viruses and spyware galore...plz help

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Wednesday 5.3.2025 / 13:45

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > viruses and spyware galore...plz help

Browse by topic

Forums

Start a new thread

viruses and spyware galore...plz help

Jump to:

Posted

Message

coqui3l

Junior Member

10. November 2008 @ 18:26

Link to this message

Someone please take the time to view the following logs from MalwareByte, SuperAntiSpyWare and HiJackThis, and tell me what more to do to get my system back in order. Also, I ran AVG Free updated to latest definitions and it found more crap but I don't know how to get the log from it so that I can post it here. Also, I ran Windows Defender updated with the latest defs but I don't remember if anything came up and I forgot to get log, if possible, so that I could post here.
==========================================
Malwarebytes' Anti-Malware 1.30
Database version: 1375
Windows 5.1.2600 Service Pack 2

11/8/2008 11:38:11 PM
mbam-log-2008-11-08 (23-38-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 106017
Time elapsed: 1 hour(s), 14 minute(s), 12 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 60
Registry Values Infected: 15
Registry Data Items Infected: 3
Folders Infected: 18
Files Infected: 90

Memory Processes Infected:
C:\WINNT\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINNT\system32\jkkJyWMC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINNT\system32\urqNhIbA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINNT\system32\dcggain.dll (Trojan.Zlob) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a348399e-8606-40a1-b6af-fba2db25c549} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a348399e-8606-40a1-b6af-fba2db25c549} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqnhiba (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a348399e-8606-40a1-b6af-fba2db25c549} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c78e2db-5afc-4a3b-9b9f-6af136562e6f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c78e2db-5afc-4a3b-9b9f-6af136562e6f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mp.mediapops (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mp.mediapops.1 (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{139c109e-08c6-4b60-9142-860b8cd5d000} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{15cd9136-9972-406f-9ba8-da0f542b5ea3} (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{679b00b5-0783-4de4-a478-7227fdd50825} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7327f0ff-165e-46b5-98c2-80d738a3b228} (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8eee58d5-130e-4cbd-9c83-35a0564ea119} (Adware.Bargain.Buddy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{94118c19-b178-4e43-bbe8-0efdbb391bdb} (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94118c19-b178-4e43-bbe8-0efdbb391bdb} (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9a30a25e-d8e6-414b-89d0-a78d26dd85e3} (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaLoads (Adware.Medload) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule27 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pro antispyware 2009 (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agljoaiqaupiqpol (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\winnt\system32\jkkjywmc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\winnt\system32\jkkjywmc -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: msansspc.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\VirusRanger (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\data (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINNT\system32\209789 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\BASE (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\DELETED (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\SAVED (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\AntivirusPro2009 (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.

Files Infected:
C:\WINNT\system32\jkkJyWMC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINNT\system32\CMWyJkkj.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINNT\system32\CMWyJkkj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINNT\system32\urqNhIbA.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINNT\system32\qkrylesf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINNT\system32\fselyrkq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINNT\system32\dcggain.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINNT\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINNT\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\209789\209789.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINNT\system32\SysWebTelecom.dll (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\MediaLoads Enhanced\ME1.DLL (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MRK7EZE9\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\bpw.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\kernel40.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\VirusRanger.exe (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\WINNT\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINNT\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINNT\system32\msansspc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\nnnkLedE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\asc4.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\config.ini (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\mm.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\OE.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\OE4.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\pl.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\result.lst (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\sdebug.log (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\stopapi4.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\TheBAT.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\UnARJ.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\UnMSCAB.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\unrar.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\unzip.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\updater.plb (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\vrext.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller\Uninstall.exe (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller\WinSpyKiller.lic (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule27.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\AntivirusPro2009.cfg (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\AVEngn.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\pthreadVC2.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Uninstall.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\wscui.cpl (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\data\daily.cvd (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081029093158373.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081031201710520.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081103081145100.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081104075609343.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081106065422718.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081106101429593.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081106231055359.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081107094430234.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081107095130687.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081107140750250.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081107182003171.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108115237031.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108155233156.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081108161534437.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\AntivirusPro2009\AntivirusPro2009.lnk (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\AntivirusPro2009\Uninstall.lnk (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\WINNT\system32\qyhtxwrplzrlgwtmh.dll (Trojan.Agent) -> Delete on reboot.
C:\WINNT\system32\wpv3712.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINNT\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINNT\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINNT\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINNT\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINNT\system32\wini10736.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\AntivirusPro2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

============================================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/09/2008 at 01:37 AM

Application Version : 4.21.1004

Core Rules Database Version : 3628
Trace Rules Database Version: 1612

Scan type : Complete Scan
Total Scan Time : 00:55:40

Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 5041
Registry threats detected : 76
File items scanned : 18314
File threats detected : 454

Adware.HotBar/ShopperReports (Low Risk)
HKLM\Software\Classes\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\Implemented Categories
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\InprocServer32
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\InprocServer32#ThreadingModel
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\ProgID
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\TypeLib
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\VersionIndependentProgID
HKCR\SmartShopper.HbInfoBand.1
HKCR\SmartShopper.HbInfoBand.1\CLSID
HKCR\SmartShopper.HbInfoBand
HKCR\SmartShopper.HbInfoBand\CLSID
HKCR\SmartShopper.HbInfoBand\CurVer
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}\1.0
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}\1.0\0
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}\1.0\0\win32
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}\1.0\FLAGS
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}\1.0\HELPDIR
C:\PROGRAM FILES\SMARTSHOPPER\BIN\2.5.0\SMRTSHPR.DLL
HKLM\Software\Classes\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\InprocServer32
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\InprocServer32#ThreadingModel
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\ProgID
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\TypeLib
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\VersionIndependentProgID
HKCR\SmartShopper.SmrtShprCtl.1
HKCR\SmartShopper.SmrtShprCtl.1\CLSID
HKCR\SmartShopper.SmrtShprCtl
HKCR\SmartShopper.SmrtShprCtl\CLSID
HKCR\SmartShopper.SmrtShprCtl\CurVer
HKU\S-1-5-21-955046455-3660946461-3242847100-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{137E6E5E-A205-4657-A49F-1AB865787089}
HKCR\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}
HKCR\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}\ProxyStubClsid
HKCR\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}\ProxyStubClsid32
HKCR\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}\TypeLib
HKCR\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}\TypeLib#Version

Adware.BargainBuddy/NaviSearch
HKLM\System\ControlSet001\Services\ZESOFT
C:\WINNT\ZETA.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_ZESOFT
HKLM\System\ControlSet002\Services\ZESOFT
HKLM\System\ControlSet002\Enum\Root\LEGACY_ZESOFT
HKLM\System\CurrentControlSet\Services\ZESOFT
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ZESOFT
C:\WINNT\SYSTEM32\ANGELEX.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@mobileentertainment.directtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@shopping.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pro-market[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-trilegiant.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@viamtvcom.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.antispykit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pornput[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dealtime[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ford.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@publicrecordfinder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@viamtvnvideo.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zillow.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@screensaversandwallpapersfree[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.bobdiscountfurniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ig[1].txt
C:\Documents and Settings\Owner\Cookies\owner@directtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tremor.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@keywordmax[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt
C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hotbar[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserving.autotrader[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.streetfire[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sale.antispywaremaster[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.autoleadsystems[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.monster[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advancedcleaner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.hotels[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@partners.tattomedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads2.drivelinemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.antispyshield[1].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ticketsnow[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bp.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@28856772[2].txt
C:\Documents and Settings\Owner\Cookies\owner@toyota.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediamgr.ugo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue.virtualcountries[2].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-biworldside.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@whitehorse.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicks.emarketmakers[1].txt
C:\Documents and Settings\Owner\Cookies\owner@viator.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kelleybluebook.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@metacafe.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@weborama[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.virusranger[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cvhs.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad[3].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@glb.adtechus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt
C:\Documents and Settings\Owner\Cookies\owner@peoplfinder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@starmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bfast[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bzresults.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-hyundaiusa.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-chrysler.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mazda.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.mtvnservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@iacas.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4kpc5wep.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@palmone.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@us.starmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-yamahamotors.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[2].txt
C:\Documents and Settings\Owner\Cookies\owner@videoegg.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@findyouradmirer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@LPBofA1[2].txt
C:\Documents and Settings\Owner\Cookies\owner@enhance[2].txt
C:\Documents and Settings\Owner\Cookies\owner@rdr.hitmngr[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.publicrecordfinder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@raymoursfurniturecompanyinc.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@antispykit[2].txt
C:\Documents and Settings\Owner\Cookies\owner@couponmountain[2].txt
C:\Documents and Settings\Owner\Cookies\owner@15744040[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.us.e-planning[1].txt
C:\Documents and Settings\Owner\Cookies\owner@scan.antivirus2008scanner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@estat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.malwarecore[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ticketsnow[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.shopthescene[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adservr[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sec1.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cp.affiliaterevenue[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bobdiscountfurniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
C:\Documents and Settings\Owner\Cookies\owner@88277737[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.virusheat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@antispywaremaster[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkyoicjefp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[1].txt
C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt
C:\Documents and Settings\Owner\Cookies\owner@socialmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@html[1].txt
C:\Documents and Settings\Owner\Cookies\owner@classifiedventures1.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@rocku.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eyewonder[2].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@virusranger[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hc2.humanclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@indextools[2].txt
C:\Documents and Settings\Owner\Cookies\owner@extrovert.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@lynxtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.thesmokinggun[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver01.verio[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cbs.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@care2.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.e-planning[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hotels-and-discounts[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.esmas[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@network.realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@74613876[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@livenation.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@st[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@healthgrades.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@indigio.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.surfcounters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dev.media.sparkart[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.winspykiller[1].txt
C:\Documents and Settings\Owner\Cookies\owner@track.bestbuy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@invitemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@superstats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicks.smartbizsearch[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cgm.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@LPneimanmarcus[2].txt
C:\Documents and Settings\Owner\Cookies\owner@15578893[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.zanox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.redorbit[2].txt
C:\Documents and Settings\Owner\Cookies\owner@analytics.mediastatsnow[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media-servers[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adfarm1.adition[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cms.trafficmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bootcampmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mmcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@toseeka[2].txt
C:\Documents and Settings\Owner\Cookies\owner@redirect.clickshield[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-daveandbusters.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserv1.mannixmarketing[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad-flow[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fusetv.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-netquote.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adtracker.americantowns[2].txt
C:\Documents and Settings\Owner\Cookies\owner@serv.clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@travel.hotels-and-discounts[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickmanage[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bridge.admarketplace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@26274360[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkockczgbo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.toseeka[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.10click[1].txt
C:\Documents and Settings\Owner\Cookies\owner@elitecompare[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mdnh.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.sphere[1].txt
C:\Documents and Settings\Owner\Cookies\owner@a[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trvlnet.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@track.dmipartners[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.movableadnetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@html[3].txt
C:\Documents and Settings\Owner\Cookies\owner@servedby.adxpower[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.ntsserve[2].txt
C:\Documents and Settings\Owner\Cookies\owner@axxessads.valuead[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adulttraffsale[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.findstuff[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@code[2].txt
C:\Documents and Settings\Owner\Cookies\owner@direct[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.ad4game[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.widgetbucks[1].txt
C:\Documents and Settings\Owner\Cookies\owner@intermundomedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@reduxmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@homestore.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-hollywoodmedia.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@gadget[2].txt
C:\Documents and Settings\Owner\Cookies\owner@redorbit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@rotator.its.adjuggler[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anheuserbusch.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.couponmountain[1].txt
C:\Documents and Settings\Owner\Cookies\owner@findwhat[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.gajmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1071945644[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-ripedigitalentertainment.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.easyad[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksense[1].txt
C:\Documents and Settings\Owner\Cookies\owner@wmvmedialease[1].txt
C:\Documents and Settings\Owner\Cookies\owner@yx0banners[1].txt
C:\Documents and Settings\Owner\Cookies\owner@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.trashypretty[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adjuggler[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bannerconnect[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atlas.entrepreneur[1].txt
C:\Documents and Settings\Owner\Cookies\owner@oddcast[1].txt
C:\Documents and Settings\Owner\Cookies\owner@banner_js[2].txt
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.realtechnetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt
C:\Documents and Settings\Owner\Cookies\owner@transporter_3_728x300_500k[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1069967976[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-hersheyentertainment.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@personalstatsinfo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@myroitracking[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@casalemedia[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@revenue[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@statse.webtrendslive[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ehg.hitbox[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@atwola[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@sextracker[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@apmebf[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@bizrate[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@iacas.adbureau[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@www.burstbeacon[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ehg-hersheyentertainment.hitbox[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@msnportal.112.2o7[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@hornyspanishflies[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ads.10click[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@microsoftwllivemkt.112.2o7[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@fastclick[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@anad.tacoda[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@bfast[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@serving-sys[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@trvlnet.adbureau[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@edge.ru4[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@stat.dealtime[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@overture[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ford.112.2o7[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@insightexpressai[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@realmedia[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@specificmedia[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@blockbuster.112.2o7[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@sonyscei.112.2o7[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@specificclick[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@anat.tacoda[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@glb.adtechus[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@www.burstnet[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@linksynergy[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adjuggler[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@kontera[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@mediaplex[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@clickbank[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adserving.autotrader[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@track.cbs[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@optimize.indieclick[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@perf.overture[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@media.ntsserve[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@doubleclick[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@collective-media[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@247realmedia[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@tradedoubler[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@anheuserbusch.122.2o7[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ads.realtechnetwork[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@bluestreak[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@hitbox[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@partner2profit[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@wwww.toseeka[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@www.sexandsubmission[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@media.adrevolver[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@bridge.admarketplace[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@2o7[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@rotator.its.adjuggler[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@interclick[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@stats.purextc[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@serv.clicksor[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@server.iad.liveperson[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adserver.easyad[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@cms.trafficmp[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@sexandsubmission[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@e-2dj6wcloupajoap.stats.esomniture[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adopt.euroclick[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@track.bestbuy[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@richmedia.yahoo[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@bs.serving-sys[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adecn[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@www.1xxxpics[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@statcounter[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@media[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ehg-yamahamotors.hitbox[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@tribalfusion[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@www.porn[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@eyewonder[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adlegend[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@mazda.122.2o7[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@nintendo.112.2o7[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@atdmt[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@yieldmanager[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@cbs.112.2o7[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@dealtime[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@counter1.sextracker[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adultfriendfinder[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ads.bridgetrack[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@stat.onestat[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@enhance[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@media6degrees[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ads.adbrite[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adrevolver[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adrevolver[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@myaccount.verizonwireless[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@chitika[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@tremor.adbureau[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ads.addynamix[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@questionmarket[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@findwhat[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@webstat.yamaha[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@www.toseeka[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@burstnet[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@tacoda[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adbrite[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ad.yieldmanager[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adopt.specificclick[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@videoegg.adbureau[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@nextag[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@lucasarts.122.2o7[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@revsci[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ad.us-ec.adtechus[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@jcrew.112.2o7[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@at.atwola[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@toyota.112.2o7[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@advertising[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ads.pointroll[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@www.eurosexparties[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adserver[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@pro-market[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@ads.widgetbucks[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@trafficmp[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@zedo[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@adserver.adtechus[1].txt
C:\Documents and Settings\Natasha\Cookies\natasha@toseeka[2].txt
C:\Documents and Settings\Natasha\Cookies\natasha@myroitracking[1].txt
C:\Documents and Settings\Owner\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner\Cookies\owner@accounts[2].txt
C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[2].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[8].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[15].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[11].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[13].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[12].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[14].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[10].txt
C:\Documents and Settings\Owner\Cookies\owner@banner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[7].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[6].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[5].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[4].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[3].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@winfixer[9].txt

Adware.SurfSideKick
C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll

Adware.IEPlugin
HKU\S-1-5-21-955046455-3660946461-3242847100-1003\Software\dsktb
C:\WINNT\isp.ico
C:\WINNT\RGRT.EXE

Adware.BetterInternet
HKU\S-1-5-21-955046455-3660946461-3242847100-1003\Software\aurora

Trojan.DNSChanger-Codec
HKCR\CLSID\E404.e404mgr
HKCR\CLSID\E404.e404mgr#UserId

Malware.VirusRanger
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\beYcsLPV
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\Control
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\dgumVA
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\HyzBFxxsD
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\ibfOjozC
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer32
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer32#ThreadingModel
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\MiscStatus
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\MiscStatus\1
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\nfkte
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\ProgID
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\Programmable
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\toddx
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\ToolboxBitmap32
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\TypeLib
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\Version
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\VersionIndependentProgID
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\vFmfwiwSlRQ

Rogue.XP AntiSpyware 2009
HKU\S-1-5-21-955046455-3660946461-3242847100-1003\Control Panel\don't load#wscui.cpl [ No ]

Rogue.XP AntiSpyware2009-Trace
C:\Documents and Settings\Owner\Desktop\delself.bat

Rogue.Component-AdRotator/Trace
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VGDNHFPQYCV
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VGDNHFPQYCV#DisplayName
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VGDNHFPQYCV#UninstallString
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VGDNHFPQYCV#NoModify
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VGDNHFPQYCV#NoRepair
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VGDNHFPQYCV#DisplayVersion

Trojan.Dropper/FakeAlert
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\KCAPLLFQ.EXE

Rogue.WinFixer/Component
C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\CRXML.DLL

Adware.BargainBuddy
C:\WINNT\AUTOHEAL.EXE

Adware.eXactAdvertising-Installer
C:\WINNT\EXTRACT.EXE
C:\WINNT\SALMBUNDLE.EXE

Adware.Direct Revenue
C:\WINNT\NXBXRRGHALU.EXE

Rootkit.DF_KMD
C:\WINNT\SYSTEM32\DRIVERS\DF_KMD.SYS

Adware.eXact Advertising
C:\WINNT\SYSTEM32\EXDL.EXE
C:\WINNT\SYSTEM32\EXDL0.EXE
C:\WINNT\SYSTEM32\EXUL.EXE
C:\WINNT\SYSTEM32\JAVEXULM.VXD
C:\WINNT\SYSTEM32\MQEXDLM.SRG

Trace.Known Threat Sources
C:\Documents and Settings\Natasha\Local Settings\Temporary Internet Files\Content.IE5\OE1CJYI5\main[4].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2D41MDWZ\favicon[1].ico
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GTWZCJ8V\l.s.bg2z[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GTWZCJ8V\l.s.bg1z[1].gif

============================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:14 PM, on 11/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\Drivers\bwcsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {CA4A3FC2-9E9F-8C6C-DBE5-906094C54342} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O4 - Startup: Run VNC Server.lnk = C:\Program Files\RealVNC\VNC4\winvnc4.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {CE736832-F8A9-11D4-80C4-0050DA680987} (HearMe (Firewall, Spanish) Voice Control) - http://www.terra.com/chatvoz/hmvcfs.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companio...ebio5_1_6_0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: karna.dat,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINNT\system32\Drivers\bwcsrv.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)

--
End of file - 6194 bytes

===========================================================

[ + quote]

coqui3l

Junior Member

11. November 2008 @ 03:23

Link to this message

here's the combofix log...

ComboFix 08-11-10.01 - Owner 2008-11-11 2:50:13.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\WinSoftware
c:\program files\delfin
c:\program files\delfin\PromulGate\preference.dat
c:\winnt\Readme.txt
c:\winnt\system32\instsrv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVCPROC

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-10 01:26 . 2008-11-09 17:33 102,664 --a------ c:\winnt\system32\drivers\tmcomm.sys
2008-11-09 17:33 . 2008-11-10 01:27 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6
2008-11-09 02:29 . 2008-11-09 12:42 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-09 02:28 . 2008-11-09 02:28 <DIR> d-------- c:\program files\CCleaner
2008-11-09 02:11 . 2008-11-09 02:11 <DIR> d-------- c:\program files\Windows Defender
2008-11-09 02:00 . 2008-11-09 02:00 97,928 --a------ c:\winnt\system32\drivers\avgldx86.sys
2008-11-09 02:00 . 2008-11-09 02:00 76,040 --a------ c:\winnt\system32\drivers\avgtdix.sys
2008-11-09 02:00 . 2008-11-09 02:00 10,520 --a------ c:\winnt\system32\avgrsstx.dll
2008-11-09 01:59 . 2008-11-11 03:07 <DIR> d-------- c:\winnt\system32\drivers\Avg
2008-11-09 01:59 . 2008-11-09 01:59 <DIR> d-------- c:\program files\AVG
2008-11-09 01:59 . 2008-11-09 01:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-09 01:47 . 2008-11-09 01:47 <DIR> d-------- c:\program files\PrivacyEraser Computing
2008-11-09 01:46 . 2008-11-09 01:46 <DIR> d-------- C:\VundoFix Backups
2008-11-08 23:50 . 2008-11-08 23:50 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-08 23:50 . 2008-11-08 23:50 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2008-11-08 23:50 . 2008-11-08 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-08 23:49 . 2008-11-08 23:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-08 23:42 . 2008-11-08 23:42 <DIR> d-------- c:\program files\RealVNC
2008-11-08 22:19 . 2008-11-08 22:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-08 22:19 . 2008-10-22 16:28 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-11-08 22:18 . 2008-11-08 22:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-08 22:18 . 2008-11-08 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-08 22:18 . 2008-10-22 16:28 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2008-11-08 21:15 . 2008-11-08 21:15 31,222 --a------ c:\winnt\Sysvxd.exe
2008-11-08 15:54 . 2008-11-08 15:54 19,833 --a------ c:\winnt\mocaludu.db
2008-11-08 15:54 . 2008-11-08 15:54 19,566 --a------ c:\program files\Common Files\uxuqoposyq.exe
2008-11-08 15:54 . 2008-11-08 15:54 19,214 --a------ c:\winnt\system32\elozybyde._dl
2008-11-08 15:54 . 2008-11-08 15:54 19,129 --a------ c:\winnt\fivycyhojy.reg
2008-11-08 15:54 . 2008-11-08 15:54 18,138 --a------ c:\winnt\system32\lape.vbs
2008-11-08 15:54 . 2008-11-08 15:54 17,406 --a------ c:\program files\Common Files\hytyj.dat
2008-11-08 15:54 . 2008-11-08 15:54 16,367 --a------ c:\documents and settings\All Users\Application Data\ezaco.bat
2008-11-08 15:54 . 2008-11-08 15:54 15,334 --a------ c:\documents and settings\Owner\Application Data\weco.dll
2008-11-08 15:54 . 2008-11-08 15:54 14,378 --a------ c:\winnt\zyxud.reg
2008-11-08 15:54 . 2008-11-08 15:54 14,052 --a------ c:\winnt\system32\kelomevy.com
2008-11-08 15:54 . 2008-11-08 15:54 13,109 --a------ c:\winnt\goneqetuj.bat
2008-11-08 15:54 . 2008-11-08 15:54 12,522 --a------ c:\winnt\cunuxoh.ban
2008-11-08 15:54 . 2008-11-08 15:54 12,022 --a------ c:\winnt\ymyj.dll
2008-11-08 15:54 . 2008-11-08 15:54 10,966 --a------ c:\winnt\iruka.db
2008-11-08 15:54 . 2008-11-08 15:54 10,164 --a------ c:\winnt\ogazynabu.bin
2008-10-29 08:32 . 2008-11-03 08:13 77,937 --a------ c:\winnt\system32\vgdnhfpqycv.exe
2008-10-18 18:18 . 2004-08-03 23:58 14,848 --a------ c:\winnt\system32\drivers\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 19:16 --------- d-----w c:\program files\SmartShopper
2008-11-09 16:55 --------- d-----w c:\program files\TV Media
2008-11-09 06:58 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-09 06:56 --------- d-----w c:\program files\Yahoo!
2008-11-09 06:54 --------- d-----w c:\program files\Java
2008-11-09 04:37 --------- d-----w c:\program files\MediaLoads Enhanced
2008-11-08 20:54 12,710 ----a-w c:\program files\Common Files\olekizyly.ban
2008-11-08 20:54 11,473 ----a-w c:\program files\Common Files\anipydo.inf
2008-11-08 20:54 11,083 ----a-w c:\program files\Common Files\qirol._dl
2008-11-07 14:46 --------- d-----w c:\documents and settings\Owner\Application Data\SmartShopper
2008-11-04 02:43 --------- d-----w c:\documents and settings\Natasha\Application Data\SmartShopper
2008-10-16 19:13 202,776 ----a-w c:\winnt\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\winnt\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\winnt\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\winnt\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\winnt\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\winnt\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\winnt\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\winnt\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\winnt\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\winnt\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\winnt\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\winnt\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\winnt\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\winnt\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\winnt\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\winnt\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\winnt\system32\muweb.dll
2008-10-15 16:57 332,800 ------w c:\winnt\system32\dllcache\netapi32.dll
2008-09-15 11:57 1,846,016 ----a-w c:\winnt\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\winnt\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ------w c:\winnt\system32\dllcache\srv.sys
2008-08-19 09:30 18,432 ------w c:\winnt\system32\dllcache\iedw.exe
2008-08-14 10:00 2,180,352 ----a-w c:\winnt\system32\ntoskrnl.exe
2008-08-14 10:00 2,180,352 ------w c:\winnt\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ------w c:\winnt\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ------w c:\winnt\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w c:\winnt\system32\ntkrnlpa.exe
2008-08-14 09:22 2,057,728 ------w c:\winnt\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ------w c:\winnt\system32\dllcache\ntkrpamp.exe
2004-03-04 04:21 8,224 -c--a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]
"Free Internet Eraser"="c:\program files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe" [2008-06-18 538112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2001-11-27 40960]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-06-24 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-09 1234712]
"GWMDMMSG"="GWMDMMSG.exe" [2001-11-27 c:\winnt\GWMDMMSG.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"vidc.XVID"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINNT\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\program files\RealVNC\VNC4\winvnc4.exe"= c:\program files\RealVNC\VNC4\winvnc4.exe:69.119.85.196/255.255.255.255:Enabled:winvnc4.exe

R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\winnt\system32\DRIVERS\bcmwl5.sys [2005-07-11 00:46]
R3 iscFlash;iscFlash;c:\winnt\SYSTEM32\DRIVERS\iscflash.sys []
R3 PCDRDRV;Pcdr Helper Driver;c:\atf\Qctest\PCDoc\PCDRDRV.sys []
R4 hpt3xx;hpt3xx;c:\winnt\system32\DRIVERS\hpt3xx.syS []
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\System32\Drivers\avgldx86.sys [2008-11-09 02:00]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-09 01:59]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-09 01:59]
S2 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\System32\Drivers\avgtdix.sys [2008-11-09 02:00]
S2 bwcdrv;BUFFALO Wireless Configuration;c:\winnt\system32\DRIVERS\bwcdrv.sys [2003-12-21 03:21]

.
Contents of the 'Scheduled Tasks' folder

2008-08-24 c:\winnt\Tasks\EasyShare Registration Task.job
- c:\winnt\system32\rundll32.exe [2004-08-04 02:56]

2002-03-28 c:\winnt\Tasks\ISP signup reminder 1.job
- c:\winnt\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2002-03-28 c:\winnt\Tasks\ISP signup reminder 2.job
- c:\winnt\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2002-03-28 c:\winnt\Tasks\ISP signup reminder 3.job
- c:\winnt\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2008-11-11 c:\winnt\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-11-09 c:\winnt\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{CA4A3FC2-9E9F-8C6C-DBE5-906094C54342} - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 -: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} -

O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {CE736832-F8A9-11D4-80C4-0050DA680987} - hxxp://www.terra.com/chatvoz/hmvcfs.cab
c:\winnt\Downloaded Program Files\hmvcfs.inf
c:\winnt\System32\msvcrt.dll
c:\winnt\System32\mfc42.dll
c:\winnt\Downloaded Program Files\hmvcfs.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 03:00:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\winnt\system32\drivers\BWCSRV.EXE
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\winnt\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-11 3:11:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 08:10:55

Pre-Run: 1,277,349,888 bytes free
Post-Run: 1,896,816,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

227 --- E O F --- 2008-10-24 11:44:57

[ + quote]

cdavfrew

Senior Member

11. November 2008 @ 04:45

Link to this message

Woah... that took me quite some time.

You are indeed infected, and even though you've run quite a powerful arsenal of security software, there is still malware on your computer.

1.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

Open Notepad and copy/paste the text in the code box below into it:

File::

C:\winnt\Sysvxd.exe 

C:\winnt\mocaludu.db

C:\program files\Common Files\uxuqoposyq.exe 

C:\winnt\system32\elozybyde._dl 

C:\winnt\fivycyhojy.reg 

C:\winnt\system32\lape.vbs 

C:\program files\Common Files\hytyj.dat 

C:\documents and settings\All Users\Application Data\ezaco.bat 

C:\documents and settings\Owner\Application Data\weco.dll 

c:\winnt\zyxud.reg 

c:\winnt\system32\kelomevy.com 

c:\winnt\goneqetuj.bat 

c:\winnt\cunuxoh.ban 

c:\winnt\ymyj.dll 

c:\winnt\iruka.db 

c:\winnt\ogazynabu.bin 

c:\winnt\system32\vgdnhfpqycv.exe 

c:\winnt\system32\drivers\kbdhid.sys 

c:\program files\Common Files\olekizyly.ban 

c:\program files\Common Files\anipydo.inf 

c:\program files\Common Files\qirol._dl 



Folder::

C:\Program Files\Winferno



Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 

"AppInit_DLLs"=avgrsstx.dll

? Save this as CFScript.txt in the same folder as ComboFix.
? Then drag the CFScript.txt into Combo-Fix.exe.
? This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).

Do not click on the ComoboFix window, as it may cause it to stall.

2.
Please run HijackThis.

? Click on the button which says Main Menu, then Do a system scan only.
? Please wait for the scan to be completed.
? After the scan has completed, check the following entries.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) 

O2 - BHO: (no name) - {CA4A3FC2-9E9F-8C6C-DBE5-906094C54342} - (no file) 

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Click on the button Fix checked

NOTE:: Close all browsers before fixing anything.

3.
? Please open Notepad.
? Ensure that Format>Word Wrap is unchecked.
? Copy and paste the following into Notepad:

@echo off 

sc stop PictureTaker 

sc delete PictureTaker 

del fix.bat

exit

? Save this as fix.bat onto your Desktop.
? Double click on fix.bat.
? A Command Prompt window will open and close quickly. This is normal.

After that, reboot.

Tell me how things are now, i.e. what problems you have.

Best Regards :D

[ + quote]

Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

coqui3l

Junior Member

11. November 2008 @ 20:59

Link to this message

thanks so far cdavfrew. What follows is the combofix log after running the script you provided.

ComboFix 08-11-10.01 - Owner 2008-11-11 2:50:13.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\WinSoftware
c:\program files\delfin
c:\program files\delfin\PromulGate\preference.dat
c:\winnt\Readme.txt
c:\winnt\system32\instsrv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVCPROC

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-10 01:26 . 2008-11-09 17:33 102,664 --a------ c:\winnt\system32\drivers\tmcomm.sys
2008-11-09 17:33 . 2008-11-10 01:27 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6
2008-11-09 02:29 . 2008-11-09 12:42 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-09 02:28 . 2008-11-09 02:28 <DIR> d-------- c:\program files\CCleaner
2008-11-09 02:11 . 2008-11-09 02:11 <DIR> d-------- c:\program files\Windows Defender
2008-11-09 02:00 . 2008-11-09 02:00 97,928 --a------ c:\winnt\system32\drivers\avgldx86.sys
2008-11-09 02:00 . 2008-11-09 02:00 76,040 --a------ c:\winnt\system32\drivers\avgtdix.sys
2008-11-09 02:00 . 2008-11-09 02:00 10,520 --a------ c:\winnt\system32\avgrsstx.dll
2008-11-09 01:59 . 2008-11-11 03:07 <DIR> d-------- c:\winnt\system32\drivers\Avg
2008-11-09 01:59 . 2008-11-09 01:59 <DIR> d-------- c:\program files\AVG
2008-11-09 01:59 . 2008-11-09 01:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-09 01:47 . 2008-11-09 01:47 <DIR> d-------- c:\program files\PrivacyEraser Computing
2008-11-09 01:46 . 2008-11-09 01:46 <DIR> d-------- C:\VundoFix Backups
2008-11-08 23:50 . 2008-11-08 23:50 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-08 23:50 . 2008-11-08 23:50 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2008-11-08 23:50 . 2008-11-08 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-08 23:49 . 2008-11-08 23:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-08 23:42 . 2008-11-08 23:42 <DIR> d-------- c:\program files\RealVNC
2008-11-08 22:19 . 2008-11-08 22:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-08 22:19 . 2008-10-22 16:28 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-11-08 22:18 . 2008-11-08 22:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-08 22:18 . 2008-11-08 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-08 22:18 . 2008-10-22 16:28 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2008-11-08 21:15 . 2008-11-08 21:15 31,222 --a------ c:\winnt\Sysvxd.exe
2008-11-08 15:54 . 2008-11-08 15:54 19,833 --a------ c:\winnt\mocaludu.db
2008-11-08 15:54 . 2008-11-08 15:54 19,566 --a------ c:\program files\Common Files\uxuqoposyq.exe
2008-11-08 15:54 . 2008-11-08 15:54 19,214 --a------ c:\winnt\system32\elozybyde._dl
2008-11-08 15:54 . 2008-11-08 15:54 19,129 --a------ c:\winnt\fivycyhojy.reg
2008-11-08 15:54 . 2008-11-08 15:54 18,138 --a------ c:\winnt\system32\lape.vbs
2008-11-08 15:54 . 2008-11-08 15:54 17,406 --a------ c:\program files\Common Files\hytyj.dat
2008-11-08 15:54 . 2008-11-08 15:54 16,367 --a------ c:\documents and settings\All Users\Application Data\ezaco.bat
2008-11-08 15:54 . 2008-11-08 15:54 15,334 --a------ c:\documents and settings\Owner\Application Data\weco.dll
2008-11-08 15:54 . 2008-11-08 15:54 14,378 --a------ c:\winnt\zyxud.reg
2008-11-08 15:54 . 2008-11-08 15:54 14,052 --a------ c:\winnt\system32\kelomevy.com
2008-11-08 15:54 . 2008-11-08 15:54 13,109 --a------ c:\winnt\goneqetuj.bat
2008-11-08 15:54 . 2008-11-08 15:54 12,522 --a------ c:\winnt\cunuxoh.ban
2008-11-08 15:54 . 2008-11-08 15:54 12,022 --a------ c:\winnt\ymyj.dll
2008-11-08 15:54 . 2008-11-08 15:54 10,966 --a------ c:\winnt\iruka.db
2008-11-08 15:54 . 2008-11-08 15:54 10,164 --a------ c:\winnt\ogazynabu.bin
2008-10-29 08:32 . 2008-11-03 08:13 77,937 --a------ c:\winnt\system32\vgdnhfpqycv.exe
2008-10-18 18:18 . 2004-08-03 23:58 14,848 --a------ c:\winnt\system32\drivers\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 19:16 --------- d-----w c:\program files\SmartShopper
2008-11-09 16:55 --------- d-----w c:\program files\TV Media
2008-11-09 06:58 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-09 06:56 --------- d-----w c:\program files\Yahoo!
2008-11-09 06:54 --------- d-----w c:\program files\Java
2008-11-09 04:37 --------- d-----w c:\program files\MediaLoads Enhanced
2008-11-08 20:54 12,710 ----a-w c:\program files\Common Files\olekizyly.ban
2008-11-08 20:54 11,473 ----a-w c:\program files\Common Files\anipydo.inf
2008-11-08 20:54 11,083 ----a-w c:\program files\Common Files\qirol._dl
2008-11-07 14:46 --------- d-----w c:\documents and settings\Owner\Application Data\SmartShopper
2008-11-04 02:43 --------- d-----w c:\documents and settings\Natasha\Application Data\SmartShopper
2008-10-16 19:13 202,776 ----a-w c:\winnt\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\winnt\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\winnt\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\winnt\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\winnt\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\winnt\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\winnt\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\winnt\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\winnt\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\winnt\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\winnt\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\winnt\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\winnt\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\winnt\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\winnt\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\winnt\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\winnt\system32\muweb.dll
2008-10-15 16:57 332,800 ------w c:\winnt\system32\dllcache\netapi32.dll
2008-09-15 11:57 1,846,016 ----a-w c:\winnt\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\winnt\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ------w c:\winnt\system32\dllcache\srv.sys
2008-08-19 09:30 18,432 ------w c:\winnt\system32\dllcache\iedw.exe
2008-08-14 10:00 2,180,352 ----a-w c:\winnt\system32\ntoskrnl.exe
2008-08-14 10:00 2,180,352 ------w c:\winnt\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ------w c:\winnt\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ------w c:\winnt\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w c:\winnt\system32\ntkrnlpa.exe
2008-08-14 09:22 2,057,728 ------w c:\winnt\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ------w c:\winnt\system32\dllcache\ntkrpamp.exe
2004-03-04 04:21 8,224 -c--a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]
"Free Internet Eraser"="c:\program files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe" [2008-06-18 538112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2001-11-27 40960]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-06-24 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-09 1234712]
"GWMDMMSG"="GWMDMMSG.exe" [2001-11-27 c:\winnt\GWMDMMSG.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"vidc.XVID"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINNT\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\program files\RealVNC\VNC4\winvnc4.exe"= c:\program files\RealVNC\VNC4\winvnc4.exe:69.119.85.196/255.255.255.255:Enabled:winvnc4.exe

R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\winnt\system32\DRIVERS\bcmwl5.sys [2005-07-11 00:46]
R3 iscFlash;iscFlash;c:\winnt\SYSTEM32\DRIVERS\iscflash.sys []
R3 PCDRDRV;Pcdr Helper Driver;c:\atf\Qctest\PCDoc\PCDRDRV.sys []
R4 hpt3xx;hpt3xx;c:\winnt\system32\DRIVERS\hpt3xx.syS []
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\System32\Drivers\avgldx86.sys [2008-11-09 02:00]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-09 01:59]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-09 01:59]
S2 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\System32\Drivers\avgtdix.sys [2008-11-09 02:00]
S2 bwcdrv;BUFFALO Wireless Configuration;c:\winnt\system32\DRIVERS\bwcdrv.sys [2003-12-21 03:21]

.
Contents of the 'Scheduled Tasks' folder

2008-08-24 c:\winnt\Tasks\EasyShare Registration Task.job
- c:\winnt\system32\rundll32.exe [2004-08-04 02:56]

2002-03-28 c:\winnt\Tasks\ISP signup reminder 1.job
- c:\winnt\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2002-03-28 c:\winnt\Tasks\ISP signup reminder 2.job
- c:\winnt\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2002-03-28 c:\winnt\Tasks\ISP signup reminder 3.job
- c:\winnt\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2008-11-11 c:\winnt\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-11-09 c:\winnt\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{CA4A3FC2-9E9F-8C6C-DBE5-906094C54342} - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 -: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} -

O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {CE736832-F8A9-11D4-80C4-0050DA680987} - hxxp://www.terra.com/chatvoz/hmvcfs.cab
c:\winnt\Downloaded Program Files\hmvcfs.inf
c:\winnt\System32\msvcrt.dll
c:\winnt\System32\mfc42.dll
c:\winnt\Downloaded Program Files\hmvcfs.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 03:00:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\winnt\system32\drivers\BWCSRV.EXE
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\winnt\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-11 3:11:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 08:10:55

Pre-Run: 1,277,349,888 bytes free
Post-Run: 1,896,816,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

227 --- E O F --- 2008-10-24 11:44:57

[ + quote]

coqui3l

Junior Member

11. November 2008 @ 21:10

Link to this message

I must add re: combofix that during the process I got three identical staggered dialog windows stating "You chose not to restore the original versions of the files. This may affect Windows stability. Are you sure you want to keep these unrecognized file versions?" I clicked on "Yes" for all three.

[ + quote]

coqui3l

Junior Member

11. November 2008 @ 21:14

Link to this message

When I ran HiJackThis, only the top and bottom entries appeared within HiJackThis; the middle entry was missing (i.e., "O2 - BHO: (no name) - {CA4A3FC2-9E9F-8C6C-DBE5-906094C54342} - (no file)").

[ + quote]

coqui3l

Junior Member

11. November 2008 @ 21:18

Link to this message

Ran Fix.bat & rebooted.

[ + quote]

cdavfrew

Senior Member

12. November 2008 @ 07:18

Link to this message

Hey coqui3l

Your ComboFix log looks as if you did not run the script yet... please delete C:\Combofix.txt and repeat Step 1 of my previous instructions.

After that, I would like you to follow these instructions:
http://forums.majorgeeks.com/showthread.php?t=147786

Best Regards :D

[ + quote]

coqui3l

Junior Member

14. November 2008 @ 22:59

Link to this message

cdav,

sorry i took so long 2 get back to you; i was away from home.

as for running combofix with the script, i ran it a second time as you suggested but got the same odd result: at the end of the process, notepad opened showing the combofix log and all of the desktop icons and functions disappeared from the screen; also, those three windows about windows files popped up again during the process; to get the icons back i had to run "explorer.exe" from the taskmgr; i then rebooted which is were I am now. The combofix log follows below.

ComboFix 08-11-10.01 - Owner 2008-11-14 21:00:37.4 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\All Users\Application Data\ezaco.bat
c:\documents and settings\Owner\Application Data\weco.dll
c:\program files\Common Files\anipydo.inf
c:\program files\Common Files\hytyj.dat
c:\program files\Common Files\olekizyly.ban
c:\program files\Common Files\qirol._dl
c:\program files\Common Files\uxuqoposyq.exe
c:\winnt\cunuxoh.ban
c:\winnt\fivycyhojy.reg
c:\winnt\goneqetuj.bat
c:\winnt\iruka.db
c:\winnt\mocaludu.db
c:\winnt\ogazynabu.bin
c:\winnt\system32\drivers\kbdhid.sys
c:\winnt\system32\elozybyde._dl
c:\winnt\system32\kelomevy.com
c:\winnt\system32\lape.vbs
c:\winnt\system32\vgdnhfpqycv.exe
c:\winnt\Sysvxd.exe
c:\winnt\ymyj.dll
c:\winnt\zyxud.reg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\drivers\kbdhid.sys

.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.

2008-11-11 10:21 . 2004-08-04 00:58 14,848 --a------ c:\winnt\system32\drivers\kbdhid.sys
2008-11-11 10:21 . 2004-08-04 00:58 14,848 --a------ c:\winnt\system32\dllcache\kbdhid.sys
2008-11-10 01:26 . 2008-11-09 17:33 102,664 --a------ c:\winnt\system32\drivers\tmcomm.sys
2008-11-09 17:33 . 2008-11-10 01:27 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6
2008-11-09 02:29 . 2008-11-09 12:42 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-09 02:28 . 2008-11-09 02:28 <DIR> d-------- c:\program files\CCleaner
2008-11-09 02:11 . 2008-11-09 02:11 <DIR> d-------- c:\program files\Windows Defender
2008-11-09 02:00 . 2008-11-09 02:00 97,928 --a------ c:\winnt\system32\drivers\avgldx86.sys
2008-11-09 02:00 . 2008-11-09 02:00 76,040 --a------ c:\winnt\system32\drivers\avgtdix.sys
2008-11-09 02:00 . 2008-11-09 02:00 10,520 --a------ c:\winnt\system32\avgrsstx.dll
2008-11-09 01:59 . 2008-11-14 20:52 <DIR> d-------- c:\winnt\system32\drivers\Avg
2008-11-09 01:59 . 2008-11-09 01:59 <DIR> d-------- c:\program files\AVG
2008-11-09 01:59 . 2008-11-09 01:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-09 01:47 . 2008-11-09 01:47 <DIR> d-------- c:\program files\PrivacyEraser Computing
2008-11-09 01:46 . 2008-11-09 01:46 <DIR> d-------- C:\VundoFix Backups
2008-11-08 23:50 . 2008-11-08 23:50 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-08 23:50 . 2008-11-08 23:50 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2008-11-08 23:50 . 2008-11-08 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-08 23:49 . 2008-11-08 23:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-08 23:42 . 2008-11-08 23:42 <DIR> d-------- c:\program files\RealVNC
2008-11-08 22:19 . 2008-11-08 22:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-08 22:19 . 2008-10-22 16:28 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-11-08 22:18 . 2008-11-08 22:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-08 22:18 . 2008-11-08 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-08 22:18 . 2008-10-22 16:28 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 19:16 --------- d-----w c:\program files\SmartShopper
2008-11-09 16:55 --------- d-----w c:\program files\TV Media
2008-11-09 06:58 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-09 06:56 --------- d-----w c:\program files\Yahoo!
2008-11-09 06:54 --------- d-----w c:\program files\Java
2008-11-09 04:37 --------- d-----w c:\program files\MediaLoads Enhanced
2008-11-07 14:46 --------- d-----w c:\documents and settings\Owner\Application Data\SmartShopper
2008-11-04 02:43 --------- d-----w c:\documents and settings\Natasha\Application Data\SmartShopper
2008-10-16 19:13 202,776 ----a-w c:\winnt\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\winnt\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\winnt\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\winnt\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\winnt\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\winnt\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\winnt\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\winnt\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\winnt\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\winnt\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\winnt\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\winnt\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\winnt\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\winnt\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\winnt\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\winnt\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\winnt\system32\muweb.dll
2008-10-15 16:57 332,800 ------w c:\winnt\system32\dllcache\netapi32.dll
2008-09-15 11:57 1,846,016 ----a-w c:\winnt\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\winnt\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ------w c:\winnt\system32\dllcache\srv.sys
2008-08-19 09:30 18,432 ------w c:\winnt\system32\dllcache\iedw.exe
2004-03-04 04:21 8,224 -c--a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]
"Free Internet Eraser"="c:\program files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe" [2008-06-18 538112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2001-11-27 40960]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-06-24 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-09 1234712]
"GWMDMMSG"="GWMDMMSG.exe" [2001-11-27 c:\winnt\GWMDMMSG.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"vidc.XVID"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINNT\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\program files\RealVNC\VNC4\winvnc4.exe"= c:\program files\RealVNC\VNC4\winvnc4.exe:69.119.85.196/255.255.255.255:Enabled:winvnc4.exe

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-09 01:59]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-09 01:59]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\winnt\system32\DRIVERS\bcmwl5.sys [2005-07-11 00:46]
R3 iscFlash;iscFlash;c:\winnt\SYSTEM32\DRIVERS\iscflash.sys []
R3 PCDRDRV;Pcdr Helper Driver;c:\atf\Qctest\PCDoc\PCDRDRV.sys []
R4 hpt3xx;hpt3xx;c:\winnt\system32\DRIVERS\hpt3xx.syS []
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\System32\Drivers\avgldx86.sys [2008-11-09 02:00]
S2 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\System32\Drivers\avgtdix.sys [2008-11-09 02:00]
S2 bwcdrv;BUFFALO Wireless Configuration;c:\winnt\system32\DRIVERS\bwcdrv.sys [2003-12-21 03:21]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-24 c:\winnt\Tasks\EasyShare Registration Task.job
- c:\winnt\system32\rundll32.exe [2004-08-04 02:56]

2002-03-28 c:\winnt\Tasks\ISP signup reminder 1.job
- c:\winnt\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2002-03-28 c:\winnt\Tasks\ISP signup reminder 2.job
- c:\winnt\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2002-03-28 c:\winnt\Tasks\ISP signup reminder 3.job
- c:\winnt\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2008-11-15 c:\winnt\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-11-09 c:\winnt\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 21:04:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\winnt\system32\winlogon.exe
-> c:\winnt\system32\tsd32.dll
.
Completion time: 2008-11-14 21:07:46
ComboFix-quarantined-files.txt 2008-11-15 02:06:53
ComboFix2.txt 2008-11-11 15:23:10
ComboFix3.txt 2008-11-11 08:11:56

Pre-Run: 1,903,521,792 bytes free
Post-Run: 1,892,028,416 bytes free

182 --- E O F --- 2008-10-24 11:44:57

[ + quote]

cdavfrew

Senior Member

15. November 2008 @ 08:20

Link to this message

Hey coqui3l

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

Open Notepad and copy/paste the text in the code box below into it:

File::

C:\Windows\system32\karna.dat



Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 

"AppInit_DLLs"=avgrsstx.dll

? Save this as CFScript.txt in the same folder as ComboFix.
? Then drag the CFScript.txt into Combo-Fix.exe.
? This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).

Do not click on the ComoboFix window, as it may cause it to stall.

Any more problems? I would prefer if you ran these instructions, as they would repair any system files corrupted by the malware.

Originally posted by cdavfrew:
After that, I would like you to follow these instructions:
http://forums.majorgeeks.com/showthread.php?t=147786

Best Regards :D

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > viruses and spyware galore...plz help


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.