0b,d6,e1,28,e2,e7,e4,15,5c,24,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:fc,ad,b2,20,9c,8d,95,3b,26,ba,f5,1a,23,a1,a9,55,af,8c,ce,a0,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:9d,36,76,cd,cf,e9,ea,ba,51,40,80,86,90,fb,57,29,b0,c6,59,c9,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ca,2f,26,1f,53,76,98,01,de,8e,80,8f,ba,f1,9c,8d,ec,..
"khjeh"=hex:f7,53,9f,ac,e9,f9,fa,26,61,53,1b,2e,ce,cb,24,ef,0b,58,98,1d,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:99,68,52,13,4f,3c,f6,b1,e8,a9,4a,ac,19,6c,f1,60,72,4e,86,95,42,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\UnrealTournament\\System\\UnrealTournament.exe"="C:\\UnrealTournament\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Cain\\Cain.exe"="C:\\Program Files\\Cain\\Cain.exe:*:Enabled:Cain - Password Recovery Utility"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 18 Mar 2008 8 ..SHR --- "C:\WINDOWS\system32\FC038F23A8.sys"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Thu 22 May 2008 952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 17 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 4 Jan 2008 17,170 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL0003.tmp"
Thu 10 Apr 2008 17,980 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL0004.tmp"
Sat 8 Dec 2007 19,854 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL0005.tmp"
Mon 24 Sep 2007 26,624 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL0196.tmp"
Sat 26 Jan 2008 12,602 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL0453.tmp"
Tue 29 Apr 2008 57,344 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL0498.tmp"
Fri 15 Feb 2008 17,447 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL0634.tmp"
Thu 24 Jan 2008 21,550 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL0728.tmp"
Thu 24 Jan 2008 12,025 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL1326.tmp"
Tue 29 Jan 2008 13,574 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL1523.tmp"
Wed 30 Apr 2008 58,368 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL1886.tmp"
Mon 19 May 2008 41,937 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL2584.tmp"
Mon 10 Dec 2007 20,753 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL3150.tmp"
Sat 25 Aug 2007 17,248 ...H. --- "C:\Documents and Settings\ryan\My Documents\~WRL4004.tmp"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Mon 26 Feb 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Sat 20 Aug 2005 121,237 A..HR --- "C:\Program Files\THQ\Dawn of War\Disk1Check.EXE"
Tue 17 Oct 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Mon 9 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Mon 9 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Mon 9 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Mon 9 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Mon 9 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Mon 9 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Mon 9 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Mon 9 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Mon 9 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Mon 9 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Mon 9 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Mon 9 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT5.tmp"
Thu 29 May 2008 102,344 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\676c806c6ca4616ab1e3fde1a4804a24\BIT3.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT4.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT6.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT2.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT1.tmp"
Sat 24 May 2008 857 ...HR --- "C:\Documents and Settings\ryan\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue 26 Feb 2008 662 A..H. --- "C:\Documents and Settings\ryan\Local Settings\Temp\Free Download Manager\tic1.tmp"
Tue 29 Apr 2008 96 A..H. --- "C:\Documents and Settings\ryan\Local Settings\Temp\Free Download Manager\tic96.tmp"

Finished!

and Vundofix did not find anything so there is no log.

Edited by littleshu, 29 May 2008 - 02:48 PM.

  • 0

#5
koko_crunch
Posted 30 May 2008 - 01:26 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Sorry about that. I overlooked you having Teatimer installed.
Your logs looks better. The scans took care most of the malware but we're not done yet.
SOme more cleanup is on order.

Proceeding...

First, Disable Spybot S&D (Teatimer)

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Then,

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#6
littleshu
Posted 30 May 2008 - 02:17 PM

littleshu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here is the combo fix log

ComboFix 08-05-29.1 - ryan 2008-05-30 12:55:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.599 [GMT -7:00]
Running from: C:\Documents and Settings\ryan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ryan\Application Data\macromedia\Flash Player\#SharedObjects\F7SEDU22\www.broadcaster.com
C:\Documents and Settings\ryan\Application Data\macromedia\Flash Player\#SharedObjects\F7SEDU22\www.broadcaster.com\played_list.sol
C:\Documents and Settings\ryan\Application Data\macromedia\Flash Player\#SharedObjects\F7SEDU22\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\ryan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\ryan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\khfCvVnO.dll
C:\WINDOWS\system32\mlJYpNda.dll
C:\WINDOWS\system32\naqmavke.dll
C:\WINDOWS\system32\OnVvCfhk.ini
C:\WINDOWS\system32\OnVvCfhk.ini2
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2014-08-02 21:07 . 2007-09-02 14:44 <DIR> d-------- C:\picsforlaurie
2010-07-25 20:42 . 2010-07-25 20:42 1,409 --a--c--- C:\WINDOWS\system32\tmpC6875.FOT
2010-07-25 20:42 . 2010-07-25 20:42 1,409 --a--c--- C:\WINDOWS\system32\tmp8F875.FOT
2010-07-25 20:42 . 2010-07-25 20:42 1,409 --a--c--- C:\WINDOWS\system32\tmp0C775.FOT
2010-07-25 20:42 . 2010-07-25 20:42 1,409 --a--c--- C:\WINDOWS\system32\tmp0A775.FOT
2008-05-29 13:20 . 2008-05-29 13:20 <DIR> d-------- C:\VundoFix Backups
2008-05-29 12:16 . 2008-05-29 12:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-29 11:53 . 2008-05-29 13:03 <DIR> d-------- C:\SDFix
2008-05-29 11:22 . 2008-05-29 11:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 11:22 . 2008-05-29 11:22 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\Malwarebytes
2008-05-29 11:22 . 2008-05-29 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 11:22 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 11:22 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 14:59 . 2008-05-28 14:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 19:55 . 2008-05-27 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-27 19:09 . 2008-05-27 19:55 <DIR> d-------- C:\Program Files\Uniblue
2008-05-27 19:09 . 2008-05-27 19:55 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\Uniblue
2008-05-26 21:38 . 2008-05-26 21:38 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-26 21:22 . 2008-05-26 16:20 94,208 --a------ C:\WINDOWS\ekel.exe
2008-05-26 19:13 . 2008-05-26 19:13 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-24 14:57 . 2008-05-24 14:57 <DIR> d-------- C:\Program Files\GameSpot
2008-05-24 14:57 . 2008-05-24 14:57 <DIR> d-------- C:\Documents and Settings\All Users\temp
2008-05-24 14:57 . 2008-05-24 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Gamespot
2008-05-24 13:50 . 2008-05-24 13:50 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\Isotope 244
2008-05-24 13:49 . 2008-05-24 13:49 <DIR> d-------- C:\Program Files\Isotope244 Graphics
2008-05-19 14:37 . 2008-05-26 15:47 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\Command & Conquer 3 Tiberium Wars
2008-05-19 12:17 . 2008-05-19 12:17 <DIR> dr-h----- C:\Documents and Settings\ryan\Application Data\SecuROM
2008-05-19 09:46 . 2008-05-19 09:46 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-11 20:36 . 2005-07-30 21:00 114,688 --a------ C:\WINDOWS\system32\OdiOlDVR.dll
2008-05-11 20:36 . 2005-07-30 21:14 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll
2008-05-11 20:36 . 2004-06-21 10:14 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll
2008-05-03 00:11 . 2008-05-03 00:11 123 --a------ C:\WINDOWS\tmpcpyis.bat
2008-05-03 00:11 . 2008-05-03 00:11 122 --a------ C:\WINDOWS\tmpdelis.bat
2008-05-03 00:11 . 2008-05-03 00:11 26 --a------ C:\WINDOWS\winstart.bat
2008-05-03 00:10 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-05-03 00:09 . 1996-11-06 12:11 69,632 --a------ C:\WINDOWS\RAUNINST.EXE
2008-05-03 00:00 . 2008-05-03 00:11 <DIR> d-------- C:\WESTWOOD
2008-05-02 16:53 . 2008-05-02 16:53 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-04-29 17:58 . 2008-04-29 17:58 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-15 12:42 . 2008-04-15 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-15 12:23 . 2008-04-15 12:23 <DIR> d-------- C:\Program Files\New Folder
2008-04-14 17:52 . 2008-04-14 17:52 <DIR> d-------- C:\DirectX9
2008-04-05 13:41 . 2008-04-05 13:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 00:00 111,626 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_16_13_50_29_small.dmp.zip
2008-05-30 00:35 --------- d-----w C:\Documents and Settings\ryan\Application Data\Skype
2008-05-28 23:14 --------- d-----w C:\Documents and Settings\ryan\Application Data\gtk-2.0
2008-05-28 02:18 --------- d-----w C:\Documents and Settings\ryan\Application Data\AVG7
2008-05-27 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-27 03:39 --------- d-----w C:\Documents and Settings\ryan\Application Data\uTorrent
2008-05-26 04:03 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-26 04:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-25 01:27 --------- d-----w C:\Documents and Settings\ryan\Application Data\Free Download Manager
2008-05-24 21:57 6,072 ----a-w C:\Program Files\install.log
2008-05-24 21:34 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-24 19:06 --------- d-----w C:\Program Files\DAEMON Tools67
2008-05-24 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-19 18:55 --------- d-----w C:\Program Files\Electronic Arts
2008-05-19 16:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 16:40 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-05-19 01:54 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-12 03:36 --------- d-----w C:\Program Files\Olympus
2008-05-10 21:53 --------- d-----w C:\Documents and Settings\ryan\Application Data\Xfire
2008-05-07 02:06 --------- d-s---w C:\Program Files\Xfire
2008-05-06 19:35 --------- d-----w C:\Program Files\EA GAMES
2008-04-29 01:09 105,972 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_27_17_16_41_small.dmp.zip
2008-04-24 22:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 00:25 110,051 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_21_18_56_42_small.dmp.zip
2008-04-23 00:25 107,359 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_21_20_08_40_small.dmp.zip
2008-04-22 01:57 1,444,864 ----a-w C:\WINDOWS\Internet Logs\xDB82.tmp
2008-04-19 05:05 --------- d-----w C:\Program Files\Toribash-3.1
2008-04-16 01:19 102,473 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_14_09_08_14_small.dmp.zip
2008-04-15 19:24 --------- d-----w C:\Program Files\Ubisoft
2008-04-13 01:20 11,357,752 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-13 01:20 104,935 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_12_12_13_49_small.dmp.zip
2008-04-12 19:14 3,279,872 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-04-08 19:32 --------- d-----w C:\Program Files\THQ
2008-04-08 17:00 106,726 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_08_08_54_13_small.dmp.zip
2008-04-08 16:59 19,221,944 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_08_06_02_59_full.dmp.zip
2008-04-08 16:59 106,808 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_08_05_19_02_small.dmp.zip
2008-04-08 16:59 105,612 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_08_07_16_18_small.dmp.zip
2008-03-30 21:55 --------- d-----w C:\Program Files\Project64 1.6
2008-03-28 20:25 --------- d-----w C:\Program Files\America's Army
2008-03-28 04:15 --------- d-----w C:\Program Files\Sierra
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 01:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-26 11:59 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-26 11:59 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
2008-02-23 03:26 5 -c--a-w C:\Documents and Settings\ryan\data5a.dat
2008-02-23 03:26 5 -c--a-w C:\Documents and Settings\ryan\data5.dat
2008-02-23 02:53 5 -c--a-w C:\Documents and Settings\ryan\data4a.dat
2008-02-23 02:53 5 -c--a-w C:\Documents and Settings\ryan\data4.dat
2008-02-23 02:45 5 -c--a-w C:\Documents and Settings\ryan\data3a.dat
2008-02-23 02:45 5 -c--a-w C:\Documents and Settings\ryan\data3.dat
2008-02-23 02:42 5 -c--a-w C:\Documents and Settings\ryan\data2a.dat
2008-02-23 02:42 5 -c--a-w C:\Documents and Settings\ryan\data2.dat
2008-02-23 02:39 5 -c--a-w C:\Documents and Settings\ryan\data1a.dat
2008-02-23 02:39 5 -c--a-w C:\Documents and Settings\ryan\data1.dat
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-22 04:56 5 -c--a-w C:\Documents and Settings\ryan\cosnblz.dat
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-11-18 05:13 251 -c--a-w C:\Program Files\wt3d.ini
2007-10-16 22:55 22,328 -c--a-w C:\Documents and Settings\ryan\Application Data\PnkBstrK.sys
2006-09-01 21:17 0 -c--a-w C:\Documents and Settings\ryan\Application Data\wklnhst.dat
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 09:46 217544]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 13:01 1923352]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 09:50 1424648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05 344064]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57 405504]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 14:26 233534]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 13:09 157592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-20 09:44 145920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 08:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\ryan\Start Menu\Programs\Startup\
Minesweeper.lnk - C:\WINDOWS\system32\winmine.exe [2004-08-10 08:00:00 119808]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2008-05-11 20:36:23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"vidc.ffds"= ffdshow.ax
"VIDC.ZLIB"= AVIZLIB.dll
"VIDC.MSZH"= AVIMSZH.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=C:\WINDOWS\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-04-20 09:44 416256 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-07 16:01 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 21:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-12-13 16:45 507904 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-09-12 01:58 229952 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-12 11:39 94208 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--a------ 2005-10-11 10:23 1187840 C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIS2PostReboot]
--a------ 2001-04-27 15:19 212992 C:\Program Files\LEGO MINDSTORMS\RIS 2.0\LaunchRIS2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-03-12 15:05 25590312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2005-05-31 01:04 1415824 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a--c--- 2006-03-10 16:15 1249280 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-06-19 13:50 729178 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-28 19:50 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-10-24 17:10 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\UnrealTournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Cain\\Cain.exe"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 02:06]
S3 Bulk503;Chameleon Mega Digital Camera;C:\WINDOWS\system32\Drivers\Bulk503.sys [2001-10-15 12:45]
S3 ISO503;Chameleon Mega Video Camera;C:\WINDOWS\system32\Drivers\ISO503.SYS [2002-04-09 10:49]
S3 LTower;LEGO USB Tower Driver;C:\WINDOWS\system32\Drivers\LTower.sys [2001-04-25 17:44]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 14:10]
S3 pfsvgae;pfsvgae;C:\DOCUME~1\ryan\LOCALS~1\Temp\pfsvgae.sys []
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2006-09-28 22:51:42 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
"2006-09-28 22:51:25 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
"2008-05-30 20:04:36 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-28 03:34:36 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 13:02:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?6?5?3??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-30 13:10:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 20:10:03

Pre-Run: 3,836,317,696 bytes free
Post-Run: 4,314,578,944 bytes free

319 --- E O F --- 2008-05-30 19:18:32

here is the HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:45 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\system32\winmine.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Minesweeper.lnk = C:\WINDOWS\system32\winmine.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6629 bytes


should inable teatimer now?
  • 0

#7
koko_crunch
Posted 30 May 2008 - 03:37 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

should inable teatimer now?


Not yet. Teatimer can cancel out the repairs we are doing so we need it disabled until we completely cleared the infection.

Next,

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\ekel.exe
C:\WINDOWS\system32\tmpC6875.FOT
C:\WINDOWS\system32\tmp8F875.FOT
C:\WINDOWS\system32\tmp0C775.FOT
C:\WINDOWS\system32\tmp0A775.FOT
C:\WINDOWS\system32\OdiOlDVR.dll
C:\WINDOWS\system32\STRDEVAPI.dll
C:\WINDOWS\system32\OdiAPI.dll
C:\WINDOWS\tmpcpyis.bat
C:\WINDOWS\tmpdelis.bat
C:\WINDOWS\winstart.bat
C:\WINDOWS\RAUNINST.EXE
C:\WINDOWS\Internet Logs\xDB82.tmp
C:\WINDOWS\Internet Logs\xDB12.tmp
C:\Documents and Settings\ryan\data5a.dat
C:\Documents and Settings\ryan\data5.dat
C:\Documents and Settings\ryan\data4a.dat
C:\Documents and Settings\ryan\data4.dat
C:\Documents and Settings\ryan\data3a.dat
C:\Documents and Settings\ryan\data3.dat
C:\Documents and Settings\ryan\data2a.dat
C:\Documents and Settings\ryan\data2.dat
C:\Documents and Settings\ryan\data1a.dat
C:\Documents and Settings\ryan\data1.dat
C:\Documents and Settings\ryan\cosnblz.dat
C:\Program Files\wt3d.ini
C:\Documents and Settings\ryan\Application Data\wklnhst.dat
C:\DOCUME~1\ryan\LOCALS~1\Temp\pfsvgae.sys

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pfsvgae]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_pfsvgae]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#8
littleshu
Posted 31 May 2008 - 01:31 PM

littleshu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix 08-05-29.1 - ryan 2008-05-30 19:13:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.573 [GMT -7:00]
Running from: C:\Documents and Settings\ryan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ryan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\ryan\LOCALS~1\Temp\pfsvgae.sys
C:\Documents and Settings\ryan\Application Data\wklnhst.dat
C:\Documents and Settings\ryan\cosnblz.dat
C:\Documents and Settings\ryan\data1.dat
C:\Documents and Settings\ryan\data1a.dat
C:\Documents and Settings\ryan\data2.dat
C:\Documents and Settings\ryan\data2a.dat
C:\Documents and Settings\ryan\data3.dat
C:\Documents and Settings\ryan\data3a.dat
C:\Documents and Settings\ryan\data4.dat
C:\Documents and Settings\ryan\data4a.dat

C:\Documents and Settings\ryan\data5.dat
C:\Documents and Settings\ryan\data5a.dat
C:\Program Files\wt3d.ini
C:\WINDOWS\ekel.exe
C:\WINDOWS\Internet Logs\xDB12.tmp
C:\WINDOWS\Internet Logs\xDB82.tmp
C:\WINDOWS\RAUNINST.EXE
C:\WINDOWS\system32\OdiAPI.dll
C:\WINDOWS\system32\OdiOlDVR.dll
C:\WINDOWS\system32\STRDEVAPI.dll
C:\WINDOWS\system32\tmp0A775.FOT
C:\WINDOWS\system32\tmp0C775.FOT
C:\WINDOWS\system32\tmp8F875.FOT
C:\WINDOWS\system32\tmpC6875.FOT
C:\WINDOWS\tmpcpyis.bat
C:\WINDOWS\tmpdelis.bat
C:\WINDOWS\winstart.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ryan\Application Data\wklnhst.dat
C:\Documents and Settings\ryan\cosnblz.dat
C:\Documents and Settings\ryan\data1.dat
C:\Documents and Settings\ryan\data1a.dat
C:\Documents and Settings\ryan\data2.dat
C:\Documents and Settings\ryan\data2a.dat
C:\Documents and Settings\ryan\data3.dat
C:\Documents and Settings\ryan\data3a.dat
C:\Documents and Settings\ryan\data4.dat
C:\Documents and Settings\ryan\data4a.dat
C:\Documents and Settings\ryan\data5.dat
C:\Documents and Settings\ryan\data5a.dat
C:\Program Files\wt3d.ini
C:\WINDOWS\ekel.exe
C:\WINDOWS\Internet Logs\xDB12.tmp
C:\WINDOWS\Internet Logs\xDB82.tmp
C:\WINDOWS\RAUNINST.EXE
C:\WINDOWS\system32\OdiAPI.dll
C:\WINDOWS\system32\OdiOlDVR.dll
C:\WINDOWS\system32\STRDEVAPI.dll
C:\WINDOWS\system32\tmp0A775.FOT
C:\WINDOWS\system32\tmp0C775.FOT
C:\WINDOWS\system32\tmp8F875.FOT
C:\WINDOWS\system32\tmpC6875.FOT
C:\WINDOWS\tmpcpyis.bat
C:\WINDOWS\tmpdelis.bat
C:\WINDOWS\winstart.bat

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2014-08-02 21:07 . 2007-09-02 14:44 <DIR> d-------- C:\picsforlaurie
2008-05-29 13:20 . 2008-05-29 13:20 <DIR> d-------- C:\VundoFix Backups
2008-05-29 12:16 . 2008-05-29 12:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-29 11:53 . 2008-05-29 13:03 <DIR> d-------- C:\SDFix
2008-05-29 11:22 . 2008-05-29 11:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 11:22 . 2008-05-29 11:22 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\Malwarebytes
2008-05-29 11:22 . 2008-05-29 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 11:22 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 11:22 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 14:59 . 2008-05-28 14:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 19:55 . 2008-05-27 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-27 19:09 . 2008-05-27 19:55 <DIR> d-------- C:\Program Files\Uniblue
2008-05-27 19:09 . 2008-05-27 19:55 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\Uniblue
2008-05-26 21:38 . 2008-05-26 21:38 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-26 19:13 . 2008-05-26 19:13 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-24 14:57 . 2008-05-24 14:57 <DIR> d-------- C:\Program Files\GameSpot
2008-05-24 14:57 . 2008-05-24 14:57 <DIR> d-------- C:\Documents and Settings\All Users\temp
2008-05-24 14:57 . 2008-05-24 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Gamespot
2008-05-24 13:50 . 2008-05-24 13:50 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\Isotope 244
2008-05-24 13:49 . 2008-05-24 13:49 <DIR> d-------- C:\Program Files\Isotope244 Graphics
2008-05-19 14:37 . 2008-05-26 15:47 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\Command & Conquer 3 Tiberium Wars
2008-05-19 12:17 . 2008-05-19 12:17 <DIR> dr-h----- C:\Documents and Settings\ryan\Application Data\SecuROM
2008-05-19 09:46 . 2008-05-19 09:46 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-13 18:29 . 2008-05-13 18:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-03 00:10 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-05-03 00:00 . 2008-05-03 00:11 <DIR> d-------- C:\WESTWOOD
2008-05-02 16:53 . 2008-05-02 16:53 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-04-15 12:42 . 2008-04-15 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-15 12:23 . 2008-04-15 12:23 <DIR> d-------- C:\Program Files\New Folder
2008-04-14 17:52 . 2008-04-14 17:52 <DIR> d-------- C:\DirectX9
2008-04-05 13:41 . 2008-04-05 13:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 00:00 111,626 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_16_13_50_29_small.dmp.zip
2008-05-31 02:12 --------- d-----w C:\Documents and Settings\ryan\Application Data\Skype
2008-05-31 02:07 --------- d-----w C:\Documents and Settings\ryan\Application Data\Xfire
2008-05-31 01:53 --------- d-s---w C:\Program Files\Xfire
2008-05-28 23:14 --------- d-----w C:\Documents and Settings\ryan\Application Data\gtk-2.0
2008-05-28 02:18 --------- d-----w C:\Documents and Settings\ryan\Application Data\AVG7
2008-05-27 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-27 03:39 --------- d-----w C:\Documents and Settings\ryan\Application Data\uTorrent
2008-05-26 04:03 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-26 04:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-25 01:27 --------- d-----w C:\Documents and Settings\ryan\Application Data\Free Download Manager
2008-05-24 21:57 6,072 ----a-w C:\Program Files\install.log
2008-05-24 21:34 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-24 19:06 --------- d-----w C:\Program Files\DAEMON Tools67
2008-05-24 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-19 18:55 --------- d-----w C:\Program Files\Electronic Arts
2008-05-19 16:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 16:40 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-05-19 01:54 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-12 03:36 --------- d-----w C:\Program Files\Olympus
2008-05-06 19:35 --------- d-----w C:\Program Files\EA GAMES
2008-04-29 01:09 105,972 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_27_17_16_41_small.dmp.zip
2008-04-24 22:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 00:25 110,051 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_21_18_56_42_small.dmp.zip
2008-04-23 00:25 107,359 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_21_20_08_40_small.dmp.zip
2008-04-19 05:05 --------- d-----w C:\Program Files\Toribash-3.1
2008-04-16 01:19 102,473 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_14_09_08_14_small.dmp.zip
2008-04-15 19:24 --------- d-----w C:\Program Files\Ubisoft
2008-04-13 01:20 11,357,752 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-13 01:20 104,935 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_12_12_13_49_small.dmp.zip
2008-04-08 19:32 --------- d-----w C:\Program Files\THQ
2008-04-08 17:00 106,726 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_08_08_54_13_small.dmp.zip
2008-04-08 16:59 19,221,944 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_08_06_02_59_full.dmp.zip
2008-04-08 16:59 106,808 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_08_05_19_02_small.dmp.zip
2008-04-08 16:59 105,612 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_08_07_16_18_small.dmp.zip
2008-03-30 21:55 --------- d-----w C:\Program Files\Project64 1.6
2008-03-28 20:25 --------- d-----w C:\Program Files\America's Army
2008-03-28 04:15 --------- d-----w C:\Program Files\Sierra
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 01:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-26 11:59 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-26 11:59 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-16 22:55 22,328 -c--a-w C:\Documents and Settings\ryan\Application Data\PnkBstrK.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-30_13.09.44.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-30 20:01:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-30 21:33:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 09:46 217544]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 13:01 1923352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05 344064]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57 405504]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 14:26 233534]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 13:09 157592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-20 09:44 145920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 08:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\ryan\Start Menu\Programs\Startup\
Minesweeper.lnk - C:\WINDOWS\system32\winmine.exe [2004-08-10 08:00:00 119808]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2008-05-11 20:36:23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"vidc.ffds"= ffdshow.ax
"VIDC.ZLIB"= AVIZLIB.dll
"VIDC.MSZH"= AVIMSZH.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=C:\WINDOWS\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-04-20 09:44 416256 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-07 16:01 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 21:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-12-13 16:45 507904 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-09-12 01:58 229952 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-12 11:39 94208 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--a------ 2005-10-11 10:23 1187840 C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIS2PostReboot]
--a------ 2001-04-27 15:19 212992 C:\Program Files\LEGO MINDSTORMS\RIS 2.0\LaunchRIS2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-03-12 15:05 25590312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2005-05-31 01:04 1415824 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a--c--- 2006-03-10 16:15 1249280 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-06-19 13:50 729178 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-28 19:50 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-10-24 17:10 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\UnrealTournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Cain\\Cain.exe"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 02:06]
S3 Bulk503;Chameleon Mega Digital Camera;C:\WINDOWS\system32\Drivers\Bulk503.sys [2001-10-15 12:45]
S3 ISO503;Chameleon Mega Video Camera;C:\WINDOWS\system32\Drivers\ISO503.SYS [2002-04-09 10:49]
S3 LTower;LEGO USB Tower Driver;C:\WINDOWS\system32\Drivers\LTower.sys [2001-04-25 17:44]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 14:10]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2006-09-28 22:51:42 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
"2006-09-28 22:51:25 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
"2008-05-30 21:35:28 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-28 03:34:36 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 19:21:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?6?5?3??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\pfsvgae]
"ImagePath"="\??\C:\DOCUME~1\ryan\LOCALS~1\Temp\pfsvgae.sys"
.
Completion time: 2008-05-30 19:22:32
ComboFix-quarantined-files.txt 2008-05-31 02:22:19
ComboFix2.txt 2008-05-30 20:10:08

Pre-Run: 4,142,985,216 bytes free
Post-Run: 4,114,554,880 bytes free

327 --- E O F --- 2008-05-30 19:18:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:43 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Minesweeper.lnk = C:\WINDOWS\system32\winmine.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6557 bytes
  • 0

#9
koko_crunch
Posted 01 June 2008 - 01:24 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Much better...

Next,


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

  • 0

#10
littleshu
Posted 05 June 2008 - 06:06 PM

littleshu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/05/2008 at 04:16 PM

Application Version : 4.15.1000

Core Rules Database Version : 3475
Trace Rules Database Version: 1466

Scan type : Complete Scan
Total Scan Time : 01:34:45

Memory items scanned : 372
Memory threats detected : 0
Registry items scanned : 6091
Registry threats detected : 0
File items scanned : 22457
File threats detected : 16

Adware.Tracking Cookie
C:\Documents and Settings\ryan\Cookies\ryan@questionmarket[2].txt
C:\Documents and Settings\ryan\Cookies\ryan@atwola[1].txt
C:\Documents and Settings\ryan\Cookies\[email protected][1].txt
C:\Documents and Settings\ryan\Cookies\[email protected][1].txt
C:\Documents and Settings\ryan\Cookies\ryan@trafficmp[1].txt
C:\Documents and Settings\ryan\Cookies\ryan@adinterax[1].txt
C:\Documents and Settings\ryan\Cookies\[email protected][1].txt
C:\Documents and Settings\ryan\Cookies\ryan@2o7[2].txt
C:\Documents and Settings\ryan\Cookies\[email protected][2].txt
C:\Documents and Settings\ryan\Cookies\[email protected][1].txt
C:\Documents and Settings\ryan\Cookies\[email protected][1].txt
C:\Documents and Settings\ryan\Cookies\ryan@media6degrees[1].txt
C:\Documents and Settings\ryan\Cookies\[email protected][2].txt
C:\Documents and Settings\ryan\Cookies\[email protected][2].txt
C:\Documents and Settings\ryan\Cookies\[email protected][2].txt
C:\Documents and Settings\ryan\Cookies\[email protected][1].txt
adopt.euroclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2mdn.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.dowjones.122.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.list.ru [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
rotabanner.rian.ru [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
rotabanner.rian.ru [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.rambler.ru [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
stats.sphere.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
openx.ventivmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
openx.ventivmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
openx.ventivmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
openx.ventivmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
openx.ventivmedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ads.mediamayhemcorp.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ads.mediamayhemcorp.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ads.mediamayhemcorp.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.questionablecontent.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
optimize.indieclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.yourdailymedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.yourdailymedia.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ehg-idgentertainment.hitbox.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ehg-idgentertainment.hitbox.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
image.masterstats.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.chitika.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.cracked.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.cracked.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.cracked.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.media.xfire.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.media.xfire.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
.stumbleupon.112.2o7.net [ C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\5nu74oyt.default\cookies.txt ]
  • 0

#11
koko_crunch
Posted 06 June 2008 - 08:42 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Looks good. :)
Now for one final scan to be sure we didn't miss any.

First,

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Then,


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#12
koko_crunch
Posted 11 June 2008 - 11:18 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP