Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected: Win32.Adware.Virtumonde [RESOLVED]

Started by xtreme__boi , Jun 26 2008 02:16 AM

  • This topic is locked This topic is locked

#1
xtreme__boi
Posted 26 June 2008 - 02:16 AM

xtreme__boi

    New Member

  • Member
  • Pip
  • 6 posts
Hi all,

My PC became infected with the dreaded Win32.Adware.Virtumonde. After a few hours of reading about stuff online, I am still unable to resolv my problem. Can anyone here help me fix this problem?

Thank you,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:53 AM - Lee, on 26/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\GEApp\AGSeiApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CF947877-1620-4033-A168-0B21872BFAB6} - C:\Windows\system32\byXQGvwt.dll
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [A8GSdsApp] C:\Program Files\GEApp\AGSeiApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...b/wlscctrl2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E36C1690-C4ED-4B46-B964-B73BA85229C0}: NameServer = 212.139.132.53 212.139.132.52
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe

--
End of file - 7877 bytes
  • 0

Advertisements

#2
Ltangelic
Posted 26 June 2008 - 05:17 AM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey xtreme__boi,

Welcome to GeekstoGo! I'm Ltangelic and I'll be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. :)

I'm looking at your log now, and I'll post back with a fix when I'm ready. Thanks for your patience.

LT
  • 0

#3
xtreme__boi
Posted 26 June 2008 - 05:40 AM

xtreme__boi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for your help. In the mean time I carried out a Kaspersky Online Scan:

I am aware that I have GoldenEye installed on this system. But thats for personal use only, so wish to keep GoldenEye on my system.

However... I am hoping to get rid of the 2 results in BOLD, below:

C:\Windows\System32\sirbolqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zde
C:\Windows\System32\xXpqOhFw.dll Infected: Trojan.Win32.Monder.acx

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 26, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 26, 2008 07:22:33
Records in database: 884721
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 86513
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:45:30


File name / Threat name / Threats count
C:\Program Files\GEApp\AGSeiApp.exe/C:\Program Files\GEApp\AGSeiApp.exe Infected: not-a-virus:Monitor.Win32.GoldenEye.401 1
C:\Program Files\GEApp\AGSeiApp.exe Infected: not-a-virus:Monitor.Win32.GoldenEye.401 1
C:\Windows\System32\sirbolqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zde 1
C:\Windows\System32\xXpqOhFw.dll Infected: Trojan.Win32.Monder.acx 1

The selected area was scanned.
  • 0

#4
Ltangelic
Posted 27 June 2008 - 06:30 PM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey xtreme__boi,

Sorry for the wait, it took a while for an expert to look at my fix. :)

PS. In the future, if you're wondering why I am taking so long to respond, feel free to give me a PM and I'll explain it to you.

Now on to business.

Your logs are showing signs of infection, there are a few tools we need to run on this first round. :)

Please follow my instructions in the order they were given, and print out a copy of it as you may not be able to access the forums during the fix.

1) Remove infection with VundoFix 5

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

2) Scan with SuperAntispyware

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
3) Remove entries with HijackThis

Please re-open HijackThis and Do a System Scan only. Put a check next to the entry below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

4) Run ComboFix

Download ComboFix from one of the locations below, and save it to your Desktop. <--Important!

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Next reply (please include):

Fresh HijackThis log
Vundofix.txt
Superantispyware Scan log
Combofix.txt

Edited by Ltangelic, 27 June 2008 - 07:32 PM.

  • 0

#5
xtreme__boi
Posted 29 June 2008 - 11:15 PM

xtreme__boi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey, I am still here... just been very busy.

I am in the process of doing the above following. Am currently carrying out a SUPERantiSpyware scan... as soon as I get all logs, I will repost.

Thanks
  • 0

#6
xtreme__boi
Posted 30 June 2008 - 01:51 PM

xtreme__boi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have followed each of the above stesp very carefully. Here are the requested logs:

-----------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:40 PM - Lee, on 30/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\GEApp\AGSeiApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [A8GSdsApp] C:\Program Files\GEApp\AGSeiApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...b/wlscctrl2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E36C1690-C4ED-4B46-B964-B73BA85229C0}: NameServer = 212.139.132.53 212.139.132.52
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe

--
End of file - 7786 bytes

-----------------------------------------------------------------------------------

VundoFix V7.0.6

Scan started at 5:39:32 AM - Lee 28/06/2008

Listing files found while scanning....

No infected files were found.

-----------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/30/2008 at 08:14 PM

Application Version : 4.15.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 14:21:00

Memory items scanned : 517
Memory threats detected : 0
Registry items scanned : 7406
Registry threats detected : 2
File items scanned : 564960
File threats detected : 157

Adware.Tracking Cookie
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@burstnet[2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@mediaplex[2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@euros4click[1].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@advertising[2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@overture[1].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@socialmedia[2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@partypoker[2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@skyscanner[2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@adtech[1].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@worldlingomedia[2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@tacoda[2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@adecn[1].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@revsci[1].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@adecn[1].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@adtech[1].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@advertising[2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@adviva[2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@burstnet[2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@euros4click[1].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@mediaplex[2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@overture[1].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@socialmedia[2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@tacoda[1].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@worldlingomedia[2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@adecn[1].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@adtech[1].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@advertising[2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@adviva[2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@burstnet[2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@euros4click[1].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@mediaplex[2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@overture[1].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@socialmedia[2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@tacoda[1].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@worldlingomedia[2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][1].txt
C:\Documents and Settings\xtreme__boi\Cookies\xtreme__boi@adecn[1].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Cookies\xtreme__boi@adtech[1].txt
C:\Documents and Settings\xtreme__boi\Cookies\xtreme__boi@advertising[2].txt
C:\Documents and Settings\xtreme__boi\Cookies\xtreme__boi@adviva[2].txt
C:\Documents and Settings\xtreme__boi\Cookies\xtreme__boi@burstnet[2].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Cookies\xtreme__boi@euros4click[1].txt
C:\Documents and Settings\xtreme__boi\Cookies\xtreme__boi@mediaplex[2].txt
C:\Documents and Settings\xtreme__boi\Cookies\xtreme__boi@overture[1].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][1].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Cookies\xtreme__boi@socialmedia[2].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][1].txt
C:\Documents and Settings\xtreme__boi\Cookies\xtreme__boi@tacoda[1].txt
C:\Documents and Settings\xtreme__boi\Cookies\xtreme__boi@worldlingomedia[2].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][2].txt
C:\Documents and Settings\xtreme__boi\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@adviva[2].txt
C:\Users\xtreme__boi\AppData\Roaming\Microsoft\Windows\Cookies\xtreme__boi@tacoda[1].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@adecn[1].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@adtech[1].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@advertising[2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@adviva[2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@burstnet[2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@euros4click[1].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@mediaplex[2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@overture[1].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@socialmedia[2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@tacoda[1].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\xtreme__boi@worldlingomedia[2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\Cookies\xtreme__boi@adecn[1].txt
C:\Users\xtreme__boi\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Cookies\xtreme__boi@adtech[1].txt
C:\Users\xtreme__boi\Cookies\xtreme__boi@advertising[2].txt
C:\Users\xtreme__boi\Cookies\xtreme__boi@adviva[2].txt
C:\Users\xtreme__boi\Cookies\xtreme__boi@burstnet[2].txt
C:\Users\xtreme__boi\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Cookies\xtreme__boi@euros4click[1].txt
C:\Users\xtreme__boi\Cookies\xtreme__boi@mediaplex[2].txt
C:\Users\xtreme__boi\Cookies\xtreme__boi@overture[1].txt
C:\Users\xtreme__boi\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Cookies\xtreme__boi@socialmedia[2].txt
C:\Users\xtreme__boi\Cookies\[email protected][1].txt
C:\Users\xtreme__boi\Cookies\xtreme__boi@tacoda[1].txt
C:\Users\xtreme__boi\Cookies\xtreme__boi@worldlingomedia[2].txt
C:\Users\xtreme__boi\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Cookies\[email protected][2].txt
C:\Users\xtreme__boi\Cookies\[email protected][1].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP

-----------------------------------------------------------------------------------

ComboFix 08-06-20.4 - xtreme__boi 2008-06-30 20:29:47.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2188 [GMT 1:00]
Running from: C:\Users\xtreme__boi\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\mrawlsvt.ini
C:\Windows\system32\pqlobris.ini
C:\Windows\System32\twvGQXyb.ini
C:\Windows\System32\twvGQXyb.ini2
C:\Windows\system32\wFhOqpXx.ini
C:\Windows\System32\wFhOqpXx.ini2

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-28 05:59 . 2008-06-28 05:59 <DIR> d-------- C:\Users\xtreme__boi\AppData\Roaming\SUPERAntiSpyware.com
2008-06-28 05:59 . 2008-06-28 05:59 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-28 05:59 . 2008-06-28 05:59 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-06-28 05:59 . 2008-06-28 06:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 05:39 . 2008-06-28 05:39 <DIR> d-------- C:\VundoFix Backups
2008-06-26 14:09 . 2008-06-27 05:36 211 --a------ C:\Windows\wininit.ini
2008-06-26 08:59 . 2008-06-26 08:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-26 08:46 . 2008-06-26 08:46 <DIR> d-------- C:\Windows\Sun
2008-06-26 08:44 . 2008-06-26 08:45 <DIR> d-------- C:\Program Files\Java
2008-06-26 08:44 . 2008-06-26 08:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-24 22:43 . 2008-06-24 22:54 <DIR> d-------- C:\Program Files\Microsoft Money 2007
2008-06-24 22:43 . 2008-06-24 22:43 81,920 --a------ C:\Windows\System32\sirbolqp.dll
2008-06-11 05:55 . 2008-04-29 02:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 05:55 . 2008-04-29 04:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 05:55 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 05:55 . 2008-04-29 02:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-11 05:54 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 05:54 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 05:54 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-05-31 20:49 . 2008-05-31 20:49 268 --ah----- C:\sqmdata00.sqm
2008-05-31 20:49 . 2008-05-31 20:49 244 --ah----- C:\sqmnoopt00.sqm
2008-05-27 08:31 . 2008-05-27 08:31 <DIR> d-------- C:\Program Files\MIKSOFT
2008-05-12 06:37 . 2008-05-12 06:37 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-05-01 08:44 . 2008-05-01 08:44 <DIR> d-------- C:\Program Files\a-squared Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 17:35 --------- d-----w C:\Users\xtreme__boi\AppData\Roaming\BitTorrent
2008-06-28 17:35 --------- d-----w C:\Program Files\PeerGuardian2
2008-06-28 10:00 --------- d-----w C:\Users\xtreme__boi\AppData\Roaming\Spyware Terminator
2008-06-28 10:00 --------- d-----w C:\Program Files\Spyware Terminator
2008-06-28 04:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 04:21 --------- d-----w C:\ProgramData\Spyware Terminator
2008-06-28 04:05 141,312 ----a-w C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-06-26 11:59 --------- d---a-w C:\ProgramData\TEMP
2008-06-26 11:58 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-22 20:03 --------- d-----w C:\Users\xtreme__boi\AppData\Roaming\uTorrent
2008-05-20 11:46 --------- d-----w C:\Users\xtreme__boi\AppData\Roaming\Winamp
2008-05-16 19:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-04 05:01 --------- d-----w C:\Program Files\Yahoo!
2008-03-29 18:05 174 --sha-w C:\Program Files\desktop.ini
2008-03-29 17:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-29 17:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-29 16:53 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-03-29 16:53 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2007-12-19 19:37 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-19 19:37 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-19 19:37 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-28 06:04 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagnostics"="C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" [2007-09-27 13:56 557149]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 18:33 271936]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 09:21 1443072]
"A8GSdsApp"="C:\Program Files\GEApp\AGSeiApp.exe" [2006-11-05 21:24 970752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\geBqNfFV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2159264265-3513562589-246227016-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{93DED792-B8F7-4AB1-B9DD-B0D6B076096E}"= UDP:C:\Users\xtreme__boi\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{93E6E7CE-D348-433B-875E-1657E8B8F716}"= TCP:C:\Users\xtreme__boi\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{4BDEC662-719E-453F-90EB-B278787F4390}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{889234AC-9FE0-4D56-A732-A1295848A0F8}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{0FAD5C68-17A7-4221-82CD-601BDCE60DD4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FFB91975-181E-44F9-9F28-3DD8CD608E58}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{C191AA23-24E8-48E9-9FEF-0E76BFCC9889}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{97A20231-B2B1-4E8F-8FE2-BCA8FA9A2855}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{4AF93C4C-EDEE-4D81-AB3D-1AF06215B870}C:\\users\\xtreme__boi\\desktop\\             \\my mobile\\mymobiler\\mymobiler.exe"= UDP:C:\users\xtreme__boi\desktop\             \my mobile\mymobiler\mymobiler.exe:mymobiler.exe
"UDP Query User{2844A088-CAC1-4836-8CE0-8A691AB1E1DB}C:\\users\\xtreme__boi\\desktop\\             \\my mobile\\mymobiler\\mymobiler.exe"= TCP:C:\users\xtreme__boi\desktop\             \my mobile\mymobiler\mymobiler.exe:mymobiler.exe
"{786C8F61-9508-4056-8737-6059FADF3FE7}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{4CDA2071-99C9-4B92-88D8-3FDB044CB6FD}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{D7A8F03C-C4E0-4125-B2A0-8FAE148D38D7}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{AF9E4A3D-1E2A-4253-B7CB-60A274921CF3}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 FD;FD;C:\Windows\system32\drivers\FD.sys [2007-12-12 10:43]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\Windows\system32\drivers\hcw88aud.sys [2007-01-24 14:25]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-06-28 05:05]
R2 olMntrService;Olivetti Monitor Service;"C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe" [2007-06-22 10:22]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 00:33]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 00:33]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 20:28]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\Windows\system32\drivers\hcw88tse.sys [2007-01-24 14:25]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\Windows\system32\drivers\hcw88tun.sys [2007-01-24 14:25]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\Windows\system32\drivers\hcw88vid.sys [2007-01-24 14:25]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\Windows\system32\drivers\HCW88BAR.sys [2007-01-24 14:25]
R3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2007-09-27 13:39]
R3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2007-09-27 13:39]
R3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2007-09-27 13:39]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 20:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 18:17:16 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-30 05:35:17 C:\Windows\Tasks\User_Feed_Synchronization-{BB3C1C5D-D0CC-4AD9-8C78-D7F093B2C73B}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 20:38:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\Windows\System32\cmd.exe
C:\Windows\System32\msinfo32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\System32\oodag.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-06-30 20:43:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 19:42:47

Pre-Run: 228,717,912,064 bytes free
Post-Run: 228,878,962,688 bytes free

182 --- E O F --- 2008-06-11 08:19:07
  • 0

#7
Ltangelic
Posted 02 July 2008 - 11:42 PM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey xtreme__boi,

Sorry for the delay, the expert looking at my log has been really busy.

Your log don't look too bad. We'll dig deeper and see if there are more than actually shown. :)

1) Uninstall programs

Please go to Add or Remove Programs in Control Panel and remove the following (if present):

BitTorrent <-- BitTorrent is a P2P program that can bring security risks to your computer, I recommend it to be removed. Please have a look here and decide if you want to remove it
PeerGuardian2 (P2P program)
Spyware Terminator <-- This is a rogue antispyware program that gives false alarms about your computer security, I would recommend its removal. Please have a look here
uTorrent (P2P program)
DNA <--Related to BitTorrent

2) Run ComboFix

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Windows\wininit.ini
C:\Windows\System32\sirbolqp.dll
C:\Windows\system32\drivers\sp_rsdrv2.sys

Folder::
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent
C:\Users\xtreme__boi\AppData\Roaming\Spyware Terminator
C:\Program Files\PeerGuardian2
C:\Program Files\Spyware Terminator
C:\ProgramData\Spyware Terminator
C:\Users\xtreme__boi\AppData\Roaming\uTorrent

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
[HKEY_LOCAL_MACHINE\software\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FFB91975-181E-44F9-9F28-3DD8CD608E58}"= -
"{C191AA23-24E8-48E9-9FEF-0E76BFCC9889}"= -
"{786C8F61-9508-4056-8737-6059FADF3FE7}"= -
"{4CDA2071-99C9-4B92-88D8-3FDB044CB6FD}"= -
"{D7A8F03C-C4E0-4125-B2A0-8FAE148D38D7}"= -
"{AF9E4A3D-1E2A-4253-B7CB-60A274921CF3}"= -
[HKEY_LOCAL_MACHINE\software\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

3) Run Kaspersky Webscanner

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Next reply (please include):

Fresh HijackThis log
ComboFix.txt
Kaspersky Webscanner log
  • 0

#8
xtreme__boi
Posted 03 July 2008 - 12:22 PM

xtreme__boi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:27 PM - Lee, on 03/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\GEApp\AGSeiApp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [A8GSdsApp] C:\Program Files\GEApp\AGSeiApp.exe
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...b/wlscctrl2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E36C1690-C4ED-4B46-B964-B73BA85229C0}: NameServer = 212.139.132.53 212.139.132.52
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe

--
End of file - 7347 bytes

--------------------------------------------------------------

ComboFix 08-07-02.3 - xtreme__boi 2008-07-03 9:44:57.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2127 [GMT 1:00]
Running from: C:\Users\xtreme__boi\Desktop\ComboFix.exe
Command switches used :: C:\Users\xtreme__boi\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\Windows\system32\drivers\sp_rsdrv2.sys
C:\Windows\System32\sirbolqp.dll
C:\Windows\wininit.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PeerGuardian2
C:\Program Files\PeerGuardian2\cache.p2b
C:\Program Files\PeerGuardian2\history.db
C:\Program Files\PeerGuardian2\license.txt
C:\Program Files\PeerGuardian2\lists\2102257263.list
C:\Program Files\PeerGuardian2\lists\560054545.list
C:\Program Files\PeerGuardian2\lists\permallow.p2b
C:\Program Files\PeerGuardian2\pg2.conf
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\PeerGuardian2\pg2.url
C:\Program Files\PeerGuardian2\pgfilter.sys
C:\Program Files\PeerGuardian2\readme.txt
C:\Program Files\PeerGuardian2\unins000.dat
C:\Program Files\PeerGuardian2\unins000.exe
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\[Eurocreme - Beau Mec Bareback] - Bareback Frat Pack.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\{StoneWerks} [Thrust] BAREBACK IN THE WOODS.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\01_Armin van Buuren presents - A State of Trance Episode 351.mp3.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\01_Armin van Buuren presents - A State of Trance Episode 352.mp3.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\01_Armin van Buuren presents - A State of Trance Episode 353.mp3.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\01_Armin van Buuren presents - A State of Trance Episode 354.mp3.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\01_Armin van Buuren presents - A State of Trance Episode 355.mp3.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\10000.BC.PROPER.DVDRip.XviD-DiAMOND.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\348.mp3.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\A State Of Trance Episode 347.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Alien.Vs.Predator-Requiem[2007][Unrated.Edition]DvDrip[Eng]-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Alphabeat - This Is Alphabeat [2008][CD+SkidVid_Xvid+Cov].torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Armin Van Buuren-A State Of Trance 345 27-03-2008.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Armin Van Buuren - A State of Trance 349 (DI.fm) [24-04-2008].torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Armin van Buuren - maicky A State Of Trance 356 - 12-06-2008.mp3.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Armin_Van_Buuren- Imagine-CD-2008-cHuNkY.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Armin_van_Buuren_-_A_State_of_Trance_346_(DI.fm)-NET-2008-04-03-PS.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Basshunter - All I Ever Wanted.mp3.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Be.Kind.Rewind[2008]DvDrip-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Before.The.Devil.Knows.You're.Dead[2007]DvDrip[Eng]-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Chris Brown - Exclusive The Forever Edition [2008].torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Cloverfield[2008]DvDrip.AC3[Eng]-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Daft Punk - Human After All.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Desperate.Housewives.S04E11.HDTV.XviD-0TV.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Desperate.Housewives.S04E12.HDTV.XViD-DOT.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Desperate.Housewives.S04E13.HDTV.XviD-0TV.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Desperate.Housewives.S04E14.HDTV.XviD-2HD.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Desperate.Housewives.S04E15.HDTV.XviD-0TV.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Desperate.Housewives.S04E16-E17.HDTV.XViD-DOT.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\dht.dat
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\dht.dat.old
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Diary.Of.The.Dead[2007]DvDrip[Eng]-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Diskeeper.PRO.PREMIERE.2008.v12.0.781(serial keys included).torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Drillbit.Taylor[2008][Extended.Survival.Edition]DvDrip-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Eric from Paris Video 16.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Fools.Gold.DVDRip.XviD-DiAMOND.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\[bleep] ENGINE.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GabriellaCilmi-LessonsToBeLearned[2008][CD+SkidVid_XviD+Cov].torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Greek.S01E01.Pilot.HDTV.XviD-FQM.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Greek.S01E02.HDTV.XviD-DIMENSION.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Greek.S01E03.DSR.XviD-2SD.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Greek.S01E04.DSR.XviD-ORENJi.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E05.DSR.XviD-ORENJi.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E06.DSR.XviD-ORENJi.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E07.DSR.XviD-ORENJi.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E08.DSR.XviD-ORENJi.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E09.DSR.XviD-SYS.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E10.DSR.XviD-2SD.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E11.DSR.XviD-0TV.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E12.DSR.XviD-iHT.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E13.DSR.XviD-0TV.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E14.DSR.XviD-2SD.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E15.DSR.XviD-0TV.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E16.DSR.XviD-0TV.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E17.DSR.XviD-0TV.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\GREEK.S01E18.DSR.XviD-0TV.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Greek.S01E19.HDTV.XviD-2HD.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Greek.S01E20.A.Tale.of.Two.Parties.HDTV.XviD-FQM.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Greek.S01E21.Barely.Legal.HDTV.XviD-FQM.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Greek.S01E22.Spring.Broke.HDTV.XviD-FQM.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Hero Wanted[2008]DvDrip[Eng]-FXG.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Horton.Hears.a.Who.R5.LINE.XviD-iNQONTROL.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Juno.DVDRip.XviD-Larceny.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Kylie-Wow&In My Arms Remixes.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Living.[bleep][Organizm][2008]DvDrip-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Lost.4x12.Theres_No_Place_Like_Home.HDTV_XviD-FoV.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Lost.S04E09.HDTV.XviD-2HD.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Lost.S04E10.PROPER.HDTV.XViD-DOT.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Lost.S04E11.HDTV.XviD-2HD.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Lost.S04E13-E14.HDTV.XviD-2HD.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Madonna - Confessions On A Dance Floor.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Madonna - Hard Candy [mp3-vbr-2008].torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Matt Pokora - MP3 - 2008.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Meet the Spartans[2008]DvDrip[Eng]-FXG.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Microsoft.Money.Plus.Home.And.Business.2008.Retail-NoPE.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\MOS - Clubbers Guide Summer 2008-3CD-2008-UTE seeded by www.p2p-crew.to.rar.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\National.Treasure.2-Book.Of.Secrets[2007]DvDrip[Eng]-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\One.Missed.Call[2008]DvDrip[Eng]-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\OST step up 2.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Ost.Step Up.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Over.Her.Dead.Body[2008]DvDrip[Eng]-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\P.S.I.Love.You[2007]DvDrip[Eng]-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Pure Urban Essentials - Summer 2008 - 2cds(Atomic RG).torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Pushing.Daisies.S01E01.Pie-lette.HDTV.XviD-XOR.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Pushing.Daisies.S01E02.HDTV.XviD-2HD.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Pushing.Daisies.S01E03.HDTV.XviD-2HD.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Pushing.Daisies.S01E04.HDTV.xViD-Caph.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Pushing.Daisies.S01E05.HDTV.xVID-Caph.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Pushing.Daisies.S01E06.HDTV.XViD-Caph.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Pushing.Daisies.S01E07.HDTV.XViD-Caph.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Pushing.Daisies.S01E08.HDTV.XViD-Caph.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Pushing.Daisies.S01E09.HDTV.XViD-DOT.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Rambo[2008]DvDrip-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\resume.dat
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\resume.dat.old
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Rihanna - Good Girl Gone Bad Reloaded [R&B][2008][www.pctrecords.com].torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Sam Sparro - Sam Sparro [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Santogold - Santogold(KINGDOM-MUSIC by markie b).torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Scooter - Jumping All Over The World 2CDs (2008) - [Retail] - (supershare.co.uk).torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\settings.dat
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\settings.dat.old
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Shutter.R5.LiNE.XViD-PUKKA.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Step Up (Advance 2006) - Soundtrack.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Sunbelt CounterSpy 2.5.1043.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Sunbelt.CounterSpy.2.5.1043.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\SUPERAntiSpyware Professional v4.15.1000 + Cracks [Lifetime Subscription].torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Superhero.Movie[2008]DvDrip.AC3-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Techno.Club.Vol.25.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\The Hive (2008 DVD Rip).[www.UsaBit.com].torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\The Ting Tings - We Started Nothing (CHIPS).torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\The.Bank.Job[2008]DvDrip[Eng]-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\The.Cottage.DVD.SCREENER.XViD-PUKKA.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\The.Oxford.Murders[2008]DvDrip-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\The.Ruins[2008][Unrated.Edition]DvDrip-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Then She Found Me[2007]DvDrip[Eng]-FXG.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Trance Anthems 2008 - Mixed By Dave Pearce - 3 CD's (Kingdom-Music By Raven2007).torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Ugly.Betty.S02E14.Twenty-Four.Candles.PROPER.HDTV.XviD-FQM.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Ugly.Betty.S02E15.HDTV.XViD-DOT.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Ugly.Betty.S02E16.HDTV.XViD-DOT.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Ugly.Betty.S02E17.HDTV.XViD-DOT.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Ugly.Betty.S02E18.HDTV.XViD-DOT.avi.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Untraceable.2007.DVDScR.READNFO.XViD-nDn.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Untraceable[TeleSync][English][2008][www.estrenoszt.com].torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\VA-Clubland_13-2CD-2008-UTE.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\VA-Hed_Kandi__Back_To_Love_(HEDK077)-3CD-2008-BF.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\VA-Ministry.of.Sound-Electro.House.Sessions.2[2008][2CD][VBR.MP3][Split.Tracks].torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\VA_-_Stereo_Sushi_Vol.12-2CD-2008-EDF.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\VA_-_Techno_Club_Vol.26-2CD-2008-MOD.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\Vantage.Point[2008]DvDrip.AC3-aXXo.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\You got Served - OST.torrent
C:\Users\xtreme__boi\AppData\Roaming\BitTorrent\You got served (Soundtrack).torrent
C:\Windows\System32\sirbolqp.dll
C:\Windows\wininit.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-03 09:37 . 2008-07-03 09:37 12,487,993 --a------ C:\Windows\System32\SBSP.dat
2008-06-28 05:59 . 2008-06-28 05:59 <DIR> d-------- C:\Users\xtreme__boi\AppData\Roaming\SUPERAntiSpyware.com
2008-06-28 05:59 . 2008-06-28 05:59 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-28 05:59 . 2008-06-28 05:59 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-06-28 05:59 . 2008-06-28 06:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 05:39 . 2008-06-28 05:39 <DIR> d-------- C:\VundoFix Backups
2008-06-26 08:59 . 2008-06-26 08:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-26 08:46 . 2008-06-26 08:46 <DIR> d-------- C:\Windows\Sun
2008-06-26 08:44 . 2008-06-26 08:45 <DIR> d-------- C:\Program Files\Java
2008-06-26 08:44 . 2008-06-26 08:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-24 22:43 . 2008-06-24 22:54 <DIR> d-------- C:\Program Files\Microsoft Money 2007
2008-06-11 05:55 . 2008-04-29 02:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 05:55 . 2008-04-29 04:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 05:55 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 05:55 . 2008-04-29 02:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-11 05:54 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 05:54 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 05:54 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 04:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 11:59 --------- d---a-w C:\ProgramData\TEMP
2008-06-26 11:58 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-27 07:31 --------- d-----w C:\Program Files\MIKSOFT
2008-05-20 11:46 --------- d-----w C:\Users\xtreme__boi\AppData\Roaming\Winamp
2008-05-16 19:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-04 05:01 --------- d-----w C:\Program Files\Yahoo!
2008-03-29 18:05 174 --sha-w C:\Program Files\desktop.ini
2007-12-19 19:37 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-19 19:37 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-19 19:37 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-30_20.42.14.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-30 19:36:36 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-03 08:20:53 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-30 19:37:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-03 08:23:57 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-03 08:23:57 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-30 19:37:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-03 08:23:52 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-03 08:23:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-30 04:51:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-02 05:26:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-30 04:51:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-02 05:26:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-30 04:51:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-02 05:26:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-30 19:29:40 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-07-03 08:44:44 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-07-03 08:44:44 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-06-30 19:18:41 10,732 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159264265-3513562589-246227016-1000_UserData.bin
+ 2008-07-03 08:23:46 10,860 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159264265-3513562589-246227016-1000_UserData.bin
- 2008-06-30 19:18:40 84,176 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-03 08:23:41 85,220 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-30 19:18:38 42,678 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-03 08:23:30 42,734 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagnostics"="C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" [2007-09-27 13:56 557149]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 18:33 271936]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 09:21 1443072]
"A8GSdsApp"="C:\Program Files\GEApp\AGSeiApp.exe" [2006-11-05 21:24 970752]
"SBRegRebootCleaner"="C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe" [2007-08-27 12:09 141808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2159264265-3513562589-246227016-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{93DED792-B8F7-4AB1-B9DD-B0D6B076096E}"= UDP:C:\Users\xtreme__boi\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{93E6E7CE-D348-433B-875E-1657E8B8F716}"= TCP:C:\Users\xtreme__boi\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{4BDEC662-719E-453F-90EB-B278787F4390}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{889234AC-9FE0-4D56-A732-A1295848A0F8}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{0FAD5C68-17A7-4221-82CD-601BDCE60DD4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FFB91975-181E-44F9-9F28-3DD8CD608E58}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{C191AA23-24E8-48E9-9FEF-0E76BFCC9889}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{97A20231-B2B1-4E8F-8FE2-BCA8FA9A2855}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{4AF93C4C-EDEE-4D81-AB3D-1AF06215B870}C:\\users\\xtreme__boi\\desktop\\ \\my mobile\\mymobiler\\mymobiler.exe"= UDP:C:\users\xtreme__boi\desktop\ \my mobile\mymobiler\mymobiler.exe:mymobiler.exe
"UDP Query User{2844A088-CAC1-4836-8CE0-8A691AB1E1DB}C:\\users\\xtreme__boi\\desktop\\ \\my mobile\\mymobiler\\mymobiler.exe"= TCP:C:\users\xtreme__boi\desktop\ \my mobile\mymobiler\mymobiler.exe:mymobiler.exe
"{786C8F61-9508-4056-8737-6059FADF3FE7}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{4CDA2071-99C9-4B92-88D8-3FDB044CB6FD}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{D7A8F03C-C4E0-4125-B2A0-8FAE148D38D7}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{AF9E4A3D-1E2A-4253-B7CB-60A274921CF3}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 FD;FD;C:\Windows\system32\drivers\FD.sys [2007-12-12 10:43]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\Windows\system32\drivers\hcw88aud.sys [2007-01-24 14:25]
R2 olMntrService;Olivetti Monitor Service;"C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe" [2007-06-22 10:22]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 00:33]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 00:33]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 20:28]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\Windows\system32\drivers\hcw88tse.sys [2007-01-24 14:25]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\Windows\system32\drivers\hcw88tun.sys [2007-01-24 14:25]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\Windows\system32\drivers\hcw88vid.sys [2007-01-24 14:25]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\Windows\system32\drivers\HCW88BAR.sys [2007-01-24 14:25]
R3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2007-09-27 13:39]
R3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2007-09-27 13:39]
R3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2007-09-27 13:39]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 20:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 18:17:16 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-07-03 08:40:14 C:\Windows\Tasks\User_Feed_Synchronization-{BB3C1C5D-D0CC-4AD9-8C78-D7F093B2C73B}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 09:52:33
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-03 9:54:04
ComboFix-quarantined-files.txt 2008-07-03 08:53:57
ComboFix2.txt 2008-06-30 19:43:15

Pre-Run: 222,960,197,632 bytes free
Post-Run: 222,973,263,872 bytes free

314 --- E O F --- 2008-06-11 08:19:07

--------------------------------------------------------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 3, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 03, 2008 09:08:06
Records in database: 909933
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
L:\

Scan statistics:
Files scanned: 100279
Threat name: 5
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 01:50:06


File name / Threat name / Threats count
C:\Program Files\GEApp\AGSeiApp.exe/C:\Program Files\GEApp\AGSeiApp.exe Infected: not-a-virus:Monitor.Win32.GoldenEye.401 1
C:\Program Files\GEApp\AGSeiApp.exe Infected: not-a-virus:Monitor.Win32.GoldenEye.401 1
C:\QooBox\Quarantine\C\Windows\System32\sirbolqp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.zde 1
L:\My Docs [From XP]\Program Set-up Files\SpywareTerminatorSetup.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bv 1
L:\RECYCLER\S-1-5-21-639312912-871478719-1232131995-1005\Dj16\Alcohol 120% v1.9.2.1705\Alcohol 120% v1.9.2.1705\keygen.exe Infected: Backdoor.Win32.VB.cgp 1
L:\RECYCLER\S-1-5-21-639312912-871478719-1232131995-1005\Dj16\WindowBlinds\VISTA.Theme.Torrentspy\Aero.Glass.Themes.Vista.Themes.A.I.O\32\vista_2.0\LS Patch\LSPatch.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 1

The selected area was scanned.
  • 0

#9
Ltangelic
Posted 06 July 2008 - 01:32 AM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey xtreme__boi,

Apologies for the delay.

Good, your logs are clean now. :) Time for some housekeeping:

1) Uninstall ComboFix

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
2) Use OTCleanIt to remove tools
  • Please download OTCleanIt by OldTimer.
  • Double click on OTCleanIt.exe and click on CleanUp! button.
  • It will clean up a list of tools we used during the fix.
  • You may be prompted to reboot upon completion, please select Yes.
3) Clear and Reset system Restore

[*]Right click on "My Computer" and click on "Properties".
[*]Go to "System Restore" tab and check "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
[*]Then UNcheck "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
[*]Your System Restore is now turned on.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
To keep your operating system up to date visit
monthly.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
  • 0

#10
xtreme__boi
Posted 06 July 2008 - 11:51 AM

xtreme__boi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
many, many thanks for your help!

Keep up the amazing, good work!

;-)
  • 0

#11
Ltangelic
Posted 07 July 2008 - 01:04 AM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
No worries, glad to be of help. :)

LT
  • 0

#12
RiP
Posted 07 July 2008 - 11:44 PM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP