Jump to content

Ambrox

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Heres my combo-fix log ComboFix 10-08-06.01 - Owner 08/07/2010 9:39.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.431 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\BITS c:\documents and settings\Owner\Application Data\BITS\BITS.ini c:\documents and settings\Owner\Application Data\BITS\DHTTable.dat c:\documents and settings\Owner\Application Data\BITS\ProxyList.ini c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328161446.torrent c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328161446.torrent.filelist c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328161525.torrent c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328161525.torrent.filelist c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328161526.torrent c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328161526.torrent.~tmp c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328161526.torrent.bits c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328161526.torrent.filelist c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328161526.torrent.hybridlist c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328161526.torrent.seeds c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328161526.torrent.statistic c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328171910.torrent c:\documents and settings\Owner\Application Data\BITS\Torrent\20100328171910.torrent.filelist c:\documents and settings\Owner\Application Data\BITS\Torrent\20100410101302.torrent c:\documents and settings\Owner\Application Data\BITS\Torrent\20100410101302.torrent.filelist c:\documents and settings\Owner\Application Data\BITS\Torrent\20100410152241.torrent c:\documents and settings\Owner\Application Data\BITS\Torrent\20100410152241.torrent.filelist c:\documents and settings\Owner\Application Data\BITS\Torrent\20100410154132.torrent c:\documents and settings\Owner\Application Data\BITS\Torrent\20100410154132.torrent.filelist c:\documents and settings\Owner\Application Data\BITS\Torrent\20100412150713.torrent c:\documents and settings\Owner\Application Data\BITS\Torrent\20100412150713.torrent.filelist c:\documents and settings\Owner\Application Data\FlashGetBHO c:\documents and settings\Owner\Application Data\FlashGetBHO\FlashGetBHO3.dll c:\documents and settings\Owner\Application Data\FlashGetBHO\FlashGetHook.dll c:\documents and settings\Owner\Application Data\FlashGetBHO\GetAllUrl.htm c:\documents and settings\Owner\Application Data\FlashGetBHO\GetUrl.htm c:\program files\FlashGet Network c:\program files\FlashGet Network\FlashGet 3\adns.dll c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll c:\program files\FlashGet Network\FlashGet 3\BugReport.dll c:\program files\FlashGet Network\FlashGet 3\BugReport.exe c:\program files\FlashGet Network\FlashGet 3\cd1.ico c:\program files\FlashGet Network\FlashGet 3\ckcore.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll c:\program files\FlashGet Network\FlashGet 3\commonlib.dll c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll c:\program files\FlashGet Network\FlashGet 3\config\clients.met c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met c:\program files\FlashGet Network\FlashGet 3\config\known.met c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini c:\program files\FlashGet Network\FlashGet 3\config\server.met c:\program files\FlashGet Network\FlashGet 3\config\server_met.old c:\program files\FlashGet Network\FlashGet 3\config\upload.met c:\program files\FlashGet Network\FlashGet 3\corestat.dll c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_33665566.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_4-L.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5-04400194A.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5_4504_1.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_csqyz010315.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon01.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_leifeng12.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_logo.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_paidangzhentan12.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WuBiaoTi-2.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1270777588.zip c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue.png c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_classic.png c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat c:\program files\FlashGet Network\FlashGet 3\dat\torrent\599265_Alexisonfire_-_Discography.5209207.TPB.torrent c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll c:\program files\FlashGet Network\FlashGet 3\fg.ico c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll c:\program files\FlashGet Network\FlashGet 3\game.ico c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe c:\program files\FlashGet Network\FlashGet 3\libem.dll c:\program files\FlashGet Network\FlashGet 3\license.txt c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini c:\program files\FlashGet Network\FlashGet 3\p2pcore.dll c:\program files\FlashGet Network\FlashGet 3\p2score.dll c:\program files\FlashGet Network\FlashGet 3\perf.ini c:\program files\FlashGet Network\FlashGet 3\pncrt.dll c:\program files\FlashGet Network\FlashGet 3\pstat.dat c:\program files\FlashGet Network\FlashGet 3\pup.dat c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll c:\program files\FlashGet Network\FlashGet 3\storage.dll c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe c:\program files\FlashGet Network\FlashGet 3\uninst.exe c:\program files\FlashGet Network\FlashGet 3\VodCore.dll c:\program files\FlashGet Network\FlashGet 3\zlib.dll c:\windows\system32\Cache c:\windows\system32\secushr.dat c:\windows\system32\secustat.dat c:\windows\wpe pro.INI . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 ((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 ))))))))))))))))))))))))))))))) . 2010-08-06 20:46 . 2010-08-06 21:24 -------- d-----w- C:\Combo-Fix 2010-08-06 17:23 . 2005-04-25 18:28 135168 ----a-w- c:\windows\system32\igfxres.dll 2010-08-06 17:15 . 2005-02-28 14:49 33148 ----a-w- c:\windows\system32\drivers\FlexBios.sys 2010-08-06 17:15 . 2005-02-28 14:49 34064 ----a-w- c:\windows\system32\drivers\Invoker.sys 2010-08-06 17:15 . 2005-02-28 14:49 294912 ----a-w- c:\windows\system32\FlexEng.dll 2010-08-06 16:10 . 2010-08-06 16:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar 2010-08-06 14:52 . 2010-08-06 14:52 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8 2010-08-05 17:04 . 2010-08-05 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS 2010-08-05 17:04 . 2010-08-05 17:04 -------- d-----w- C:\v83 2010-08-04 20:18 . 2010-08-04 20:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Deployment 2010-08-04 19:33 . 2010-08-04 19:33 -------- d-----w- c:\program files\Sol Edit 2010-07-31 05:05 . 2010-07-31 05:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-07-30 14:29 . 2010-07-30 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-07-29 15:52 . 2010-07-29 16:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp 2010-07-29 15:52 . 2010-07-29 16:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google 2010-07-27 14:09 . 2010-07-27 14:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ManyCam 2010-07-27 14:08 . 2010-07-27 14:08 -------- d-----w- c:\documents and settings\Owner\Application Data\ManyCam 2010-07-27 14:08 . 2010-07-27 14:08 -------- d-----w- c:\program files\ManyCam 2010-07-23 13:58 . 2010-08-06 17:25 -------- d-----w- c:\program files\SpeedFan 2010-07-21 21:06 . 2010-07-21 21:06 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-07-21 17:03 . 2010-07-21 17:03 -------- d-----w- c:\documents and settings\Owner\Application Data\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1 2010-07-21 17:03 . 2010-07-21 17:03 -------- d-----w- c:\program files\Adobe Photoshop.com Uploader 2010-07-21 17:03 . 2010-07-21 17:03 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-07-20 20:23 . 2010-07-20 20:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-07-20 20:23 . 2010-07-20 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-20 20:18 . 2010-07-20 20:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion 2010-07-20 20:14 . 2010-07-20 20:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-07-20 20:13 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-20 20:13 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-20 20:11 . 2010-07-20 20:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar 2010-07-20 20:10 . 2010-07-20 20:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2010-07-20 20:09 . 2010-07-20 20:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-07-20 20:09 . 2010-07-20 20:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache 2010-07-20 20:04 . 2010-07-20 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-20 19:44 . 2010-08-07 14:53 767488 ----a-w- c:\windows\system32\drivers\atcal.sys 2010-07-20 19:43 . 2010-07-20 19:43 0 ----a-w- c:\windows\Twubanimifix.bin 2010-07-20 19:43 . 2010-07-20 19:43 120 ----a-w- c:\windows\Cdaxumezimimimes.dat 2010-07-20 19:43 . 2010-07-20 19:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{4CDFD7F6-3659-41A8-96F0-7D29B9591979} 2010-07-20 19:41 . 2010-07-20 21:16 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\lpvybiucv 2010-07-20 19:41 . 2010-07-20 19:41 -------- d-----w- c:\documents and settings\Owner\Application Data\F5FA27D4AEB3943F21BF99C9A997B1ED . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-07 14:53 . 2010-02-06 22:44 54 ----a-w- c:\windows\system32\rp_stats.dat 2010-08-07 14:53 . 2010-02-06 22:44 39 ----a-w- c:\windows\system32\rp_rules.dat 2010-08-07 14:52 . 2010-03-12 12:58 -------- d-----w- c:\program files\Nakido 2010-08-07 14:52 . 2010-01-20 22:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-08-07 14:37 . 2010-01-26 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-08-06 21:37 . 2010-08-06 21:37 4669440 ---ha-w- c:\documents and settings\Owner\ntuser.tmp 2010-08-06 17:16 . 2010-01-02 19:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-06 16:15 . 2010-01-14 23:45 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData 2010-08-05 17:36 . 2010-01-09 20:33 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent 2010-08-05 17:32 . 2010-05-22 19:42 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc 2010-08-05 17:04 . 2010-08-05 17:04 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll 2010-08-05 17:04 . 2010-08-05 17:04 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll 2010-08-05 17:04 . 2010-08-05 17:04 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll 2010-08-05 17:04 . 2010-08-05 17:04 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll 2010-08-05 17:04 . 2010-08-05 17:04 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe 2010-08-05 17:04 . 2010-08-05 17:04 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll 2010-08-04 20:26 . 2010-01-14 12:19 -------- d-----w- c:\program files\Cheat Engine 2010-07-21 16:57 . 2010-07-21 17:03 53632 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-07-06 14:01 . 2010-07-06 14:01 -------- d-----w- c:\program files\Lavalys 2010-07-04 16:59 . 2010-07-04 16:59 -------- d-----w- c:\program files\Ahead 2010-07-04 16:59 . 2010-07-04 16:59 -------- d-----w- c:\program files\Common Files\Ahead 2010-07-02 20:08 . 2010-07-02 20:07 -------- d-----w- c:\program files\CDRWIN 2010-06-30 14:27 . 2010-06-30 14:27 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore 2010-06-30 14:27 . 2010-06-30 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM 2010-06-30 14:27 . 2010-06-30 14:26 -------- d-----w- c:\program files\AIM 2010-06-30 14:26 . 2010-06-30 14:26 -------- d-----w- c:\program files\Common Files\Software Update Utility 2010-06-30 14:26 . 2010-06-30 14:26 -------- d-----w- c:\program files\Common Files\AOL 2010-06-28 17:49 . 2010-01-20 00:53 -------- d-----w- c:\program files\Microsoft.NET 2010-06-28 17:04 . 2010-01-15 16:26 -------- d-----w- c:\program files\Pokemon World 2010-06-13 04:42 . 2010-06-12 15:38 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate 2010-06-12 15:38 . 2010-01-14 23:24 -------- d-----w- c:\program files\HP 2001-10-05 20:53 . 2010-01-10 21:46 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll . ------- Sigcheck ------- [7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-04-14 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2002-06-25 . E7774698BB0D14B0710A9A31E209F9B6 . 327168 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\backup\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 19:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-15 2937528] "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-29 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-25 94208] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-25 77824] "Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-25 114688] "TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2001-10-05 118784] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-06-25 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-11 18:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] 2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY] 2010-04-03 17:21 2064224 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] 2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio] 2006-12-06 21:37 9138176 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kcafidefayoqeviw] 2008-04-14 11:42 184320 ----a-w- c:\windows\oxofotocedofi.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Abyss Web Server\\abyssws.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Nakido\\nakido.exe"= "c:\\Program Files\\AIM\\aim.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57651:TCP"= 57651:TCP:Pando Media Booster "57651:UDP"= 57651:UDP:Pando Media Booster R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/26/2010 6:22 PM 52872] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2010 5:42 PM 64288] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/26/2010 6:22 PM 216200] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/26/2010 6:22 PM 242696] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/20/2010 5:21 PM 233136] R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/11/2010 1:29 PM 916760] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/11/2010 1:29 PM 308064] R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [6/25/2002 2:27 PM 14336] R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [3/6/2010 8:12 AM 330240] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [1/20/2010 5:21 PM 88040] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [1/12/2010 6:49 AM 28160] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [1/20/2010 5:20 PM 70664] R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [1/20/2010 5:20 PM 58816] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [1/20/2010 5:20 PM 115216] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] --- Other Services/Drivers In Memory --- *Deregistered* - atcal [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-08-04 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:04] 2010-04-22 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:04] 2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:04] 2010-08-06 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:04] 2010-06-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:04] 2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1844237615-725345543-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 15:52] 2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1844237615-725345543-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 15:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sharewareisland.com/ mStart Page = hxxp://www.sharewareisland.com uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx IE: Download All By FlashGet3 - c:\documents and settings\Owner\Application Data\FlashGetBHO\GetAllUrl.htm IE: Download By FlashGet3 - c:\documents and settings\Owner\Application Data\FlashGetBHO\GetUrl.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm IE: Open current page with BID Link E&xplorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm Trusted Zone: kuaiche.com\software DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4tpz9n36.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - HiddenExtension: XULRunner: {4CDFD7F6-3659-41A8-96F0-7D29B9591979} - c:\documents and settings\Owner\Local Settings\Application Data\{4CDFD7F6-3659-41A8-96F0-7D29B9591979}\ ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pre f", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-SigmatelSysTrayApp - sttray.exe MSConfigStartUp-openvpn-gui - j:\ultravpn\bin\openvpn-gui.exe MSConfigStartUp-sta - ikxep.dll AddRemove-FlashGet 3.3 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe AddRemove-HijackThis - h:\hbcd\wintools\HijackThis.exe AddRemove-OpenVPN - j:\ultravpn\Uninstall.exe AddRemove-Sun Download Manager 2.0 (web) - c:\windows\system32\javaws.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-07 09:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atcal] . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3784) c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\windows\System32\inetsrv\inetinfo.exe c:\program files\PC Tools Firewall Plus\FWService.exe c:\windows\System32\tcpsvcs.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\AVG\AVG9\avgupd.exe c:\program files\AVG\AVG9\avgscanx.exe c:\program files\AVG\AVG9\avgcsrvx.exe . ************************************************************************** . Completion time: 2010-08-07 09:59:36 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-07 14:59 Pre-Run: 103,366,803,456 bytes free Post-Run: 103,328,342,016 bytes free - - End Of File - - 09263CCBF6A9CB214F4049EF13908D3B
  2. Heres the logs you requested. We're probably not done yet but I'm still being redirected to other sites even though the host file seems to be untouched. DDS.txt mbam_log_2010_08_06__11_37_12_.txt JavaRa.txt
  3. I was only able to scan with DDS and Hijacthis. When I scanned with GMER rootkit scanner and unchecked the options told to uncheck I got BSOD for this first time on this computer. So here are the logs, excluding GMERs Hijackthis log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:49:12 AM, on 8/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\TPPALDR.EXE C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\explorer.exe C:\Program Files\Nakido\nakido.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sharewareisland.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sharewareisland.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sharewareisland.com/quicksearch.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Owner\Application Data\FlashGetBHO\FlashGetBHO3.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\Owner\Application Data\FlashGetBHO\GetAllUrl.htm O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\Owner\Application Data\FlashGetBHO\GetUrl.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm O8 - Extra context menu item: Enqueue link tar&get with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm O8 - Extra context menu item: Open current page with BI&D - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm O8 - Extra context menu item: Open current page with BID Link E&xplorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://software.kuaiche.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- End of file - 8580 bytes DDS.txt Attach.txt
  4. Hi I recently removed a fake spyware program from my PC following all the steps in a blog. I can't remember the name of it but I was sure I got rid of everything. But I'm being redirected to other sites now. So I did a full scan with MBAM and these came up. I'm afraid if I remove them it might corrupt a system file thus disabling me from logging back into my computer. Also I downloaded WPE editor myself, I'm just worried about the other ones. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4332 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 8/4/2010 2:57:33 PM mbam-log-2010-08-04 (14-57-33).txt Scan type: Full scan (C:\|) Objects scanned: 256199 Time elapsed: 51 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\6to4v32.dll (Trojan.Dropper) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Dropper) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\6to4v32.dll (Trojan.Dropper) -> No action taken. C:\Documents and Settings\Owner\My Documents\WPE\WPE PRO.exe (HackTool.Sniffer.WpePro) -> No action taken. C:\Documents and Settings\Owner\My Documents\WPE\WpeSpy.dll (HackTool.Sniffer.WpePro) -> No action taken. C:\System Volume Information\_restore{38D00AF1-66A6-43AC-B93C-E051D82CE1FA}\RP72\A0230681.exe (Trojan.Adware) -> No action taken. C:\WINDOWS\system32\file.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\svchost.exe (Trojan.Agent) -> No action taken.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.