Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox google result link redirected, Spyware software not working [S

Started by nhanster , Apr 20 2009 04:54 PM

  • This topic is locked This topic is locked

#1
nhanster
Posted 20 April 2009 - 04:54 PM

nhanster

    New Member

  • Member
  • Pip
  • 3 posts
Hi,

I encountered this problem this morning and have been browsing the web on how to remove it but have been quite unsuccessful.
This morning I have downloaded program which I thought was some video. The program name was UNICODEC.

After installing that, I found out that my Google result link on Firefox was redirecting me to some advertising website, notthe actually website that it was supposed to go to.
I also found out that My Super Anit-Spyware Professional can not load start up anymore! Everytime I try to start it, this message comes up.
SUPERAntiSpyware has encountered a problem and needs to close. We are sorry for the inconvenience.

I downloaded Malwarebytes Anit-Malware, but I couldn't get it to load. Everytime I double click on the program, nothing happen. =( I I uninstalled it.
I also tried to use Spybot S&D, same thing happen, program doesn't load.

I have deleted the UNICODEC files, but the problem still occur.

When I tried Googling on IE, everything work fine.
When I google on Firefox, its all messed up.

Any help would be much appreciated.

-Nhan

Here is the Root and OTList log

ROOT



Microsoft Windows XP Professional (5.1.2600) Service Pack 2, v.2096

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:24991 Mo/Free:3780 Mo)
D:\ [Fixed] - NTFS - (Total:53536 Mo/Free:2171 Mo)
E:\ [Fixed] - NTFS - (Total:32239 Mo/Free:262 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:3682 Mo/Free:0 Mo)

Mon 04/20/2009|15:41

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
---------- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
---------- C:\WINDOWS\StartupMonitor.exe
---------- C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
---------- C:\Program Files\Internet Download Manager\IDMan.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
---------- C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Documents and Settings\Nhan\My Documents\Downloads\Programs\OTListIt2.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{3414C69D-FE5B-4C31-A476-8BF802320A2F}]
DhcpNameServer REG_SZ 85.255.112.122,85.255.112.154
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{3414C69D-FE5B-4C31-A476-8BF802320A2F}]
DhcpNameServer REG_SZ 85.255.112.122,85.255.112.154
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{3414C69D-FE5B-4C31-A476-8BF802320A2F}]
DhcpNameServer REG_SZ 85.255.112.122,85.255.112.154
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{3414C69D-FE5B-4C31-A476-8BF802320A2F}]
DhcpNameServer REG_SZ 85.255.112.122,85.255.112.154
==> WAREOUT <==

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Nhan\Start Menu\Programs\RAR Password Cracker
C:\DOCUME~1\Nhan\Start Menu\Programs\RAR Password Cracker\License Agreement.lnk
C:\DOCUME~1\Nhan\Start Menu\Programs\RAR Password Cracker\RAR Password Cracker Registration.lnk
C:\DOCUME~1\Nhan\Start Menu\Programs\RAR Password Cracker\RAR Password Cracker Wizard.lnk
C:\DOCUME~1\Nhan\Start Menu\Programs\RAR Password Cracker\RAR Password Cracker.lnk
C:\DOCUME~1\Nhan\Start Menu\Programs\RAR Password Cracker\Readme.lnk
C:\DOCUME~1\Nhan\Start Menu\Programs\RAR Password Cracker\Uninstall.lnk


1 - "C:\Rooter$\Rooter_1.txt" - Mon 04/20/2009|15:41

----------------------\\ Scan completed at 15:41

Edited by nhanster, 20 April 2009 - 04:55 PM.

  • 0

Advertisements

#2
nhanster
Posted 20 April 2009 - 04:56 PM

nhanster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here is the OTListIt Log


OTListIt logfile created on: 4/20/2009 3:36:51 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Nhan\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2, v.2096 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.80 Mb Total Physical Memory | 603.46 Mb Available Physical Memory | 59.00% Memory free
2.41 Gb Paging File | 2.07 Gb Available in Paging File | 85.93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 7.69 Gb Free Space | 31.52% Space Free | Partition Type: NTFS
Drive D: | 52.28 Gb Total Space | 38.12 Gb Free Space | 72.91% Space Free | Partition Type: NTFS
Drive E: | 31.48 Gb Total Space | 24.26 Gb Free Space | 77.04% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-F245C5BD7A
Current User Name: Nhan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe ()
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
PRC - C:\WINDOWS\StartupMonitor.exe ()
PRC - C:\Program Files\Analog Devices\SoundMAX\Smtray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Grisoft\AVG7\avgfwsrv.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Nhan\My Documents\Downloads\Programs\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Avg7Alrt [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
SRV - (Avg7UpdSvc [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
SRV - (AVGFwSrv [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgfwsrv.exe (GRISOFT, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\560\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (ANIO [Auto | Running]) -- C:\WINDOWS\system32\ANIO.SYS (Alpha Networks Inc.)
DRV - (Avg7Core [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (AvgClean [System | Running]) -- C:\WINDOWS\System32\Drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (EverestDriver [On_Demand | Stopped]) -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt ()
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (N3AB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\N3AB.sys ()
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (SMBios [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SMBios.sys (Intel Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (usbbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:5.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2009/02/02 00:50:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/25 15:25:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/30 12:12:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/30 12:12:42 | 00,000,000 | ---D | M]

[2009/03/20 12:09:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nhan\Application Data\mozilla\Extensions
[2009/01/31 16:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nhan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/20 12:09:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nhan\Application Data\mozilla\Extensions\[email protected]
[2009/04/20 12:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nhan\Application Data\mozilla\Firefox\Profiles\mhl579r9.default\extensions
[2009/04/17 12:21:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nhan\Application Data\mozilla\Firefox\Profiles\mhl579r9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/04/17 12:21:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nhan\Application Data\mozilla\Firefox\Profiles\mhl579r9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/20 12:39:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/30 12:12:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/25 15:25:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/30 12:12:35 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/30 12:12:35 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/02 19:59:34 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/02 19:59:34 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/02 19:59:34 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/02 19:59:34 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/02 19:59:34 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/02 19:59:34 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/02 19:59:34 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (610270 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 16295 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [CellVision WLAN Monitor] C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe ()
O4 - HKLM..\Run: [Run StartupMonitor] StartupMonitor.exe ()
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\560\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\560\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\autorun.inf () - [ NTFS ]
O32 - Autorun File - D:\autorun.inf () - [ NTFS ]
O32 - Autorun File - E:\autorun.inf () - [ NTFS ]
O32 - Autorun File - G:\Autorun.inf () - [ CDFS ]
O33 - MountPoints2\D\Shell - "" = Autorun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\Open\command - "" = RECYCLER\S-2-1-15-100017858-100014535-100009866-4400.com d:\
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/20 15:26:55 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\Nhan\Desktop\Shortcut to ComboFix.exe.lnk
[2009/04/20 15:26:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/20 15:26:11 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30459.exe
[2009/04/20 15:26:11 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/04/20 15:25:40 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/20 14:06:05 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Nhan\Desktop\CCleaner.lnk
[2009/04/20 14:06:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/20 13:37:37 | 10,725,49888 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/20 13:29:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/04/20 13:25:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/20 13:25:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/20 12:58:40 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Nhan\Desktop\spybotsd162.exe
[2009/04/20 12:47:34 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/20 12:23:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Nhan\Desktop\HijackThis.lnk
[2009/04/20 12:23:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/19 11:34:24 | 00,000,857 | ---- | C] () -- C:\Documents and Settings\Nhan\Desktop\ImTOO MP4 Video Converter 3.lnk
[2009/04/19 11:34:21 | 00,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2009/04/05 13:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nhan\Local Settings\Application Data\Help
[2009/04/05 13:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nhan\Application Data\Help
[2009/04/05 11:34:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RingtoneMaker.INI
[2009/04/05 11:33:30 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2009/04/05 11:33:29 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2009/04/05 11:33:28 | 00,420,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4c32.dll
[2009/04/05 11:33:28 | 00,309,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll
[2009/04/05 11:32:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared
[2009/04/05 11:32:56 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Ringtone Maker 2 silver.lnk
[2009/04/05 11:32:33 | 01,089,536 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2009/04/05 11:32:33 | 00,085,504 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\HtmlWH.dll
[2009/04/05 11:32:33 | 00,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.dll
[2009/04/05 11:32:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2009/04/05 11:32:33 | 00,000,000 | ---D | C] -- C:\MAGIX
[2009/04/05 11:32:20 | 00,475,136 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2009/04/05 11:32:20 | 00,002,770 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/04/04 12:21:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nhan\My Documents\My Garmin
[2009/04/03 12:05:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/04/03 09:45:48 | 20,577,56582 | ---- | C] () -- C:\Documents and Settings\Nhan\Desktop\garmin_rmu_cnnant2009_1.exe
[2009/04/03 09:45:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nhan\Application Data\Download Manager
[2009/04/03 09:35:52 | 00,000,000 | ---D | C] -- C:\Program Files\Citrix
[2009/04/03 09:35:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nhan\Local Settings\Application Data\Citrix
[2009/04/02 20:41:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nhan\Application Data\GARMIN
[2009/04/02 20:41:51 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2009/04/02 20:41:50 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/04/02 20:41:49 | 00,018,432 | ---- | C] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmngen.sys
[2009/04/02 20:41:49 | 00,008,320 | ---- | C] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmnusb.sys
[2009/04/02 20:41:49 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin
[2009/04/02 20:33:59 | 00,000,000 | ---D | C] -- C:\Garmin
[2009/03/26 12:14:09 | 00,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/03/26 12:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/03/24 14:15:50 | 00,000,000 | RH-D | C] -- C:\$VAULT$.AVG
[2009/03/03 15:58:41 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/01 14:39:49 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/02/01 01:16:18 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/02/01 01:16:16 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/01 01:16:15 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/02/01 01:16:15 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/01 01:16:14 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/01 01:16:14 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/31 16:25:29 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/28 15:41:42 | 00,395,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\N3AB.sys
[2004/03/11 17:18:42 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/02/23 01:00:56 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 05:00:00 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 05:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/20 15:26:55 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\Nhan\Desktop\Shortcut to ComboFix.exe.lnk
[2009/04/20 15:25:37 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30459.exe
[2009/04/20 14:20:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/20 14:20:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/20 14:20:41 | 10,725,49888 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/20 14:06:06 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Nhan\Desktop\CCleaner.lnk
[2009/04/20 12:59:36 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Nhan\Desktop\spybotsd162.exe
[2009/04/20 12:23:25 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Nhan\Desktop\HijackThis.lnk
[2009/04/20 12:09:41 | 00,000,325 | RHS- | M] () -- C:\autorun.inf
[2009/04/19 11:52:37 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/19 11:34:24 | 00,000,857 | ---- | M] () -- C:\Documents and Settings\Nhan\Desktop\ImTOO MP4 Video Converter 3.lnk
[2009/04/19 01:36:34 | 00,610,270 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/17 21:41:00 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/14 19:41:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/12 13:05:37 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Nhan\Desktop\Microsoft Office Word 2003.lnk
[2009/04/10 13:24:20 | 00,052,160 | ---- | M] () -- C:\Documents and Settings\Nhan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/07 14:58:34 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Nhan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/05 23:54:36 | 00,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/05 11:34:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\RingtoneMaker.INI
[2009/04/05 11:33:26 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/05 11:32:56 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Ringtone Maker 2 silver.lnk
[2009/04/05 11:21:44 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/05 11:21:44 | 00,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/05 11:21:44 | 00,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/03 11:55:08 | 20,577,56582 | ---- | M] () -- C:\Documents and Settings\Nhan\Desktop\garmin_rmu_cnnant2009_1.exe
[2009/03/30 18:08:25 | 00,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Guild Wars.lnk
[2009/03/26 12:14:10 | 00,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
< End of report >
  • 0

#3
nhanster
Posted 24 April 2009 - 07:37 PM

nhanster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I got it fixed already. No need to reply.
  • 0

#4
Rorschach112
Posted 25 April 2009 - 03:56 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP