Jump to content

Posting Malewarebytes log and HJT log

icfxdesigns

By icfxdesigns
in Resolved Malware Removal Logs

 Share

Recommended Posts

icfxdesigns

icfxdesigns

Posted
  • Author
Posted

Here is the current Comboxfix log

ComboFix 08-12-04.04 - Eric Smith 2008-12-06 0:09:37.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.290 [GMT -5:00]

Running from: c:\documents and settings\Eric Smith\Desktop\ComboFix.exe

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DOMAINSERVICE

-------\Legacy_FOPN

((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))

.

2008-12-03 19:04 . 2008-12-06 00:15 6,843 --a------ c:\windows\system32\Config.MPF

2008-12-03 18:51 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys

2008-12-03 18:51 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys

2008-12-03 18:51 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys

2008-12-03 18:50 . 2008-12-03 18:50 <DIR> d-------- c:\program files\McAfee.com

2008-12-03 18:50 . 2008-12-03 18:51 <DIR> d-------- c:\program files\Common Files\McAfee

2008-12-03 18:50 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys

2008-12-03 18:47 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys

2008-12-03 17:53 . 2008-12-03 17:53 141,824 --a------ c:\windows\aledacibisovu.dll

2008-12-03 17:41 . 2008-12-03 17:41 40,448 --a------ c:\windows\Bwobe.dll

2008-12-03 17:41 . 2008-12-03 17:55 40,448 --a------ C:\fjytg.exe

2008-12-03 17:41 . 2008-12-03 17:55 39,424 --a------ C:\bflkwx.exe

2008-12-03 17:40 . 2008-12-03 17:55 47,598 --a------ c:\windows\system32\wlgudeqkqwqbakn.exe

2008-12-03 17:25 . 2008-12-03 17:25 <DIR> d-------- c:\temp\DIV55

2008-12-03 14:30 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

2008-12-03 14:30 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

2008-12-03 14:30 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe

2008-12-03 14:30 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\o4Patch.exe

2008-12-03 14:30 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe

2008-12-03 14:30 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe

2008-12-03 14:30 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe

2008-12-03 14:30 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe

2008-12-03 14:30 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe

2008-12-03 14:09 . 2008-12-03 14:09 1,152 --a------ c:\windows\system32\windrv.sys

2008-12-03 14:08 . 2008-12-03 14:08 <DIR> d-------- c:\program files\Common Files\Download Manager

2008-12-02 19:19 . 2008-12-02 19:19 <DIR> d-------- c:\program files\Lavasoft

2008-12-02 19:19 . 2008-12-03 18:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2008-12-01 22:09 . 2008-12-01 22:09 <DIR> d-------- C:\rsit

2008-12-01 20:50 . 2008-12-01 21:01 250 --a------ c:\windows\gmer.ini

2008-11-29 15:27 . 2008-11-29 15:25 37,280 --a------ c:\windows\system32\drivers\btwmodem.sys

2008-11-26 00:12 . 2008-11-26 00:12 <DIR> d-------- c:\documents and settings\Eric Smith\Application Data\Malwarebytes

2008-11-26 00:12 . 2008-11-26 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-19 16:16 . 2008-11-19 16:16 <DIR> d-------- C:\MyAmerican

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-04 00:04 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2008-12-03 23:53 --------- d-----w c:\program files\McAfee

2008-11-29 20:25 879,496 ----a-w c:\windows\system32\drivers\btkrnl.sys

2008-11-29 20:25 74,656 ----a-w c:\windows\system32\drivers\btwusb.sys

2008-11-29 20:25 55,352 ----a-w c:\windows\system32\drivers\btwhid.sys

2008-11-29 20:25 539,432 ----a-w c:\windows\system32\drivers\btaudio.sys

2008-11-29 20:25 37,424 ----a-w c:\windows\system32\drivers\btport.sys

2008-11-29 20:25 156,392 ----a-w c:\windows\system32\drivers\btwdndis.sys

2008-11-28 19:29 --------- d-----w c:\program files\Trend Micro

2008-11-25 14:02 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 19:24 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore

2004-01-27 18:23 3,149 ----a-w c:\program files\Common Files\remove_tools.html

2003-06-03 00:08 60,928 --sha-w c:\program files\Thumbs.db

2003-03-12 20:12 151,920 ----a-w c:\documents and settings\Eric Smith\Application Data\GDIPFONTCACHEV1.DAT

2001-11-03 21:04 271 --sha-w c:\program files\desktop.ini

2001-11-03 21:04 23,357 ---ha-w c:\program files\folder.htt

1989-12-12 14:10 190,000 --sha-r c:\windows\fkmqpcb.exe

2004-11-30 22:33 620,759 --sha-w c:\windows\Config\ptflmx.bak1

2004-11-30 22:39 620,759 --sha-w c:\windows\Config\ptflmx.bak2

2002-11-05 04:43 203,504 --sha-w c:\windows\DRM\IndivBox.dll

2004-10-30 22:26 2,434,769 --sha-w c:\windows\msagent\chars\golnu.bak2

2004-11-20 12:30 59,706,025 --sha-w c:\windows\system\CatRoot\drahsm.bak1

2004-11-20 12:37 59,706,025 --sha-w c:\windows\system\CatRoot\drahsm.bak2

2007-12-04 03:44 88 --sh--r c:\windows\system32\34912FB5F2.sys

2007-12-14 18:50 56 --sh--r c:\windows\system32\F2B52F9134.sys

2007-12-14 18:50 4,184 --sha-w c:\windows\system32\KGyGaAvL.sys

2004-10-22 22:22 1,179,425 --sha-w c:\windows\Tasks\kabteni.bak2

2004-10-20 22:21 575,911 --sha-w c:\windows\Tasks\vrdsnd.bak2

.

((((((((((((((((((((((((((((( snapshot@2008-12-04_16.54.46.28 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-04 18:10:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-12-06 00:54:35 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-12-04 18:10:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-12-06 00:54:35 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-12-04 18:10:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-06 00:54:35 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]

@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]

@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]

@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]

@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]

@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]

@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]

@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 169984]

"Gpatev"="c:\windows\Bwobe.dll" [2008-12-03 40448]

"Lgehuhogajim"="c:\windows\aledacibisovu.dll" [2008-12-03 141824]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Mouse.lnk - c:\program files\Bluetooth Mouse\MulMouse.exe [2008-04-21 245760]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-11 576104]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I263"= i263_32.drv

"VIDC.VDOM"= vdowave.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]

backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Xpress Mail Personal Edition.lnk]

backup=c:\windows\pss\Xpress Mail Personal Edition.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eric Smith^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eric Smith^Start Menu^Programs^Startup^TA_Start.lnk]

backup=c:\windows\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\websearch]

wjview [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-10 04:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2005-05-15 01:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

--a------ 2005-09-08 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

--a------ 2005-09-29 13:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gpatev]

--a------ 2008-12-03 17:41 40448 c:\windows\Bwobe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2006-06-20 21:36 1207080 c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2005-06-17 06:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

--a------ 2005-10-14 19:46 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

--a------ 2005-10-14 19:50 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

--a------ 2005-10-14 19:49 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lgehuhogajim]

--a------ 2008-12-03 17:53 141824 c:\windows\aledacibisovu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

--a------ 2005-06-08 13:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

--a------ 2005-06-08 14:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a------ 2005-06-08 14:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

--a------ 2005-07-19 16:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]

--a------ 2007-05-30 13:03 475180 c:\progra~1\Magentic\bin\Magentic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2002-12-05 16:24 2181704 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]

--a------ 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]

--a------ 2008-02-06 20:53 8824112 c:\program files\VoipStunt.com\VoipStunt\voipstunt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]

--a------ 2008-12-01 21:33 8944944 c:\program files\Voipwise.com\Voipwise\voipwise.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-03-27 14:22 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Ati HotKey Poller"=2 (0x2)

"Crypkey License"=2 (0x2)

"Macromedia Licensing Service"=3 (0x3)

"MDM"=2 (0x2)

"MskService"=2 (0x2)

"mcupdmgr.exe"=3 (0x3)

"McTskshd.exe"=2 (0x2)

"McDetect.exe"=2 (0x2)

"GEARSecurity"=2 (0x2)

"AOL ACS"=2 (0x2)

"Norton Ghost"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccEvtMgr"=2 (0x2)

"Symantec Core LC"=3 (0x3)

"NetSvc"=3 (0x3)

"iPod Service"=3 (0x3)

"IAANTMon"=2 (0x2)

"DomainService"=2 (0x2)

"ccSetMgr"=2 (0x2)

"Bonjour Service"=2 (0x2)

"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

"Bargains"=c:\program files\Bargain Buddy\bin2\bargains.exe

"CreateCD50"=c:\progra~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~2.EXE -r

"EbatesMoeMoneyMaker"=wjview /cp:p "c:\program files\EbatesMoeMoneyMaker\System\Code" Main lp: "c:\program files\EbatesMoeMoneyMaker"

"HotKeysCmds"=c:\windows\SYSTEM32\HKCMD.EXE

"IgfxTray"=c:\windows\SYSTEM32\IGFXTRAY.EXE

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

"LoadQM"=loadqm.exe

"MediaLoads Installer"="c:\program files\DownloadWare\dw.exe" /H

"NAV Agent"=c:\progra~1\NORTON~2\NAVAPW32.EXE

"New.net Startup"=rundll32 c:\progra~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

"Premeter"=c:\progra~1\NETRAT~1\PREMETER\PRMT.EXE

"Promon.exe"=Promon.exe

"PromulGate"="c:\program files\DelFin\PromulGate\PgMonitr.exe"

"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime

"webHancer Agent"="c:\program files\webHancer\Programs\whAgent.exe"

"WhenUSave"=c:\progra~1\SAVE\Save.exe

"WINSTART001.EXE"=c:\windows\SYSTEM32\WinStart001.EXE -b

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=

"c:\\Program Files\\Trillian\\trillian.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\GlobalSCAPE\\CuteFTP\\CUTFTP32.EXE"=

"c:\\Games\\empire\\ee\\Empire Earth.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Xpress Mail\\Personal Edition\\XpressMailDesktopClient.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=

"c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=

"c:\\Program Files\\WinSCP\\WinSCP.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\ComboFix\\fdsv.cfexe"=

"c:\\Program Files\\QuickTime\\QTTask.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-12-03 203280]

S1 BthEnumm;BthEnumm;c:\windows\system32\drivers\BthEnumm.sys []

S1 cdfss;cdfss;c:\windows\system32\drivers\cdfss.sys []

S2 0298821228435651mcinstcleanup;McAfee Application Installer Cleanup (0298821228435651);c:\windows\TEMP\029882~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []

S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-03-13 4736]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc2.sys [2006-03-13 8960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - 0298821228435651MCINSTCLEANUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]

c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl

.

Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-03 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-03 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.icfxdesigns.com/

mSearch Bar = hxxp://www.topfivesearch.com/sidesearch.asp

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 -: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab

c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\ppctl.dll - O16 -: ppctlcab

hxxp://www.pestscan.com/scanner/ppctlcab.cab

c:\windows\Downloaded Program Files\OSD406.OSD

FireFox -: Profile - c:\documents and settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\zmbzzhv3.Eric\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.icfxdesigns.com

FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll

FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-06 00:15:28

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\program files\McAfee\MPF\MpfSrv.exe

c:\program files\McAfee\MSK\msksrver.exe

c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

.

**************************************************************************

.

Completion time: 2008-12-06 0:18:55 - machine was rebooted

ComboFix-quarantined-files.txt 2008-12-06 05:18:50

ComboFix2.txt 2008-12-04 21:55:51

Pre-Run: 18,968,686,592 bytes free

Post-Run: 18,960,396,288 bytes free

401 --- E O F --- 2008-11-13 08:04:50

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

No, you are still infected

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

c:\windows\aledacibisovu.dll

C:\fjytg.exe

C:\bflkwx.exe

c:\windows\system32\wlgudeqkqwqbakn.exe

c:\windows\fkmqpcb.exe

c:\windows\Config\ptflmx.bak1

c:\windows\Config\ptflmx.bak2

c:\windows\msagent\chars\golnu.bak2

c:\windows\system\CatRoot\drahsm.bak1

c:\windows\system\CatRoot\drahsm.bak2

c:\windows\system32\34912FB5F2.sys

c:\windows\system32\F2B52F9134.sys

c:\windows\Tasks\kabteni.bak2

c:\windows\Tasks\vrdsnd.bak2

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Lgehuhogajim"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lgehuhogajim]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"Bargains"=-

"New.net Startup"=-

"WhenUSave"=-

"webHancer Agent"=-

"Premeter"=-

"PromulGate"=-

"EbatesMoeMoneyMaker"=-

"WINSTART001.EXE"=-

Driver::

cdfss

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites
icfxdesigns

icfxdesigns

Posted
  • Author
Posted

Per your request, Spy! Thanks for you continued support.

-------------------------------

ComboFix 08-12-04.04 - Eric Smith 2008-12-06 19:30:38.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.549 [GMT -5:00]

Running from: c:\documents and settings\Eric Smith\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Eric Smith\Desktop\CFScript.txt

* Created a new restore point

* Resident AV is active

FILE ::

C:\bflkwx.exe

C:\fjytg.exe

c:\windows\aledacibisovu.dll

c:\windows\Config\ptflmx.bak1

c:\windows\Config\ptflmx.bak2

c:\windows\fkmqpcb.exe

c:\windows\msagent\chars\golnu.bak2

c:\windows\system\CatRoot\drahsm.bak1

c:\windows\system\CatRoot\drahsm.bak2

c:\windows\system32\34912FB5F2.sys

c:\windows\system32\F2B52F9134.sys

c:\windows\system32\wlgudeqkqwqbakn.exe

c:\windows\Tasks\kabteni.bak2

c:\windows\Tasks\vrdsnd.bak2

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\bflkwx.exe

C:\fjytg.exe

c:\windows\aledacibisovu.dll

c:\windows\Config\ptflmx.bak1

c:\windows\Config\ptflmx.bak2

c:\windows\fkmqpcb.exe

c:\windows\msagent\chars\golnu.bak2

c:\windows\system\CatRoot\drahsm.bak1

c:\windows\system\CatRoot\drahsm.bak2

c:\windows\system32\34912FB5F2.sys

c:\windows\system32\F2B52F9134.sys

c:\windows\system32\wlgudeqkqwqbakn.exe

c:\windows\Tasks\kabteni.bak2

c:\windows\Tasks\vrdsnd.bak2

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DOMAINSERVICE

-------\Legacy_FOPN

-------\Service_cdfss

((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))

.

2008-12-03 19:04 . 2008-12-06 19:36 7,053 --a------ c:\windows\system32\Config.MPF

2008-12-03 18:51 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys

2008-12-03 18:51 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys

2008-12-03 18:51 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys

2008-12-03 18:50 . 2008-12-03 18:50 <DIR> d-------- c:\program files\McAfee.com

2008-12-03 18:50 . 2008-12-03 18:51 <DIR> d-------- c:\program files\Common Files\McAfee

2008-12-03 18:50 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys

2008-12-03 18:47 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys

2008-12-03 17:41 . 2008-12-03 17:41 40,448 --a------ c:\windows\Bwobe.dll

2008-12-03 17:25 . 2008-12-03 17:25 <DIR> d-------- c:\temp\DIV55

2008-12-03 14:30 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

2008-12-03 14:30 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

2008-12-03 14:30 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe

2008-12-03 14:30 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\o4Patch.exe

2008-12-03 14:30 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe

2008-12-03 14:30 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe

2008-12-03 14:30 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe

2008-12-03 14:30 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe

2008-12-03 14:30 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe

2008-12-03 14:09 . 2008-12-03 14:09 1,152 --a------ c:\windows\system32\windrv.sys

2008-12-03 14:08 . 2008-12-03 14:08 <DIR> d-------- c:\program files\Common Files\Download Manager

2008-12-02 19:19 . 2008-12-02 19:19 <DIR> d-------- c:\program files\Lavasoft

2008-12-02 19:19 . 2008-12-03 18:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2008-12-01 22:09 . 2008-12-01 22:09 <DIR> d-------- C:\rsit

2008-12-01 20:50 . 2008-12-01 21:01 250 --a------ c:\windows\gmer.ini

2008-11-29 15:27 . 2008-11-29 15:25 37,280 --a------ c:\windows\system32\drivers\btwmodem.sys

2008-11-26 00:12 . 2008-11-26 00:12 <DIR> d-------- c:\documents and settings\Eric Smith\Application Data\Malwarebytes

2008-11-26 00:12 . 2008-11-26 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-19 16:16 . 2008-11-19 16:16 <DIR> d-------- C:\MyAmerican

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-04 00:04 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2008-12-03 23:53 --------- d-----w c:\program files\McAfee

2008-11-29 20:25 879,496 ----a-w c:\windows\system32\drivers\btkrnl.sys

2008-11-29 20:25 74,656 ----a-w c:\windows\system32\drivers\btwusb.sys

2008-11-29 20:25 55,352 ----a-w c:\windows\system32\drivers\btwhid.sys

2008-11-29 20:25 539,432 ----a-w c:\windows\system32\drivers\btaudio.sys

2008-11-29 20:25 37,424 ----a-w c:\windows\system32\drivers\btport.sys

2008-11-29 20:25 156,392 ----a-w c:\windows\system32\drivers\btwdndis.sys

2008-11-28 19:29 --------- d-----w c:\program files\Trend Micro

2008-11-25 14:02 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 19:24 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore

2004-01-27 18:23 3,149 ----a-w c:\program files\Common Files\remove_tools.html

2003-06-03 00:08 60,928 --sha-w c:\program files\Thumbs.db

2003-03-12 20:12 151,920 ----a-w c:\documents and settings\Eric Smith\Application Data\GDIPFONTCACHEV1.DAT

2001-11-03 21:04 271 --sha-w c:\program files\desktop.ini

2001-11-03 21:04 23,357 ---ha-w c:\program files\folder.htt

2002-11-05 04:43 203,504 --sha-w c:\windows\DRM\IndivBox.dll

2007-12-14 18:50 4,184 --sha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( snapshot@2008-12-04_16.54.46.28 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-04 18:10:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-12-06 19:50:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-12-04 18:10:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-12-06 19:50:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-12-04 18:10:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-06 19:50:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]

@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]

@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]

@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]

@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]

@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]

@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]

@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 10:40 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 169984]

"Gpatev"="c:\windows\Bwobe.dll" [2008-12-03 40448]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Mouse.lnk - c:\program files\Bluetooth Mouse\MulMouse.exe [2008-04-21 245760]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-11 576104]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I263"= i263_32.drv

"VIDC.VDOM"= vdowave.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]

backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Xpress Mail Personal Edition.lnk]

backup=c:\windows\pss\Xpress Mail Personal Edition.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eric Smith^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eric Smith^Start Menu^Programs^Startup^TA_Start.lnk]

backup=c:\windows\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\websearch]

wjview [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-10 04:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2005-05-15 01:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

--a------ 2005-09-08 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

--a------ 2005-09-29 13:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gpatev]

--a------ 2008-12-03 17:41 40448 c:\windows\Bwobe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2006-06-20 21:36 1207080 c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2005-06-17 06:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

--a------ 2005-10-14 19:46 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

--a------ 2005-10-14 19:50 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

--a------ 2005-10-14 19:49 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

--a------ 2005-06-08 13:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

--a------ 2005-06-08 14:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a------ 2005-06-08 14:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

--a------ 2005-07-19 16:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]

--a------ 2007-05-30 13:03 475180 c:\progra~1\Magentic\bin\Magentic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2002-12-05 16:24 2181704 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]

--a------ 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]

--a------ 2008-02-06 20:53 8824112 c:\program files\VoipStunt.com\VoipStunt\voipstunt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]

--a------ 2008-12-01 21:33 8944944 c:\program files\Voipwise.com\Voipwise\voipwise.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-03-27 14:22 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Ati HotKey Poller"=2 (0x2)

"Crypkey License"=2 (0x2)

"Macromedia Licensing Service"=3 (0x3)

"MDM"=2 (0x2)

"MskService"=2 (0x2)

"mcupdmgr.exe"=3 (0x3)

"McTskshd.exe"=2 (0x2)

"McDetect.exe"=2 (0x2)

"GEARSecurity"=2 (0x2)

"AOL ACS"=2 (0x2)

"Norton Ghost"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccEvtMgr"=2 (0x2)

"Symantec Core LC"=3 (0x3)

"NetSvc"=3 (0x3)

"iPod Service"=3 (0x3)

"IAANTMon"=2 (0x2)

"DomainService"=2 (0x2)

"ccSetMgr"=2 (0x2)

"Bonjour Service"=2 (0x2)

"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

"CreateCD50"=c:\progra~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~2.EXE -r

"HotKeysCmds"=c:\windows\SYSTEM32\HKCMD.EXE

"IgfxTray"=c:\windows\SYSTEM32\IGFXTRAY.EXE

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

"LoadQM"=loadqm.exe

"MediaLoads Installer"="c:\program files\DownloadWare\dw.exe" /H

"NAV Agent"=c:\progra~1\NORTON~2\NAVAPW32.EXE

"Promon.exe"=Promon.exe

"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=

"c:\\Program Files\\Trillian\\trillian.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\GlobalSCAPE\\CuteFTP\\CUTFTP32.EXE"=

"c:\\Games\\empire\\ee\\Empire Earth.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Xpress Mail\\Personal Edition\\XpressMailDesktopClient.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=

"c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=

"c:\\Program Files\\WinSCP\\WinSCP.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\ComboFix\\fdsv.cfexe"=

"c:\\Program Files\\QuickTime\\QTTask.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-12-03 203280]

S1 BthEnumm;BthEnumm;c:\windows\system32\drivers\BthEnumm.sys []

S2 0298821228435651mcinstcleanup;McAfee Application Installer Cleanup (0298821228435651);c:\windows\TEMP\029882~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []

S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-03-13 4736]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc2.sys [2006-03-13 8960]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]

c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl

.

Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-03 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-03 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.icfxdesigns.com/

mSearch Bar = hxxp://www.topfivesearch.com/sidesearch.asp

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 -: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab

c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\ppctl.dll - O16 -: ppctlcab

hxxp://www.pestscan.com/scanner/ppctlcab.cab

c:\windows\Downloaded Program Files\OSD406.OSD

FireFox -: Profile - c:\documents and settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\zmbzzhv3.Eric\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.icfxdesigns.com

FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll

FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-06 19:35:35

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2772)

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\program files\TortoiseSVN\bin\tortoisesvn.dll

c:\program files\TortoiseSVN\bin\intl3_svn.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\program files\McAfee\MPF\MpfSrv.exe

c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE

c:\program files\McAfee\MSK\msksrver.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\dllhost.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

.

**************************************************************************

.

Completion time: 2008-12-06 19:39:03 - machine was rebooted

ComboFix-quarantined-files.txt 2008-12-07 00:38:56

ComboFix2.txt 2008-12-06 05:18:59

ComboFix3.txt 2008-12-04 21:55:51

Pre-Run: 18,884,702,208 bytes free

Post-Run: 18,866,339,840 bytes free

411 --- E O F --- 2008-11-13 08:04:50

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

You are welcome. How is your computer running?

Download and scan with SUPERAntiSpyware Free for Home Users

  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.

    [*]Click the "Close" button to leave the control center screen.

    [*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

    [*]On the left, make sure you check C:\Fixed Drive.

    [*]On the right, under "Complete Scan", choose Perform Complete Scan.

    [*]Click "Next" to start the scan. Please be patient while it scans your computer.

    [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

    [*]Make sure everything has a checkmark next to it and click "Next".

    [*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

    [*]If asked if you want to reboot, click "Yes".

    [*]To retrieve the removal information after reboot, launch SUPERAntispyware again.

    o Click Preferences, then click the Statistics/Logs tab.

    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

    o Please copy and paste the Scan Log results in your next reply.

    [*]Click Close to exit the program.

Link to post
Share on other sites
icfxdesigns

icfxdesigns

Posted
  • Author
Posted

Since I got ComboFix to work the system has been running great. I have even noticed the speed has increased a little. No more popups and no more annoying background ads over my speakers where I had to shut down explorer and restart it.

Whatever you guys did, thanks. And where would I go to make a donation to whatever you guys are doing. You need to be funded.

Thanks for everything and I hope I am clean now. I will run SuperAnti Spyware and let you know how it goes.

icfxdesigns.

Link to post
Share on other sites
malu

malu

Posted
Posted

My laptop is infected with virus. I have installed MBAM and did the scanning. It removes the detected malware but my system keeps getting infected again and again.This I get to know when I do the scanning after one or two days.I think malware is not fully removed from my system, please help.

I would also like to know which antivirus to download for protection.

The rescent log file is as below:-

Malwarebytes' Anti-Malware 1.31

Database version: 1460

Windows 5.1.2600 Service Pack 2

12/6/2008 11:29:38 PM

mbam-log-2008-12-06 (23-29-38).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 132265

Time elapsed: 55 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 20

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP198\A0059794.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP198\A0059796.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP198\A0059802.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059734.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059736.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059738.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059739.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059740.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059741.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059742.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059743.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059744.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059745.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059746.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{44DD0982-143C-489C-A60E-76390C18B0C2}\RP197\A0059747.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Link to post
Share on other sites
icfxdesigns

icfxdesigns

Posted
  • Author
Posted

I did not think I was this infected, but per your request here is the Superantispyware scan log

---------------------

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/06/2008 at 09:02 PM

Application Version : 4.22.1014

Core Rules Database Version : 3665

Trace Rules Database Version: 1645

Scan type : Complete Scan

Total Scan Time : 00:51:40

Memory items scanned : 511

Memory threats detected : 0

Registry items scanned : 7462

Registry threats detected : 24

File items scanned : 35515

File threats detected : 256

Adware.Tracking Cookie

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adopt.specificclick[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@shopica[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@revenue[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@azjmp[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@heavycom.122.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@interclick[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@rotator.adjuggler[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@primetrafficsite[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@media.adrevolver[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@indiads[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@roiservice[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@exoclick[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@starz.122.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.k8l[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@tacoda[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ehg-foxsports.hitbox[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.realtechnetwork[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@anat.tacoda[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@gomyhit[7].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@cpvfeed[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ehg-sportingbet.hitbox[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@enhance[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@nielsen.112.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.think-adz[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@entrepreneur[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adserver.easyad[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@questionmarket[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@stat.dealtime[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@fastclick[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@overture[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@image.masterstats[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ad.yieldmanager[3].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.bridgetrack[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@a.websponsors[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adserver.itdrive[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.us.e-planning[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adserver5.teracent[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.burstnet[3].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@gcc-06.googleadservices[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adserver4.teracent[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@redorbit[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.counter[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.pornstarputas[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.pointroll[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@insightexpressai[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adlegend[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@6403.kliktraffic.blueseek[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.xctrk[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adtrafficstats[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.pornstarbox[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.monster[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@tribalfusion[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@linksynergy[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@srv.ad-adnet[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.domainsuite[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.socialtrack[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@qnsr[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ehg-groupernetworks.hitbox[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@traffic.prod.cobaltgroup[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@chitika[3].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@zedo[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@statcounter[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.awltovhc[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adbrite[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@yieldmanager[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@upspiral[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@sale.trustedantivirus[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@drivecleaner[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@trafficmp[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ehg-mgmmirageoperations.hitbox[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@gomyhit[6].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@toseeka[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@serving-sys[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@winantispyware[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adecn[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@mediabust[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@reduxads.valuead[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@primetrafficsite[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@imrworldwide[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@cache.trafficmp[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@mediaplex[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adopt.euroclick[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@burstnet[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@sexbuddies[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.primetrafficsite[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@redorbit.us.intellitxt[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@realmedia[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.vidsense[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adtech[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adserver.adtechus[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@lynxtrack[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@bzresults.122.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@atlas.entrepreneur[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@prospect.adbureau[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.lloydsofindiana[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adultadworld[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@advertising[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@revsci[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@specificmedia[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@19searchfeed[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@atdmt[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@casalemedia[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@2o7[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.adtrak[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@specificclick[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@firstpremierbankcard.112.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@media6degrees[3].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads5.think-adz[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@doubleclick[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@wmvmedialease[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.traffic-o-rama[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@googleadservices[1].txt

.casalemedia.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.casalemedia.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.icc.intellisrv.net [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.icc.intellisrv.net [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.icc.intellisrv.net [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.icc.intellisrv.net [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.intellisrv.net [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.atwola.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

ad.admarketplace.net [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.belnk.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.ath.belnk.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.ath.belnk.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.ath.belnk.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.ath.belnk.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.dist.belnk.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.belnk.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

www.3dstats.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.oddcast.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.clickhype.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

ad1.clickhype.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

www3.claxonmedia.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.adopt.hbmediapro.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.adopt.hbmediapro.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.clicksor.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.adknowledge.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.nextag.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.nextag.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

mediats.lostfrog.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.a.websponsors.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.adverticum.net [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

audit.median.hu [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.burstnet.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

www.burstnet.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.burstnet.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

www.burstbeacon.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.bannerspace.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.bannerspace.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.certaclick.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

citi.bridgetrack.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.teenhitchhikers.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

www.mycensoredinwife.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

www.mycensoredinwife.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.pornaccess.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.imrworldwide.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

.imrworldwide.com [ C:\Documents and Settings\Eric Smith\Application Data\Mozilla\Firefox\Profiles\finxwyph.default\cookies.txt ]

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@richmedia.yahoo[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@homestore.122.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@smashonemedia[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@kaboose.112.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@crackle[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@morepornstars[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@revsci[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@2.adbrite[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@hitbox[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adcentriconline[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@stat.onestat[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ad.netcrefer[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.asianpornstarhoes[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@go.winantivirus[3].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.burstnet[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@bridge.admarketplace[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ad.yieldmanager[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@tremor.adbureau[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.findit-quick[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@bizrate[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@media.mtvnservices[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@bluestreak[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@hotelinternetstrategies.122.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@linkstattrack[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@tradedoubler[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@clickshift[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.directnetadvertising[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@superadultsex[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@iacas.adbureau[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@server.iad.liveperson[3].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.mediabust[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@entrepreneur.122.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.toseeka[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ehg-traderelectronicmedia.hitbox[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@realmedia[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@precisionclick[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.entrepreneur[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.traffic-o-rama[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@doubleclick[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@srv.ad-adnet[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@friendlytrack[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@partner2profit[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@stats.adbrite[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@dealtime[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@specificmedia[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@perf.overture[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@collective-media[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@pro-market[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@newmotioninc.112.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@apmebf[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@indextools[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@at.atwola[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@atwola[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@buycom.122.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.socialtrack[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@media6degrees[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@statse.webtrendslive[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@edge.ru4[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adserver.mediaengine[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.mediamayhemcorp[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@go.winantispyware[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@data.coremetrics[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@paypal.112.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@revenuegateway.directtrack[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@eztracks.aavalue[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ehg-veohnetworksinc.hitbox[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@dynamic.media.adrevolver[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@guthyrenker.112.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adrevolver[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@bs.serving-sys[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adserver.adtechus[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adsby.zwoops[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ylwbook.findlinks.addresses[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@waterfrontmedia.112.2o7[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads3.blastro[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@traffic.buyservices[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.morepornstars[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@keywordmax[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@anad.tacoda[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@yadro[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ehg-players.hitbox[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@adinterax[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads4.blastro[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@chitika[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@ads.10click[2].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@www.epilot[1].txt

C:\Documents and Settings\Eric Smith\Cookies\eric_smith@qinteractive.112.2o7[1].txt

Browser Hijacker.Begin2Search

HKCR\btnetw.amo

HKCR\btnetw.amo\CLSID

HKCR\btnetw.amo\CurVer

HKCR\btnetw.amo.1

HKCR\btnetw.amo.1\CLSID

HKCR\btnetw.iiittt

HKCR\btnetw.iiittt\CLSID

HKCR\btnetw.iiittt\CurVer

HKCR\btnetw.iiittt.1

HKCR\btnetw.iiittt.1\CLSID

HKCR\btnetw.momo

HKCR\btnetw.momo\CLSID

HKCR\btnetw.momo\CurVer

HKCR\btnetw.momo.1

HKCR\btnetw.momo.1\CLSID

HKCR\btnetw.ohb

HKCR\btnetw.ohb\CLSID

HKCR\btnetw.ohb\CurVer

HKCR\btnetw.ohb.1

HKCR\btnetw.ohb.1\CLSID

Trojan.Fake-Alert/Trace

HKU\S-1-5-21-3042683402-3847260021-2521065589-1005\SOFTWARE\Microsoft\fias4013

Adware.Prun

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet#UninstallString

Malware.Installer-Pkg/Gen

C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Trojan.Dropper-NET/TMP

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP465\A0091129.EXE

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.