Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware that makes the background blue with a message [RESOLVED]


  • This topic is locked This topic is locked

#1
HeyJon

HeyJon

    Member

  • Member
  • PipPip
  • 19 posts
Recently I have encountered this problem. The background on my computer is blue with a yellow box that says "Warning! Spyware detected on your computer! Install an antivirus or spywear remover to clean your computer."

I have no idea where this came from and I'm not the only user. I also believe that this has also made it impossible for me to change my background because when I go into properties the tab that says Background is missing. I also tried installing some anitvirus software but that was unable to run and when I tried to uninstall it, it made my computer crash and opened up to a blank blue screen. I restarted in safe mode, and was able to delete the software which allowed me to log back in, with the background still the same.

I"m not great with computers and am all out of ideas, my friend pointed me to this website and tolled me to post my log from HJT, here goes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:16 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\xcommsvr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\lphca8gj0er69.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...t...c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.127.127.127 elite
O1 - Hosts: 127.127.127.127 elite
O1 - Hosts: 127.127.127.127 elite
O1 - Hosts: 127.127.127.127 elite
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {54ED9B49-81D1-4866-95A6-30F01DE0047E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {90E34F98-E3E6-4CD7-A592-E964FED8AF78} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {94326E3F-F51F-4863-A832-4ACD0D7D4BC3} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [lphca8gj0er69] C:\WINDOWS\system32\lphca8gj0er69.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Advisor - {D04C4051-3187-4003-B18B-BE12E2D7E7CC} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.ho...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weat...?rand=200321512
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD002158-FCF0-466C-9967-488E0AF3BC2C}: NameServer = 65.24.7.10,65.24.7.11
O21 - SSODL: WKdlbpujiitmC - {D05D6075-7AF7-CADF-88E8-09FAB1C4B30C} - C:\WINDOWS\system32\vhgc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: HP Status Server (hp status server) - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\system32\angelex.exe (file missing)
O23 - Service: mcupdmgr.exe - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\WINDOWS\system32\xcommsvr.exe
O24 - Desktop Component 0: (no name) - http://www.battle.ne.../ruststorm3.gif

--
End of file - 10936 bytes


Thank you in advance for taking any time to help me. It is greatly appreciated. :)
  • 0

Advertisements


#2
HeyJon

HeyJon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I realize that adding a post will make you guys reply slower but I have run some virus scans and am now able to change my background, I still have the feeling some of it is left on though.

Here's my new HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:49 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas4d5.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\xcommsvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cy...mallsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...t...c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.127.127.127 elite
O1 - Hosts: 127.127.127.127 elite
O1 - Hosts: 127.127.127.127 elite
O1 - Hosts: 127.127.127.127 elite
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {54ED9B49-81D1-4866-95A6-30F01DE0047E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {90E34F98-E3E6-4CD7-A592-E964FED8AF78} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {94326E3F-F51F-4863-A832-4ACD0D7D4BC3} - (no file)
O2 - BHO: MyIdentityDefender - {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas4d5.exe" /minimize
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Advisor - {D04C4051-3187-4003-B18B-BE12E2D7E7CC} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.ho...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weat...?rand=200321512
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD002158-FCF0-466C-9967-488E0AF3BC2C}: NameServer = 65.24.7.10,65.24.7.11
O21 - SSODL: WKdlbpujiitmC - {D05D6075-7AF7-CADF-88E8-09FAB1C4B30C} - C:\WINDOWS\system32\vhgc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: HP Status Server (hp status server) - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\system32\angelex.exe (file missing)
O23 - Service: mcupdmgr.exe - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\WINDOWS\system32\xcommsvr.exe
O24 - Desktop Component 0: (no name) - http://www.battle.ne.../ruststorm3.gif

--
End of file - 11207 bytes
  • 0

#3
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello and welcome to GTG


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.
  • 0

#4
HeyJon

HeyJon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I've downloaded combo fix but while trying to download the Recovery it asks what windows Service Pack you are on. Is their anyway to find out what one you have because I have no idea.
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

I've downloaded combo fix but while trying to download the Recovery it asks what windows Service Pack you are on. Is their anyway to find out what one you have because I have no idea.


Just run ComboFix and then post the logs requested here :)
  • 0

#6
HeyJon

HeyJon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok everything went ok so here is my ComboFix Log:

ComboFix 08-08-24.03 - Vickery 2008-08-25 20:56:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.257 [GMT -5:00]Running from: C:\Documents and Settings\Vickery\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\nsv
C:\Documents and Settings\All Users\Application Data\nsv\cache\199.dfn
C:\Documents and Settings\All Users\Application Data\nsv\cache\538.dfn
C:\Documents and Settings\All Users\Application Data\nsv\keys.dat
C:\Documents and Settings\All Users\Application Data\nsv\wmv0104.dbd
C:\Documents and Settings\All Users\Application Data\nsv\wmv0106.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0204.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0315.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0412.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0504.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0904.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1125.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1204.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1215.dbd
C:\Documents and Settings\All Users\Application Data\nsv\wmv1909.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1920.dbd
C:\Documents and Settings\All Users\Application Data\nsv\wmv2007.dbd
C:\Documents and Settings\Vickery\Application Data\macromedia\Flash Player\#SharedObjects\F2YWEY66\interclick.com
C:\Documents and Settings\Vickery\Application Data\macromedia\Flash Player\#SharedObjects\F2YWEY66\interclick.com\ud.sol
C:\Documents and Settings\Vickery\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Vickery\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Vickery\Application Data\rhce8gj0er69
C:\lswmv.ini
C:\Program Files\appliedsearch_autoinstall
C:\Program Files\appliedsearch_autoinstall\bar.ini
C:\Program Files\appliedsearch_autoinstall\logo.bmp
C:\Program Files\Common Files\uninstall information
C:\Program Files\dialers
C:\Program Files\pedevice
C:\Program Files\pedevice\communication.xml
C:\Program Files\pedevice\Domain.Watchlist.txt
C:\Program Files\pedevice\pae-options.xml
C:\Program Files\pedevice\search.watchlist.txt
C:\Program Files\pedevice\stat_archive\2006-03-07
C:\Program Files\pedevice\statistic.xml
C:\Program Files\pedevice\watchlist.xml
C:\WINDOWS\Downloaded Program Files\hotbar.inf
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\phca8gj0er69.bmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS


((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-24 03:01 . 2008-08-25 18:37 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-23 12:42 . 2008-08-23 12:42 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-23 09:13 . 2008-08-23 09:13 64 --a------ C:\WINDOWS\av_affiliate.ini
2008-08-23 09:13 . 2008-08-23 09:13 64 --a------ C:\WINDOWS\as_affiliate.ini
2008-08-23 09:04 . 2008-08-23 12:17 <DIR> d-------- C:\Program Files\CyberDefender
2008-08-23 09:04 . 2008-08-23 09:04 67,424 --a------ C:\WINDOWS\system32\drivers\CDAVFS.sys
2008-08-22 21:04 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-22 21:02 . 2008-08-22 21:02 <DIR> d-------- C:\Program Files\Panda Security
2008-08-22 17:48 . 2008-08-22 17:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-21 20:39 . 2008-08-21 20:39 164 --ah----- C:\Documents and Settings\All Users\hpothb07.dat
2008-08-21 20:12 . 2008-08-21 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-21 20:03 . 2008-08-21 20:03 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-14 23:41 . 2008-08-14 23:45 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-08-14 20:29 . 2008-08-14 20:29 <DIR> d-------- C:\Documents and Settings\Vickery\Application Data\OurPictures
2008-08-08 12:53 . 2008-08-08 12:54 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-08-08 12:53 . 2008-08-08 12:53 <DIR> d-------- C:\Documents and Settings\Vickery\Application Data\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 01:44 --------- d-----w C:\Program Files\Warcraft III
2008-08-15 04:52 --------- d-----w C:\Program Files\Yahoo!
2008-08-15 04:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-08-15 04:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-15 04:32 --------- d-----w C:\Program Files\Kodak
2008-08-15 04:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 04:13 --------- d-----w C:\Program Files\Plaxo
2008-07-31 12:19 --------- d-----w C:\Documents and Settings\Vickery\Application Data\AdobeUM
2008-07-24 16:52 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-24 16:50 --------- d-----w C:\Documents and Settings\Vickery\Application Data\NCH Swift Sound
2008-07-24 16:45 --------- d-----w C:\Program Files\NCH Software
2008-07-24 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-07-23 01:36 --------- d-----w C:\Program Files\Apple Software Update
2008-07-14 01:27 --------- d-----w C:\Documents and Settings\Vickery\Application Data\Move Networks
2007-10-03 22:05 108,280 -c--a-w C:\Documents and Settings\Vickery\Application Data\GDIPFONTCACHEV1.DAT
2005-04-29 00:16 822 -c-ha-w C:\Documents and Settings\Vickery\hpothb07.dat
2004-01-27 19:23 3,149 -c--a-w C:\Program Files\Common Files\remove_tools.html
2003-02-22 02:19 13 -c--a-w C:\Documents and Settings\Vickery\iphist.dat
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop.dat
2004-05-14 03:13 459 -csha-r C:\WINDOWS\Regbak.dat
.

------- Sigcheck -------

2001-08-18 09:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 02:56 17408 ec4ce15919bfb04ec581547b3b6ca4f1 C:\WINDOWS\system32\svchost.exe

2002-08-29 05:41 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-04 02:56 506368 b92543596580e9d39dd8c4fd8dc53cc8 C:\WINDOWS\system32\winlogon.exe

2007-06-13 05:23 1035776 80cacd426f20bfc7327725dea59322c9 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 05:41 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2001-08-18 09:00 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-04 02:56 110592 a22ef4d6ec6bf10b4a07a7a345269a80 C:\WINDOWS\system32\services.exe

2002-08-29 05:41 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-04 02:56 14848 3868722c883487109cfc604fd80d1a3a C:\WINDOWS\system32\lsass.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
2008-08-23 09:04 3790152 --a------ C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdmyidd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdmyidd.dll" [2008-08-23 09:04 3790152]

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas4d5.exe" [2008-08-23 12:16 619848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16 5058560]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 15:34 36864]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 17:45 69632]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 14:00 311350]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 14:00 28739]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-05 10:36 180269]
"HostManager"="C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe" [2005-11-02 22:01 50792]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 01:08 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-12-10 14:35 323216]
"CARPService"="carpserv.exe" [2002-07-08 19:37 4608 C:\WINDOWS\system32\carpserv.exe]
"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-09-24 01:28:44 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 14:00:00 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=scorillont.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137878264\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Cartoon Network\\Fast And Flurrious\\powerplay.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas4d5.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WarCraft III Battle.net

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
S2 ISEXEng;ISEXEng;C:\WINDOWS\system32\angelex.exe []
S3 3CCMUSB;3Com HomeConnect Cable Modem External with USB Driver;C:\WINDOWS\system32\DRIVERS\3ccmusb.sys [2000-09-26 01:47]
S3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 19:32]
S3 cdavfs;CDAVFS;C:\WINDOWS\system32\DRIVERS\CDAVFS.sys [2008-08-23 09:04]
S3 naecd;naecd;C:\DOCUME~1\Vickery\LOCALS~1\Temp\naecd.sys []
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c0ae23e-e917-11d9-b0d6-0008021f7612}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad63576b-95b6-11da-b111-0008021f7612}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-zzzHPSETUP - D:\Setup.exe
SSODL-WKdlbpujiitmC-{D05D6075-7AF7-CADF-88E8-09FAB1C4B30C} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Vickery\Application Data\Mozilla\Firefox\Profiles\sfsd6nr3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 21:07:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\xcommsvr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2008-08-25 21:25:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 02:24:35

Pre-Run: 60,671,586,304 bytes free
Post-Run: 60,722,601,984 bytes free

240 --- E O F --- 2008-08-24 22:48:49


And here is my HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:56 PM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\xcommsvr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MyIdentityDefender - {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas4d5.exe" /minimize
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Advisor - {D04C4051-3187-4003-B18B-BE12E2D7E7CC} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.ho...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD002158-FCF0-466C-9967-488E0AF3BC2C}: NameServer = 65.24.7.10,65.24.7.11
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: HP Status Server (hp status server) - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\system32\angelex.exe (file missing)
O23 - Service: mcupdmgr.exe - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\WINDOWS\system32\xcommsvr.exe
O24 - Desktop Component 0: (no name) - http://www.battle.ne.../ruststorm3.gif

--
End of file - 10123 bytes


Thanks a lot for the help it is really apreciated!
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
ISEXEng
cdavfs
naecd
mcupdmgr.exe

File::
C:\WINDOWS\av_affiliate.ini
C:\WINDOWS\as_affiliate.ini
C:\WINDOWS\system32\drivers\CDAVFS.sys
C:\WINDOWS\system32\angelex.exe
C:\Documents and Settings\Vickery\Local Settings\Temp\naecd.sys
C:\WINDOWS\Web\Ers_src.htm

Folder::
C:\Program Files\CyberDefender
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"=-
[-HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[-HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[-HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberDefender Early Detection Center"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas4d5.exe"=-
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) -
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm -

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#8
HeyJon

HeyJon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OK here is the new Combofix Log:

ComboFix 08-08-24.03 - Vickery 2008-08-25 22:12:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.286 [GMT -5:00]Running from: C:\Documents and Settings\Vickery\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vickery\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Vickery\Local Settings\Temp\naecd.sys
C:\WINDOWS\as_affiliate.ini
C:\WINDOWS\av_affiliate.ini
C:\WINDOWS\system32\angelex.exe
C:\WINDOWS\system32\drivers\CDAVFS.sys
C:\WINDOWS\Web\Ers_src.htm
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdinstx.exe
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdinstx.log
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdmyidd.dll
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\database.db
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Includes\Loading.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Includes\NoItems Index.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Includes\Password Cookie.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Includes\Passwords Index.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Includes\Privacy Index.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\charset.html
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\defaultCharset.html
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\gray.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\green.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bg.jpg
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bg_button.jpg
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bg_top.jpg
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_go.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_go_down.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_go_over.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_grey.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_red - Copy.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_red.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_red_down.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_red_over.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\caution.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\frame.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\logo.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\logo.jpg
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\logo_orange.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\topbar.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\topbar_orange.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\warning.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\protocol.html
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\red.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\referrer.html
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm1
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm1.mine
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm1.r2829
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm1.r2835
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\security.html
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\style.css
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\yellow.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\sssTbarcfg.ini
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\sssTbarSettings.ini
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\st.ico
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\stbarpat.dat.03
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\UserGuide\cybdefstbar.set
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\UserGuide\stbarchk.ini
C:\Program Files\CyberDefender
C:\Program Files\CyberDefender\AdPresenter\cdNetAd.dll
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Alert\IE Searchbar.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Html\Firewall Index.html
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Html\Firewall.html
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Html\OnLoadMSUpdate.html
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Html\Report Index.html
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\procrun.log
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\180 SearchAssistant.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\2nd Thought.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\AdDestroyer.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\AdvancedRemoteInfo.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Bargain Buddy.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\BullsEye.eXact.ISEXEng.Trojan.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\DelfinProject.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\DoubleClick.com.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\DownloadWare.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\eBates.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\eZula.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Grokster.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\IBIS Toolbar.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\InetSpeak.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Kazaa Promotional Items.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\KaZaA.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Lycos Sidesearch.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\MSN Track Monitor.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\My Daily Horoscope.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Parental Control Tool.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Qutrit.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Try Media.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\TurboDownload.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Virtual Bouncer.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\vx2.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\winvestigator.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\DelayLoad.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Explorer Bars.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Explorer Plugins.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Hosts.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\IE Extensions.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\IE Menubar.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\IE Searchbar.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\IE Toolbar.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Run.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Service.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Startup.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\URLSearchHooks.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\WinLogon.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Status.ini
C:\Program Files\CyberDefender\AntiSpyware\cdas4d5.exe
C:\Program Files\CyberDefender\AntiSpyware\CDAScfg.ini
C:\Program Files\CyberDefender\AntiSpyware\cdaspat.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat1.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat11.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat12.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat13.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat14.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat2.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat3.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat4.dat.03
C:\Program Files\CyberDefender\AntiSpyware\CDASSettings.ini
C:\Program Files\CyberDefender\AntiSpyware\CDASUpdateHost.ini
C:\Program Files\CyberDefender\AntiSpyware\CDAVFS.dll
C:\Program Files\CyberDefender\AntiSpyware\cdDownloadList.ini
C:\Program Files\CyberDefender\AntiSpyware\cdspnsrv.dll
C:\Program Files\CyberDefender\AntiSpyware\config.ini
C:\Program Files\CyberDefender\AntiSpyware\ConsolidatedResources.dll
C:\Program Files\CyberDefender\AntiSpyware\CybDefSB.dll
C:\Program Files\CyberDefender\AntiSpyware\CybDefSBUI.dll
C:\Program Files\CyberDefender\AntiSpyware\CybDefSysUI.dll
C:\Program Files\CyberDefender\AntiSpyware\CyberDefenderEDC.exe
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat1.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat11.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat12.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat13.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat14.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat3.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat4.dat.03
C:\Program Files\CyberDefender\AntiSpyware\EDCConfig.exe
C:\Program Files\CyberDefender\AntiSpyware\Includes\Alert.htm
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Adware.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Alert Internet Explorer.htm
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Alert Startup Program.htm
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Browser Changer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Browser Plugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\BrowserChanger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\BrowserPlugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Bundler.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\categories.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Commercial Key Logger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\CommercialKeyLogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Cookie.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Data Miner.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\DataMiner.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Key Logger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\KeyLogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Low Risk Adware.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\LowRiskAdware.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Malware.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\P2P.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\RAT.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Report Tracking Cookie.htm
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Restore tracking cookie.htm
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Search Hijacker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\SearchHijacker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Spyware.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Stealth.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Trojan Downloader.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Trojan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\TrojanDownloader.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Worm.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\007 Keylogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\123mania.com.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\180ad Solution.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\180search Assistant.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\180SearchAssistant.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\180Solutions.com SurfAssistant.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\2020Search.com.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\2020Search.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\2nd-thought.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\2nd thought.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\404search.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\7AdPower.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\7FaSSt.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\7search-BrowserAccelerator.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\911-search.info.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ABC Keylogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ABetterInternet.Aurora.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ABetterInternet.Ceres.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ABetterInternet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\About Blank.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Abox.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Absolute Key Logger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\abxtoolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ace Club Casino.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AceNotes Free.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aconti-Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aconti.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ActiveSearch (411 Ferret).txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ActiveSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ActMon Keylogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Acx Install.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ad-Flow.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ad-Popper.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdBars.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdBreak.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdBureau.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdDestroyer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adintelligence.AproposToolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adlogix Browser Hijacker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adlogix.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Admanager Controller.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Admess.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Admilli Service.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdPlus-SurferBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdRoar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adrotator.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdShooter.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adtomi.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adultlinks Quickbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adultlinks.Quickbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adultlinks.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Advanced Searchbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Advertbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Advertising.com.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adviva.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdvSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Advware.BetterInternet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ADWARE.BINET.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adware.FOne.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adware.HotSearchBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AFA Internet Enhancement.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ahead Nero Burning Rom.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Alexa Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Alexa.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\All-In-One Telcom.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AllCyberSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Altnet Software.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Altnet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AltnetBDE.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AlwaysUpdatedNews.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Alyon.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Andlotsmore.com dialler.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AntiLamer Light.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AntivirusGold.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aornum.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Apropos.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ares.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AsianRaw Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Atwola Cookie.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aureate-Radiate.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aureate Group Mail.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aureate or Radiate.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aureate.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AutoSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AutoUpdate.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Avenue Media.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Azesearch Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BackDoor-BDI.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Agent.EN.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Delf.is.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Hackdoor.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Jeem.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Prorat.16.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Rbot.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Thunk.E.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.win32.bifrose.d.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BackWeb Lite.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BackWeb.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BargainBuddy.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BDE Projector.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BDHelper.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BDPlugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BDSearch Plugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BearShare.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Begin2search.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Belcaro GoldenRetriever.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Berbew Trojan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BFast.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BHO_DealHelper.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bho_SEP.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bho_SideFind.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BigTrafficNetwork.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bikinidesk.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BingoFun Games.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BlazeFind.Bridge.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BlazeFind.Browserhelper2.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BlazeFind.SearchEnhancer.ISTbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BlazeFind.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BlazingTools Perfect Keylogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Blondes.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bluemountain.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bokja NetInfo.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BonziBuddy.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BookedSpace.Remanent.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BookedSpace.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BPS Spyware Remover.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bridge.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Brilliant Digital.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BroadCastPC.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.Featured-Results.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.INetP.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.RunDLL16.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.SearchandClick.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.Startium.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserPal.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserToolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BuddyLinks.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BuddyMediaBHO.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bulla.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bullguard Popup Ad.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BullsEye Network.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BullsEye.CashBack.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BullsEye.eXact Advertising.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BullsEye.eXact.ISEXEng.Trojan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BullsEye.NaviSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\C-Dilla.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CallingHome.biz.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Carpe Diem.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Carpediem.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CAS.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Cashback.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CasinoClient.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CasinoOnNet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CasinoPalazzo.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Central-24 Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CES webmail.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Claria.Dashbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Claria.Precision Time.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Claria.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Claria.Weatherscope.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClearSearch.Net.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CleverIEHooker.Jeired.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClickAgents.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClickAlchemy.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClickSpring.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClickSpring_MediaTickets.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClickSpring_PurityScan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Clickyes2enter.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClimaxBucks.InternetOptimizer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClipGenie.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Clkoptimizer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Clocksync.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Comedy-Planet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Comet Cursor.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Comet Systems.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Comload.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Commander Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for About Blank.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for BC Computing spy software.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for IGetNet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for Keyloggers.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for MBP dialers.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for SBSoft.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components For Spectorsoft.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for Transponders.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CommonName.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Comsoft.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Conducent FlexPak.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Conducent TimeSink.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ConfuSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Connector Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CoolSavings.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CoolWebSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CoreMetrics.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Coulomb Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Coulomb Ltd.Content Access Plugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CouponAge.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CouponsAndOffers.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CrackSpider.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CrazyWinnings.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Crush.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CustomToolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Cydoor.TOPicks.a.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Cydoor.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Daily Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DailyWinner.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DailyWinnerBHO.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Daosearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DAP.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dapsol Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dapsol.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DashBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Date Regon.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DateMaker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DCON.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DealHelper.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DelfinProject.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Derbiz.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Desktop Hijacker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer.Axload.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer.IEDisco.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer.Scom.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer.UDconnect.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer2004.com.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DialerData Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DialerMaker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DialerOffline.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialerplatform.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DialXS.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Diamond Deal Casino.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Divago.Surfairy.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DivX Pro 5.1.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dluca-M.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Domain Sponsor Cookie.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DoubleClick.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Download Accelerator Plus ads.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Download Accelerator.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Downloader.Lunii.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DownloadPlus.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DownloadReceiver.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DownloadWare.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DSO Exploit.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DSSAgent.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DyFuCA.InternetOptimizer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DyFuCA.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\E2G.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\E2Give.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EasyBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EasySearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EasyWebSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eBates MoneyMaker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eBates.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eBayToolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eBlaster.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eGroup.InstantAccess.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eGroupDialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Elite toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EliteBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Elitum.EliteBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Emesx.dll.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\emusic.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EnConfidence.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ePlugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ErrorGuard.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ESP Keylogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eSyndicate BHO.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eUniverse.IncrediFind.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eUniverse.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eUniverse.UpdMgr.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EverAd.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eXact Advertising.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eXact ISEXEng.Trojan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ExactSearchBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Excite.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ExDialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ezCyberSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EzSearchbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eZula HotText.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EzuLa.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\F__kSite.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FactoryNetwork Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Fairtale Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Farmmext.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Farsighter.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Fast Video Player Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FastClick.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Fastfind.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FastSeeker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Fastvideoplayer dialler.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FastVideoPlayer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FavoriteMan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FCI.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FileFreedom.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FindSpy.A.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FindWhateverNow.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FizzleWizzle Search Bar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FlashEnhancer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FlashenhancerBHO.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FlashGet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FlashTrack.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Flingstone Infamous Downloader.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Flyswat.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Forbes.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Free Scratch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FreeConnectLtd.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FreeScratchAndWin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FreeScratchCards.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Fresh Bar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Funny Trojan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FunWeb.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FunWebProducts.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN-eWallet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN-Supported Software.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.DashBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.Date Manager.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.Precision Time.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.Screen Scenes.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.Weatherscope.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GameSpy Arcade.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Gator.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GetMirar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GigaTech SuperBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GigexAgent-SpeedDelivery.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Global Netcom Inc.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GlobalCS Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GlobalDialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GloboSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Gloggle.Shing.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Gloogle Downloader.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GMSoft Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GogoTools.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GoHip.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GoIndirect.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Golden Eye.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Golden Palace Casino.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GoZilla.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Grip Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Grokster.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GSIM.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\[email protected]@@k.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hacker.ag.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Haczyk.Ulubione.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HalfLemon.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HangUpTeam.TechnicRat.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Haxdoor-H.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hellz Little Spy.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hi-Wire.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hijacker.IEHost.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HitBox.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HitHopper.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HitsLink.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Holystic-Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Holystic.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HomepageProtector.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hot_Pleasure.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hotsearchbar Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HotSearchBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hungry Hands porn hijacker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HungryHands BHO.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HuntBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HuntToolBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Huysuzseks.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hyperlinker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ibero Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\IberoDialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\IBIS Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\icannnews.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ICOO Loader.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\IE Access.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\IE Driver.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes
  • 0

#9
HeyJon

HeyJon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OK here is the new Combofix Log:

ComboFix 08-08-24.03 - Vickery 2008-08-25 22:12:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.286 [GMT -5:00]Running from: C:\Documents and Settings\Vickery\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vickery\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Vickery\Local Settings\Temp\naecd.sys
C:\WINDOWS\as_affiliate.ini
C:\WINDOWS\av_affiliate.ini
C:\WINDOWS\system32\angelex.exe
C:\WINDOWS\system32\drivers\CDAVFS.sys
C:\WINDOWS\Web\Ers_src.htm
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdinstx.exe
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdinstx.log
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\cdmyidd.dll
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\database.db
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Includes\Loading.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Includes\NoItems Index.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Includes\Password Cookie.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Includes\Passwords Index.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Includes\Privacy Index.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\charset.html
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\defaultCharset.html
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\gray.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\green.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bg.jpg
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bg_button.jpg
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bg_top.jpg
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_go.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_go_down.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_go_over.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_grey.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_red - Copy.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_red.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_red_down.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_red_over.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\caution.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\frame.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\logo.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\logo.jpg
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\logo_orange.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\topbar.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\topbar_orange.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\images\warning.gif
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\protocol.html
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\red.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\referrer.html
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm1
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm1.mine
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm1.r2829
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm1.r2835
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\security.html
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\style.css
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\Scam Alert\yellow.htm
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\sssTbarcfg.ini
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\sssTbarSettings.ini
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\st.ico
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\stbarpat.dat.03
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\UserGuide\cybdefstbar.set
C:\Documents and Settings\Vickery\Local Settings\Application Data\CyberDefender\UserGuide\stbarchk.ini
C:\Program Files\CyberDefender
C:\Program Files\CyberDefender\AdPresenter\cdNetAd.dll
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Alert\IE Searchbar.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Html\Firewall Index.html
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Html\Firewall.html
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Html\OnLoadMSUpdate.html
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Html\Report Index.html
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\procrun.log
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\180 SearchAssistant.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\2nd Thought.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\AdDestroyer.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\AdvancedRemoteInfo.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Bargain Buddy.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\BullsEye.eXact.ISEXEng.Trojan.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\DelfinProject.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\DoubleClick.com.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\DownloadWare.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\eBates.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\eZula.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Grokster.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\IBIS Toolbar.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\InetSpeak.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Kazaa Promotional Items.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\KaZaA.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Lycos Sidesearch.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\MSN Track Monitor.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\My Daily Horoscope.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Parental Control Tool.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Qutrit.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Try Media.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\TurboDownload.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\Virtual Bouncer.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\vx2.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Report\winvestigator.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\DelayLoad.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Explorer Bars.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Explorer Plugins.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Hosts.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\IE Extensions.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\IE Menubar.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\IE Searchbar.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\IE Toolbar.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Run.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Service.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\Startup.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\URLSearchHooks.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Shield\WinLogon.dat
C:\Program Files\CyberDefender\AntiSpyware\{C6011E8E-F483-4983-9B74-E60737BA8BC8}\Status.ini
C:\Program Files\CyberDefender\AntiSpyware\cdas4d5.exe
C:\Program Files\CyberDefender\AntiSpyware\CDAScfg.ini
C:\Program Files\CyberDefender\AntiSpyware\cdaspat.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat1.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat11.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat12.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat13.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat14.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat2.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat3.dat.03
C:\Program Files\CyberDefender\AntiSpyware\cdaspat4.dat.03
C:\Program Files\CyberDefender\AntiSpyware\CDASSettings.ini
C:\Program Files\CyberDefender\AntiSpyware\CDASUpdateHost.ini
C:\Program Files\CyberDefender\AntiSpyware\CDAVFS.dll
C:\Program Files\CyberDefender\AntiSpyware\cdDownloadList.ini
C:\Program Files\CyberDefender\AntiSpyware\cdspnsrv.dll
C:\Program Files\CyberDefender\AntiSpyware\config.ini
C:\Program Files\CyberDefender\AntiSpyware\ConsolidatedResources.dll
C:\Program Files\CyberDefender\AntiSpyware\CybDefSB.dll
C:\Program Files\CyberDefender\AntiSpyware\CybDefSBUI.dll
C:\Program Files\CyberDefender\AntiSpyware\CybDefSysUI.dll
C:\Program Files\CyberDefender\AntiSpyware\CyberDefenderEDC.exe
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat1.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat11.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat12.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat13.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat14.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat3.dat.03
C:\Program Files\CyberDefender\AntiSpyware\Download\cdaspat4.dat.03
C:\Program Files\CyberDefender\AntiSpyware\EDCConfig.exe
C:\Program Files\CyberDefender\AntiSpyware\Includes\Alert.htm
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Adware.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Alert Internet Explorer.htm
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Alert Startup Program.htm
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Browser Changer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Browser Plugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\BrowserChanger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\BrowserPlugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Bundler.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\categories.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Commercial Key Logger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\CommercialKeyLogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Cookie.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Data Miner.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\DataMiner.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Key Logger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\KeyLogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Low Risk Adware.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\LowRiskAdware.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Malware.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\P2P.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\RAT.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Report Tracking Cookie.htm
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Restore tracking cookie.htm
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Search Hijacker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\SearchHijacker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Spyware.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Stealth.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Trojan Downloader.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Trojan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\TrojanDownloader.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Category\Worm.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\007 Keylogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\123mania.com.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\180ad Solution.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\180search Assistant.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\180SearchAssistant.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\180Solutions.com SurfAssistant.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\2020Search.com.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\2020Search.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\2nd-thought.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\2nd thought.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\404search.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\7AdPower.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\7FaSSt.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\7search-BrowserAccelerator.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\911-search.info.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ABC Keylogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ABetterInternet.Aurora.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ABetterInternet.Ceres.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ABetterInternet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\About Blank.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Abox.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Absolute Key Logger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\abxtoolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ace Club Casino.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AceNotes Free.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aconti-Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aconti.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ActiveSearch (411 Ferret).txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ActiveSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ActMon Keylogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Acx Install.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ad-Flow.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ad-Popper.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdBars.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdBreak.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdBureau.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdDestroyer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adintelligence.AproposToolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adlogix Browser Hijacker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adlogix.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Admanager Controller.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Admess.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Admilli Service.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdPlus-SurferBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdRoar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adrotator.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdShooter.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adtomi.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adultlinks Quickbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adultlinks.Quickbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adultlinks.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Advanced Searchbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Advertbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Advertising.com.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adviva.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AdvSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Advware.BetterInternet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ADWARE.BINET.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adware.FOne.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Adware.HotSearchBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AFA Internet Enhancement.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ahead Nero Burning Rom.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Alexa Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Alexa.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\All-In-One Telcom.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AllCyberSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Altnet Software.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Altnet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AltnetBDE.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AlwaysUpdatedNews.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Alyon.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Andlotsmore.com dialler.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AntiLamer Light.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AntivirusGold.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aornum.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Apropos.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ares.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AsianRaw Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Atwola Cookie.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aureate-Radiate.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aureate Group Mail.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aureate or Radiate.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Aureate.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AutoSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\AutoUpdate.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Avenue Media.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Azesearch Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BackDoor-BDI.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Agent.EN.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Delf.is.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Hackdoor.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Jeem.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Prorat.16.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Rbot.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.Thunk.E.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Backdoor.win32.bifrose.d.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BackWeb Lite.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BackWeb.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BargainBuddy.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BDE Projector.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BDHelper.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BDPlugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BDSearch Plugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BearShare.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Begin2search.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Belcaro GoldenRetriever.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Berbew Trojan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BFast.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BHO_DealHelper.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bho_SEP.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bho_SideFind.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BigTrafficNetwork.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bikinidesk.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BingoFun Games.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BlazeFind.Bridge.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BlazeFind.Browserhelper2.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BlazeFind.SearchEnhancer.ISTbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BlazeFind.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BlazingTools Perfect Keylogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Blondes.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bluemountain.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bokja NetInfo.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BonziBuddy.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BookedSpace.Remanent.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BookedSpace.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BPS Spyware Remover.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bridge.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Brilliant Digital.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BroadCastPC.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.Featured-Results.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.INetP.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.RunDLL16.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.SearchandClick.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.Startium.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserAid.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserPal.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BrowserToolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BuddyLinks.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BuddyMediaBHO.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bulla.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Bullguard Popup Ad.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BullsEye Network.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BullsEye.CashBack.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BullsEye.eXact Advertising.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BullsEye.eXact.ISEXEng.Trojan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\BullsEye.NaviSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\C-Dilla.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CallingHome.biz.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Carpe Diem.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Carpediem.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CAS.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Cashback.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CasinoClient.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CasinoOnNet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CasinoPalazzo.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Central-24 Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CES webmail.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Claria.Dashbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Claria.Precision Time.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Claria.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Claria.Weatherscope.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClearSearch.Net.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CleverIEHooker.Jeired.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClickAgents.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClickAlchemy.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClickSpring.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClickSpring_MediaTickets.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClickSpring_PurityScan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Clickyes2enter.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClimaxBucks.InternetOptimizer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ClipGenie.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Clkoptimizer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Clocksync.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Comedy-Planet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Comet Cursor.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Comet Systems.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Comload.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Commander Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for About Blank.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for BC Computing spy software.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for IGetNet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for Keyloggers.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for MBP dialers.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for SBSoft.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components For Spectorsoft.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Common Components for Transponders.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CommonName.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Comsoft.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Conducent FlexPak.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Conducent TimeSink.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ConfuSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Connector Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CoolSavings.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CoolWebSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CoreMetrics.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Coulomb Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Coulomb Ltd.Content Access Plugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CouponAge.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CouponsAndOffers.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CrackSpider.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CrazyWinnings.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Crush.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\CustomToolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Cydoor.TOPicks.a.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Cydoor.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Daily Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DailyWinner.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DailyWinnerBHO.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Daosearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DAP.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dapsol Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dapsol.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DashBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Date Regon.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DateMaker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DCON.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DealHelper.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DelfinProject.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Derbiz.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Desktop Hijacker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer.Axload.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer.IEDisco.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer.Scom.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer.UDconnect.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialer2004.com.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DialerData Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DialerMaker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DialerOffline.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dialerplatform.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DialXS.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Diamond Deal Casino.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Divago.Surfairy.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DivX Pro 5.1.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Dluca-M.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Domain Sponsor Cookie.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DoubleClick.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Download Accelerator Plus ads.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Download Accelerator.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Downloader.Lunii.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DownloadPlus.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DownloadReceiver.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DownloadWare.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DSO Exploit.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DSSAgent.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DyFuCA.InternetOptimizer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\DyFuCA.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\E2G.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\E2Give.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EasyBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EasySearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EasyWebSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eBates MoneyMaker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eBates.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eBayToolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eBlaster.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eGroup.InstantAccess.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eGroupDialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Elite toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EliteBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Elitum.EliteBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Emesx.dll.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\emusic.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EnConfidence.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ePlugin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ErrorGuard.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ESP Keylogger.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eSyndicate BHO.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eUniverse.IncrediFind.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eUniverse.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eUniverse.UpdMgr.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EverAd.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eXact Advertising.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eXact ISEXEng.Trojan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ExactSearchBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Excite.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ExDialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ezCyberSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EzSearchbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\eZula HotText.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\EzuLa.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\F__kSite.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FactoryNetwork Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Fairtale Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Farmmext.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Farsighter.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Fast Video Player Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FastClick.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Fastfind.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FastSeeker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Fastvideoplayer dialler.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FastVideoPlayer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FavoriteMan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FCI.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FileFreedom.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FindSpy.A.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FindWhateverNow.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FizzleWizzle Search Bar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FlashEnhancer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FlashenhancerBHO.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FlashGet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FlashTrack.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Flingstone Infamous Downloader.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Flyswat.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Forbes.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Free Scratch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FreeConnectLtd.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FreeScratchAndWin.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FreeScratchCards.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Fresh Bar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Funny Trojan.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FunWeb.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\FunWebProducts.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN-eWallet.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN-Supported Software.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.DashBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.Date Manager.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.Precision Time.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.Screen Scenes.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GAIN.Weatherscope.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GameSpy Arcade.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Gator.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GetMirar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GigaTech SuperBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GigexAgent-SpeedDelivery.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Global Netcom Inc.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GlobalCS Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GlobalDialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GloboSearch.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Gloggle.Shing.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Gloogle Downloader.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GMSoft Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GogoTools.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GoHip.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GoIndirect.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Golden Eye.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Golden Palace Casino.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GoZilla.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Grip Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Grokster.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\GSIM.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\[email protected]@@k.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hacker.ag.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Haczyk.Ulubione.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HalfLemon.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HangUpTeam.TechnicRat.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Haxdoor-H.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hellz Little Spy.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hi-Wire.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hijacker.IEHost.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HitBox.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HitHopper.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HitsLink.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Holystic-Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Holystic.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HomepageProtector.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hot_Pleasure.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hotsearchbar Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HotSearchBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hungry Hands porn hijacker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HungryHands BHO.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HuntBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\HuntToolBar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Huysuzseks.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Hyperlinker.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\Ibero Dialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\IberoDialer.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\IBIS Toolbar.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\icannnews.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\ICOO Loader.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\IE Access.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes\Description\IE Driver.txt
C:\Program Files\CyberDefender\AntiSpyware\Includes
  • 0

#10
HeyJon

HeyJon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
It's not letting me post the whole thing, I have them both just let me know how I should post them so you can read them, there's more to the Combofix log and I have a HJT ready it's just not working, is it possible that I have exceeded the posting limits?
  • 0

Advertisements


#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

It's not letting me post the whole thing, I have them both just let me know how I should post them so you can read them, there's more to the Combofix log and I have a HJT ready it's just not working, is it possible that I have exceeded the posting limits?


Ok.. can you attach the log please.. find the C:\combofix.txt and attach the file here :)
  • 0

#12
HeyJon

HeyJon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here's the HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:34 AM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\xcommsvr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Advisor - {D04C4051-3187-4003-B18B-BE12E2D7E7CC} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.ho...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD002158-FCF0-466C-9967-488E0AF3BC2C}: NameServer = 65.24.7.10,65.24.7.11
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: HP Status Server (hp status server) - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\WINDOWS\system32\xcommsvr.exe
O24 - Desktop Component 0: (no name) - http://www.battle.ne.../ruststorm3.gif

--
End of file - 9260 bytes

And the Combofix is attached, thanks once again.Attached File  combofix.txt   114.95KB   88 downloads
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



After that, please run ComboFix again (just double-click it)..


Post these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. ComboFix
3. A fresh HijackThis log (after running ComboFix)
4. Tell me about your computer behaviour..



Regards
fenzodahl512
  • 0

#14
HeyJon

HeyJon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sorry about the bit of a delay here is the combo fix log:
ComboFix 08-08-26.02 - Vickery 2008-08-26 22:01:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.277 [GMT -5:00]
Running from: C:\Documents and Settings\Vickery\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.

2008-08-26 14:30 . 2008-08-26 14:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 14:30 . 2008-08-26 14:30 <DIR> d-------- C:\Documents and Settings\Vickery\Application Data\Malwarebytes
2008-08-26 14:30 . 2008-08-26 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 14:30 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 14:30 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-24 03:01 . 2008-08-25 18:37 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-23 12:42 . 2008-08-23 12:42 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-22 21:04 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-22 21:02 . 2008-08-22 21:02 <DIR> d-------- C:\Program Files\Panda Security
2008-08-22 17:48 . 2008-08-22 17:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-21 20:39 . 2008-08-21 20:39 164 --ah----- C:\Documents and Settings\All Users\hpothb07.dat
2008-08-21 20:12 . 2008-08-21 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-21 20:03 . 2008-08-21 20:03 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-14 23:41 . 2008-08-14 23:45 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-08-14 20:29 . 2008-08-14 20:29 <DIR> d-------- C:\Documents and Settings\Vickery\Application Data\OurPictures
2008-08-08 12:53 . 2008-08-08 12:54 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-08-08 12:53 . 2008-08-08 12:53 <DIR> d-------- C:\Documents and Settings\Vickery\Application Data\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 21:47 --------- d-----w C:\Program Files\Warcraft III
2008-08-15 04:52 --------- d-----w C:\Program Files\Yahoo!
2008-08-15 04:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-08-15 04:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-15 04:32 --------- d-----w C:\Program Files\Kodak
2008-08-15 04:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 04:13 --------- d-----w C:\Program Files\Plaxo
2008-07-31 12:19 --------- d-----w C:\Documents and Settings\Vickery\Application Data\AdobeUM
2008-07-24 16:52 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-24 16:50 --------- d-----w C:\Documents and Settings\Vickery\Application Data\NCH Swift Sound
2008-07-24 16:45 --------- d-----w C:\Program Files\NCH Software
2008-07-24 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-07-23 01:36 --------- d-----w C:\Program Files\Apple Software Update
2008-07-14 01:27 --------- d-----w C:\Documents and Settings\Vickery\Application Data\Move Networks
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2007-10-03 22:05 108,280 -c--a-w C:\Documents and Settings\Vickery\Application Data\GDIPFONTCACHEV1.DAT
2005-04-29 00:16 822 -c-ha-w C:\Documents and Settings\Vickery\hpothb07.dat
2004-01-27 19:23 3,149 -c--a-w C:\Program Files\Common Files\remove_tools.html
2003-02-22 02:19 13 -c--a-w C:\Documents and Settings\Vickery\iphist.dat
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop.dat
2004-05-14 03:13 459 -csha-r C:\WINDOWS\Regbak.dat
.

------- Sigcheck -------

2001-08-18 09:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 02:56 17408 ec4ce15919bfb04ec581547b3b6ca4f1 C:\WINDOWS\system32\svchost.exe

2002-08-29 05:41 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-04 02:56 506368 b92543596580e9d39dd8c4fd8dc53cc8 C:\WINDOWS\system32\winlogon.exe

2007-06-13 05:23 1035776 80cacd426f20bfc7327725dea59322c9 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 05:41 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2001-08-18 09:00 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-04 02:56 110592 a22ef4d6ec6bf10b4a07a7a345269a80 C:\WINDOWS\system32\services.exe

2002-08-29 05:41 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-04 02:56 14848 3868722c883487109cfc604fd80d1a3a C:\WINDOWS\system32\lsass.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16 5058560]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 15:34 36864]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 17:45 69632]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 14:00 311350]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 14:00 28739]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-05 10:36 180269]
"HostManager"="C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe" [2005-11-02 22:01 50792]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 01:08 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-12-10 14:35 323216]
"CARPService"="carpserv.exe" [2002-07-08 19:37 4608 C:\WINDOWS\system32\carpserv.exe]
"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-09-24 01:28:44 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 14:00:00 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=scorillont.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dllzwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137878264\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Cartoon Network\\Fast And Flurrious\\powerplay.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WarCraft III Battle.net

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
S3 3CCMUSB;3Com HomeConnect Cable Modem External with USB Driver;C:\WINDOWS\system32\DRIVERS\3ccmusb.sys [2000-09-26 01:47]
S3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 19:32]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c0ae23e-e917-11d9-b0d6-0008021f7612}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad63576b-95b6-11da-b111-0008021f7612}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Vickery\Application Data\Mozilla\Firefox\Profiles\sfsd6nr3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 22:07:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\scorillont.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\scorillont.dll
.
Completion time: 2008-08-26 22:12:57
ComboFix-quarantined-files.txt 2008-08-27 03:11:51
ComboFix2.txt 2008-08-26 03:41:03
ComboFix3.txt 2008-08-26 02:25:42

Pre-Run: 60,626,563,072 bytes free
Post-Run: 60,610,502,656 bytes free

185 --- E O F --- 2008-08-24 22:48:49

Here is the Malwarebytes Log
Malwarebytes' Anti-Malware 1.25
Database version: 1088
Windows 5.1.2600 Service Pack 2

9:09:32 PM 8/26/2008
mbam-log-08-26-2008 (21-09-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 127708
Time elapsed: 2 hour(s), 9 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6cc-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaLoads (Adware.Medload) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And Finally the HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:47 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\xcommsvr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137878264\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Advisor - {D04C4051-3187-4003-B18B-BE12E2D7E7CC} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.ho...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD002158-FCF0-466C-9967-488E0AF3BC2C}: NameServer = 65.24.7.10,65.24.7.11
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: HP Status Server (hp status server) - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\WINDOWS\system32\xcommsvr.exe
O24 - Desktop Component 0: (no name) - http://www.battle.ne.../ruststorm3.gif

--
End of file - 9111 bytes

Everything seems pretty good with my computer however my printer is not connected any more and when I try to connect it I get this message "Operation could not be completed. The print spooler is not running. Any Ideas?
  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Your logs look very good to me..

Everything seems pretty good with my computer however my printer is not connected any more and when I try to connect it I get this message "Operation could not be completed. The print spooler is not running. Any Ideas?


Try below link and then tell me the result..

http://support.microsoft.com/kb/314876
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP