how-to block ads
|
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
 ·Comcast
2 edits | [multi] MABAM Log - need help with removal
Working on a family member's PC (yeah I know.. ) that is VERY OWNED and I need a bit of help here.. apparently its infected with SKYNET and MSIVX among others (mostly cleaned with Kaspersky rescue and MABAM.)
Unable to install / run: ad-aware(installed), SBS&D, or HijackThis
Internet connection is not working (connected, but can't access anything.. (host file is fixed, write protected))
MABAM was able to be installed/ran (as a renamed exe)
logs follows..
Not sure what to do next now.. HELP!
mabam logs from newest to oldest
----------------------------------
(safemode):
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2
7/23/2009 11:55:17 AM
mbam-log-2009-07-23 (11-55-17).txt
Scan type: Quick Scan
Objects scanned: 137533
Time elapsed: 15 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
\\?\globalroot\systemroot\system32\MSIVXjuatwtusawpyanecskkpayynrynqamvj.dll (Spyware.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
\\?\globalroot\systemroot\system32\MSIVXjuatwtusawpyanecskkpayynrynqamvj.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.
-----------------------------------------------------------
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2
7/23/2009 1:42:15 PM
mbam-log-2009-07-23 (13-41-54).txt
Scan type: Quick Scan
Objects scanned: 103900
Time elapsed: 18 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
\\?\globalroot\systemroot\system32\MSIVXjuatwtusawpyanecskkpayynrynqamvj.dll (Spyware.Agent) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
\\?\globalroot\systemroot\system32\MSIVXjuatwtusawpyanecskkpayynrynqamvj.dll (Spyware.Agent) -> No action taken.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> No action taken.
------------------------------------------------------------
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2
7/23/2009 10:04:59 AM
mbam-log-2009-07-23 (10-04-58).txt
Scan type: Quick Scan
Objects scanned: 137778
Time elapsed: 15 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 61
Registry Values Infected: 16
Registry Data Items Infected: 6
Folders Infected: 49
Files Infected: 242
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
\\?\globalroot\systemroot\system32\MSIVXjuatwtusawpyanecskkpayynrynqamvj.dll (Spyware.Agent) -> Delete on reboot.
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c51f7e9-8542-4f25-a30f-2060157752e1} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{157bef24-1400-4e89-946a-f29f97d703d3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f80db5a5-a885-7370-4983-841f62a80af2} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0578df30-4383-11d2-b91e-0060089f5c5d} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{150ea8e7-a97c-4816-ad02-4865eef8c5ff} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{157bef24-1400-4e89-946a-f29f97d703d3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e5yw3yhaqghraewh3ye3hbsshsnqqa80 (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\e5yw3yhaqghraewh3ye3hbsshsnqqa80 (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\e5yw3yhaqghraewh3ye3hbsshsnqqa80 (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MSx (Rogue.MSAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm5f6585b4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Microsoft Office\Office\AW.DLL (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.mfc\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.crt\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.205,85.255.112.202 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{214ae753-1804-4c39-b2a6-2ef79350d0ef}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.205,85.255.112.202 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.205,85.255.112.202 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{214ae753-1804-4c39-b2a6-2ef79350d0ef}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.205,85.255.112.202 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.205,85.255.112.202 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{214ae753-1804-4c39-b2a6-2ef79350d0ef}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.205,85.255.112.202 -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\James\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\Starware(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\BrowserSearch(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\Configurator(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\ErrorSearch(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\Games(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\JokeSearch(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\Layouts(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\Manager(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\Movies(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\Pranks(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\RelatedSearch(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\ScreensaversMarketingSitePager(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\SearchAssistPlus(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\SearchMatch(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\SmileyTown(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\Toolbar(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\ToolbarLogo(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\ToolbarSearch(2) (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\TravelSearch(2) (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\James\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Loader\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Updater\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\James\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\registrysmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\levi\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\levi\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\linda huser\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\linda huser\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\AAV (Rogue.AdvancedAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\WAV (Rogue.WindowsAntiVirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\968070 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedVirusRemover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Program Files\Manson (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
\\?\globalroot\systemroot\system32\MSIVXjuatwtusawpyanecskkpayynrynqamvj.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\James\Application Data\VideoEgg\Loader\4458\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Office\Office\AW.DLL (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
c:\WINDOWS\e5yw3yhaqghraewh3ye3hbsshsnqqa81.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACiltlqvfvmcohiem.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_113056320594.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_252691433810.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_3418762110.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_350949303223.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_356385791333.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_370077496944.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_37845679368.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_390165817728.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_395338723684.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_506546788153.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_53349495104.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_539190172963.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_554721133877.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_573087555591.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_578952875610.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_692742296172.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_726751798579.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_785458751958.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_792683112438.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\UAC9b05.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\James\start menu\Programs\outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\James\start menu\Programs\outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\browsersearch(2)\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\browsersearch(2)\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\configurator(2)\ConfiguratorOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\configurator(2)\ConfiguratorOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\errorsearch(2)\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\errorsearch(2)\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\Games(2)\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\Games(2)\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\jokesearch(2)\JokeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\jokesearch(2)\JokeSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\layouts(2)\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\layouts(2)\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\layouts(2)\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\layouts(2)\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\manager(2)\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\manager(2)\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\movies(2)\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\movies(2)\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\pranks(2)\PranksOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\pranks(2)\PranksOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\relatedsearch(2)\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\relatedsearch(2)\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\screensaversmarketingsitepager(2)\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\screensaversmarketingsitepager(2)\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\searchassistplus(2)\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\searchassistplus(2)\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\searchmatch(2)\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\searchmatch(2)\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\smileytown(2)\SmileyTownOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\smileytown(2)\SmileyTownOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\toolbar(2)\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\toolbar(2)\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\toolbarlogo(2)\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\toolbarlogo(2)\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\toolbarsearch(2)\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\toolbarsearch(2)\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\travelsearch(2)\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\starware(2)\travelsearch(2)\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\publisher\4458\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Updater\4458\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\VideoEgg\Updater\4458\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\application data\registrysmart\Log\2007 Nov 11 - 02_36_23 PM_515.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\application data\registrysmart\Log\2007 Nov 11 - 02_36_29 PM_203.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\registrysmart\Log\2007 Nov 18 - 04_26_36 PM_546.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\registrysmart\Log\2007 Nov 18 - 04_26_54 PM_546.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\registrysmart\registry backups\2007-11-09_09-10-32.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\levi\application data\registrysmart\Log\2007 Nov 17 - 03_26_29 PM_640.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\levi\application data\registrysmart\Log\2007 Nov 17 - 03_26_49 PM_375.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\linda huser\application data\registrysmart\Log\2007 Nov 16 - 03_35_24 PM_531.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\linda huser\application data\registrysmart\Log\2007 Nov 16 - 03_35_34 PM_500.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\James\application data\microsoft\internet explorer\quick launch\Antivirus 2009.lnk (Rogue.AntiVirus2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\James\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\James\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\WINDOWS\BM5f6585b4.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\BM5f6585b4.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MSX\msx1.dat (Rogue.MSAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\MSX\msx.ooo (Rogue.MSAntiVirus) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
----------------------------------------------------------------------
HELP!
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
·Comcast
3 edits | was able, after renaming the exe to run HijackThis.. also was able to get ad-aware ae installed, but NOT updated. (still won't connect to any internet sites)
here is the logfiles:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:44 PM, on 7/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Trend Micro\HijackThis\HijaxThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »us.rd.yahoo.com/customize/ycomp/···ahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »red.clientapps.yahoo.com/customi···ahoo.com
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1BB4FE87-965D-4509-8E84-23B04F9A9C9B} - C:\WINDOWS\system32\nnnnNFYQ.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {62990F9D-37BC-4A98-AE85-E5643B696EED} - C:\WINDOWS\system32\khfFXrqQ.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [kell] C:\Program Files\Manson\liser.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [kell] C:\Program Files\Manson\liser.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\James\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\winhelper.dll' missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »a1540.g.akamai.net/7/1540/52/200···ugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - »www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%20Twist/Images/stg_drm.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - »tools.ebayimg.com/eps/wl/activex···3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »update.microsoft.com/microsoftup···31482312
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - »launch.gamespyarcade.com/softwar···unch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···ient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - »us.dl1.yimg.com/download.yahoo.c···lete.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »fpdownload2.macromedia.com/get/f···lash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - »download.mcafee.com/molbin/iss-l···scan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - »chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - »www.creative.com/SU/ocx/12119/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - Logitech Inc. - (no file)
O23 - Service: McAfee Network Agent (McNASvc) - Logitech Inc. - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 10141 bytes
--------------------------------
Logfile created: 7/23/2009 15:13:25
Lavasoft Ad-Aware version: 8.0.7
Extended engine version: 8.1
User performing scan: James
*********************** Definitions database information ***********************
Lavasoft definition file: 149.0
Extended engine definition file: 8.1
******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 81040
Objects detected: 0
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Scan and cleaning complete: Finished correctly after 529 seconds
*********************************** Settings ***********************************
Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: scanrootkits, enabled:1, value: true
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Thu Jul 23 14:54:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Thu Jul 23 14:54:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: JAMES-XO7NI61RK
Processor name: AMD Athlon(tm) XP 2200+
Processor identifier: x86 Family 6 Model 10 Stepping 0
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 2560, number of processors 1
Physical memory available: 132395008 bytes
Physical memory total: 536330240 bytes
Virtual memory available: 1967968256 bytes
Virtual memory total: 2147352576 bytes
Memory load: 75%
Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Windows startup mode:
Running processes:
PID: 592 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 656 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 708 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 756 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 768 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 948 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1044 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1184 name: C:\Program Files\Windows Defender\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1228 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1308 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1480 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1600 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1692 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1764 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1824 name: C:\WINDOWS\System32\CTsvcCDA.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 1916 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1952 name: C:\WINDOWS\System32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 176 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 364 name: C:\WINDOWS\System32\MsPMSPSv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 508 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY
PID: 732 name: C:\WINDOWS\Explorer.EXE owner: James domain: JAMES-XO7NI61RK
PID: 1300 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1516 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 564 name: C:\WINDOWS\AGRSMMSG.exe owner: James domain: JAMES-XO7NI61RK
PID: 572 name: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe owner: James domain: JAMES-XO7NI61RK
PID: 584 name: C:\Program Files\iTunes\iTunesHelper.exe owner: James domain: JAMES-XO7NI61RK
PID: 640 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: James domain: JAMES-XO7NI61RK
PID: 520 name: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe owner: James domain: JAMES-XO7NI61RK
PID: 476 name: C:\Program Files\Windows Defender\MSASCui.exe owner: James domain: JAMES-XO7NI61RK
PID: 1128 name: C:\WINDOWS\system32\ctfmon.exe owner: James domain: JAMES-XO7NI61RK
PID: 1336 name: C:\Program Files\FinePixViewer\QuickDCF.exe owner: James domain: JAMES-XO7NI61RK
PID: 1360 name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe owner: James domain: JAMES-XO7NI61RK
PID: 1412 name: C:\Program Files\Common Files\Sonic Shared\cinetray.exe owner: James domain: JAMES-XO7NI61RK
PID: 1944 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2056 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: James domain: JAMES-XO7NI61RK
PID: 2072 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2860 name: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe owner: James domain: JAMES-XO7NI61RK
PID: 1056 name: C:\WINDOWS\hh.exe owner: James domain: JAMES-XO7NI61RK
Startup items:
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /install
Name: AGRSMMSG
imagepath: AGRSMMSG.exe
Name: DIGStream
imagepath: C:\Program Files\DIGStream\digstream.exe
Name: HP Component Manager
imagepath: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Name: Logitech Hardware Abstraction Layer
imagepath: KHALMNPR.EXE
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: NBKeyScan
imagepath: "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
Name: HP Software Update
imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Name: Windows Defender
imagepath: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: kell
imagepath: C:\Program Files\Manson\liser.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
imagepath: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
imagepath: C:\Program Files\FinePixViewer\QuickDCF.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
imagepath: C:\Program Files\Microsoft Office\Office\OSA9.EXE
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
imagepath: C:\Program Files\Common Files\Sonic Shared\cinetray.exe
Bootexecute items:
Name:
imagepath: 'autocheck autochk *'
Name:
imagepath: lsdelete
Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: AudioSrv
displayname: Windows Audio
Name: CCALib8
displayname: Canon Camera Access Library 8
Name: Creative Service for CDROM Access
displayname: Creative Service for CDROM Access
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: iPodService
displayname: iPodService
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug and Play
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: WinDefend
displayname: Windows Defender
Name: winmgmt
displayname: Windows Management Instrumentation
Name: WMDM PMSP Service
displayname: WMDM PMSP Service
Name: WZCSVC
displayname: Wireless Zero Configuration
-------------------------------------------------
Last diagnostic run time: 07/23/09 15:50:39 WinSock Diagnostic
WinSock status
info Error attmpting to validate the Winsock base providers: 2
error Not all base service provider entries could be found in the winsock catalog. A reset is needed.
info Redirecting user to support call
Network Adapter Diagnostic
Network location detection
info Using home Internet connection
Network adapter identification
info Network connection: Name=Local Area Connection, Device=NVIDIA nForce MCP Networking Controller, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Broadband Connection, Device=WAN Miniport (PPPOE), MediaType=PPPOE, SubMediaType=NONE
info Network connection: Name=Broadband Connection 2, Device=WAN Miniport (PPPOE), MediaType=PPPOE, SubMediaType=NONE
info Network connection: Name=Dial-up Connection, Device=, MediaType=PHONE, SubMediaType=NONE
info Network connection: Name=Broadband Connection 5, Device=WAN Miniport (PPPOE), MediaType=PPPOE, SubMediaType=NONE
info Network connection: Name=Broadband Connection 7, Device=WAN Miniport (PPPOE), MediaType=PPPOE, SubMediaType=NONE
info Network connection: Name=Broadband Connection 6, Device=WAN Miniport (PPPOE), MediaType=PPPOE, SubMediaType=NONE
info Ethernet connection selected
Network adapter status
info Network connection status: Connected
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity
warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.
------------------------------------------------------------------
any thing you all can help me with here would be most helpful.
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com | |
lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
clubs: | First of all, thank you for persevering 
Hang in there..we can have you looked at soon | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
·Comcast
| reply to pokesph
just in case it'll help, here is the last kaspersky rescue removal log
Scan: completed 7/23/09 9:29 AM (events: 8, objects: 323300, time: 18:58:28)
7/22/09 1:40 PM Task completed
7/22/09 1:03 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.ay /discs/C:/WINDOWS/Temp/tmp0_892912245635.bk.old
7/22/09 1:03 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.dx /discs/C:/WINDOWS/Temp/tmp0_782144175595.bk.old
7/22/09 1:03 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.ju /discs/C:/WINDOWS/Temp/tmp0_7541804190.bk.old
7/22/09 1:03 PM Detected: Trojan-Downloader.Win32.DlfBfkg.ay /discs/C:/WINDOWS/Temp/tmp0_892912245635.bk.old
7/22/09 1:03 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.dx /discs/C:/WINDOWS/Temp/tmp0_825556600962.bk.old
7/22/09 1:02 PM Detected: Trojan-Downloader.Win32.DlfBfkg.dx /discs/C:/WINDOWS/Temp/tmp0_825556600962.bk.old
7/22/09 1:02 PM Deleted: Backdoor.Win32.Agent.ailz /discs/C:/WINDOWS/Temp/tmp0_701789463810.bk.old
7/22/09 1:02 PM Detected: Trojan-Downloader.Win32.DlfBfkg.dx /discs/C:/WINDOWS/Temp/tmp0_782144175595.bk.old
7/22/09 1:02 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.hc /discs/C:/WINDOWS/Temp/tmp0_688987300101.bk.old
7/22/09 1:02 PM Detected: Trojan-Downloader.Win32.DlfBfkg.ju /discs/C:/WINDOWS/Temp/tmp0_7541804190.bk.old
7/22/09 1:02 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.fz /discs/C:/WINDOWS/Temp/tmp0_66458727863.bk.old
7/22/09 1:02 PM Detected: Backdoor.Win32.Agent.ailz /discs/C:/WINDOWS/Temp/tmp0_701789463810.bk.old
7/22/09 1:02 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.gg /discs/C:/WINDOWS/Temp/tmp0_691432877281.bk.old
7/22/09 1:01 PM Detected: Trojan-Downloader.Win32.DlfBfkg.gg /discs/C:/WINDOWS/Temp/tmp0_691432877281.bk.old
7/22/09 1:01 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.fv /discs/C:/WINDOWS/Temp/tmp0_664118817108.bk.old
7/22/09 1:01 PM Detected: Trojan-Downloader.Win32.DlfBfkg.hc /discs/C:/WINDOWS/Temp/tmp0_688987300101.bk.old
7/22/09 1:01 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.cv /discs/C:/WINDOWS/Temp/tmp0_628944236458.bk.old
7/22/09 1:01 PM Detected: Trojan-Downloader.Win32.DlfBfkg.fz /discs/C:/WINDOWS/Temp/tmp0_66458727863.bk.old
7/22/09 1:00 PM Deleted: Trojan.Win32.Koblu.ahg /discs/C:/WINDOWS/Temp/txpxr_279985494194.b1k
7/22/09 1:00 PM Detected: Trojan-Downloader.Win32.DlfBfkg.fv /discs/C:/WINDOWS/Temp/tmp0_664118817108.bk.old
7/22/09 1:00 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.jc /discs/C:/WINDOWS/Temp/tmp0_632344325361.bk.old
7/22/09 12:58 PM Detected: Trojan-Downloader.Win32.DlfBfkg.jc /discs/C:/WINDOWS/Temp/tmp0_632344325361.bk.old
7/22/09 12:58 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETttgpkbkdel.tmp
7/22/09 12:58 PM Detected: Trojan-Downloader.Win32.DlfBfkg.cv /discs/C:/WINDOWS/Temp/tmp0_628944236458.bk.old
7/22/09 12:58 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyfupflfmjq.tmp
7/22/09 12:58 PM Detected: Trojan.Win32.Koblu.ahg /discs/C:/WINDOWS/Temp/txpxr_279985494194.b1k
7/22/09 12:58 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETqcvbgvtngi.tmp
7/22/09 12:57 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyfupflfmjq.tmp
7/22/09 12:57 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETlvxjsyluux.tmp
7/22/09 12:57 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETttgpkbkdel.tmp
7/22/09 12:57 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETgxrlbgehcm.tmp
7/22/09 12:57 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETqcvbgvtngi.tmp
7/22/09 12:57 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETogystxrgyl.tmp
7/22/09 12:57 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETogystxrgyl.tmp
7/22/09 12:57 PM Deleted: Trojan.Win32.Koblu.zd /discs/C:/WINDOWS/Temp/txpxr_894884670981.b1k
7/22/09 12:57 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETlvxjsyluux.tmp
7/22/09 12:56 PM Deleted: Trojan.Win32.Koblu.yp /discs/C:/WINDOWS/Temp/txpxr_81822632128.b1k
7/22/09 12:56 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETgxrlbgehcm.tmp
7/22/09 12:56 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETcvymndtfcy.tmp
7/22/09 12:56 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETcvymndtfcy.tmp
7/22/09 12:56 PM Deleted: Trojan.Win32.Koblu.ahf /discs/C:/WINDOWS/Temp/txpxr_531656859221.b1k
7/22/09 12:56 PM Detected: Trojan.Win32.Koblu.zd /discs/C:/WINDOWS/Temp/txpxr_894884670981.b1k
7/22/09 12:56 PM Deleted: Trojan.Win32.Koblu.lo /discs/C:/WINDOWS/Temp/txpxr_810762625662.b1k
7/22/09 12:56 PM Detected: Trojan.Win32.Koblu.yp /discs/C:/WINDOWS/Temp/txpxr_81822632128.b1k
7/22/09 12:56 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyyancoighi.tmp
7/22/09 12:54 PM Detected: Trojan.Win32.Koblu.lo /discs/C:/WINDOWS/Temp/txpxr_810762625662.b1k
7/22/09 12:54 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETywyxbordyi.tmp
7/22/09 12:54 PM Detected: Trojan.Win32.Koblu.ahf /discs/C:/WINDOWS/Temp/txpxr_531656859221.b1k
7/22/09 12:54 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyvfdbtrgtm.tmp
7/22/09 12:54 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyyancoighi.tmp
7/22/09 12:54 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyxwqhcxekw.tmp
7/22/09 12:53 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyxwqhcxekw.tmp
7/22/09 12:53 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETynbxaqrnlf.tmp
7/22/09 12:53 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETywyxbordyi.tmp
7/22/09 12:53 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETylxqekjyvw.tmp
7/22/09 12:53 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyvfdbtrgtm.tmp
7/22/09 12:53 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyrsaoqukil.tmp
7/22/09 12:53 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyrsaoqukil.tmp
7/22/09 12:53 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETlfvkdalxoi.tmp
7/22/09 12:53 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETynbxaqrnlf.tmp
7/22/09 12:53 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETlcfpgjxnpr.tmp
7/22/09 12:53 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETylxqekjyvw.tmp
7/22/09 12:53 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyfvhtinpvw.tmp
7/22/09 12:52 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETyfvhtinpvw.tmp
7/22/09 12:52 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETkutflloedc.tmp
7/22/09 12:52 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETlfvkdalxoi.tmp
7/22/09 12:52 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETkjxpdayvnx.tmp
7/22/09 12:52 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETlcfpgjxnpr.tmp
7/22/09 12:52 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETlajjskcgir.tmp
7/22/09 12:52 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETlajjskcgir.tmp
7/22/09 12:52 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETkeybgpkglf.tmp
7/22/09 12:52 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETkutflloedc.tmp
7/22/09 12:52 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETkcloxhfqfa.tmp
7/22/09 12:52 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETkjxpdayvnx.tmp
7/22/09 12:52 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjundbsogsl.tmp
7/22/09 12:52 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETkeybgpkglf.tmp
7/22/09 12:52 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjtbcdxjdja.tmp
7/22/09 12:51 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETkcloxhfqfa.tmp
7/22/09 12:51 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETjptlefcbit.tmp
7/22/09 12:51 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjundbsogsl.tmp
7/22/09 12:51 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjtnwbelvft.tmp
7/22/09 12:50 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjtnwbelvft.tmp
7/22/09 12:50 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjdkubcoqbr.tmp
7/22/09 12:50 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjtbcdxjdja.tmp
7/22/09 12:50 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjculwgvhmu.tmp
7/22/09 12:50 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETjptlefcbit.tmp
7/22/09 12:50 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjjypbyinlb.tmp
7/22/09 12:50 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjjypbyinlb.tmp
7/22/09 12:50 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETjbmjxnpgat.tmp
7/22/09 12:50 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjdkubcoqbr.tmp
7/22/09 12:50 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETiyicbqlmvc.tmp
7/22/09 12:50 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjculwgvhmu.tmp
7/22/09 12:50 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjcidpqfydc.tmp
7/22/09 12:50 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETjcidpqfydc.tmp
7/22/09 12:49 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETikgunyobpg.tmp
7/22/09 12:49 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETjbmjxnpgat.tmp
7/22/09 12:49 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETiqkdmunoeg.tmp
7/22/09 12:49 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETiyicbqlmvc.tmp
7/22/09 12:49 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETievrodkcec.tmp
7/22/09 12:49 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETiqkdmunoeg.tmp
7/22/09 12:49 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNEThyueauvrrv.tmp
7/22/09 12:49 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETikgunyobpg.tmp
7/22/09 12:49 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNEThimmnbujqa.tmp
7/22/09 12:49 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETievrodkcec.tmp
7/22/09 12:49 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETicjdeagear.tmp
7/22/09 12:48 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETicjdeagear.tmp
7/22/09 12:48 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETsvvtsdysde.tmp
7/22/09 12:48 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNEThyueauvrrv.tmp
7/22/09 12:48 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETsswsfvjlqq.tmp
7/22/09 12:48 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNEThimmnbujqa.tmp
7/22/09 12:48 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNEThfwbyjcvrv.tmp
7/22/09 12:48 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNEThfwbyjcvrv.tmp
7/22/09 12:48 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETsmqntxortq.tmp
7/22/09 12:48 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETsvvtsdysde.tmp
7/22/09 12:48 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETsbuxvrrxtf.tmp
7/22/09 12:48 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETsswsfvjlqq.tmp
7/22/09 12:48 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrvuxtoditn.tmp
7/22/09 12:48 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETsmqntxortq.tmp
7/22/09 12:48 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETserlqcgrqn.tmp
7/22/09 12:47 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETserlqcgrqn.tmp
7/22/09 12:47 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrulfgnnwvj.tmp
7/22/09 12:47 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETsbuxvrrxtf.tmp
7/22/09 12:47 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrrftshsoie.tmp
7/22/09 12:47 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrvuxtoditn.tmp
7/22/09 12:47 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETrrctcrtbqi.tmp
7/22/09 12:47 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrulfgnnwvj.tmp
7/22/09 12:47 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETruarxqqijw.tmp
7/22/09 12:46 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETruarxqqijw.tmp
7/22/09 12:46 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrqqlxqymwe.tmp
7/22/09 12:46 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrrftshsoie.tmp
7/22/09 12:46 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrotngayadq.tmp
7/22/09 12:46 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETrrctcrtbqi.tmp
7/22/09 12:46 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrraqswvpcw.tmp
7/22/09 12:46 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrraqswvpcw.tmp
7/22/09 12:46 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrkeakikwlg.tmp
7/22/09 12:46 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrqqlxqymwe.tmp
7/22/09 12:46 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETriutexylps.tmp
7/22/09 12:46 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrotngayadq.tmp
7/22/09 12:46 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETrdviijamqr.tmp
7/22/09 12:46 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrkeakikwlg.tmp
7/22/09 12:46 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrkalrxheja.tmp
7/22/09 12:45 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrkalrxheja.tmp
7/22/09 12:45 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrcigabygmr.tmp
7/22/09 12:45 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETriutexylps.tmp
7/22/09 12:45 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrcgqvhkfvx.tmp
7/22/09 12:45 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETrdviijamqr.tmp
7/22/09 12:45 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETqpdosgtshk.tmp
7/22/09 12:45 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrcigabygmr.tmp
7/22/09 12:45 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETqlddvgmjre.tmp
7/22/09 12:45 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETrcgqvhkfvx.tmp
7/22/09 12:45 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETquqgwknept.tmp
7/22/09 12:44 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETquqgwknept.tmp
7/22/09 12:44 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpuynqoqyrg.tmp
7/22/09 12:44 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETqpdosgtshk.tmp
7/22/09 12:44 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETptydmldmrp.tmp
7/22/09 12:44 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETqlddvgmjre.tmp
7/22/09 12:44 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpwtgbymoab.tmp
7/22/09 12:44 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpwtgbymoab.tmp
7/22/09 12:44 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETppxwxatpxr.tmp
7/22/09 12:44 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpuynqoqyrg.tmp
7/22/09 12:44 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpqdycacmkf.tmp
7/22/09 12:43 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETptydmldmrp.tmp
7/22/09 12:43 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETppumamjbbx.tmp
7/22/09 12:43 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpqdycacmkf.tmp
7/22/09 12:43 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETpmexnorjcp.tmp
7/22/09 12:43 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETppxwxatpxr.tmp
7/22/09 12:43 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpmbcrjilce.tmp
7/22/09 12:43 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETppumamjbbx.tmp
7/22/09 12:43 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpphoibfpuo.tmp
7/22/09 12:42 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpphoibfpuo.tmp
7/22/09 12:42 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpkqsgwgkod.tmp
7/22/09 12:42 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETpmexnorjcp.tmp
7/22/09 12:42 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpkojysahpy.tmp
7/22/09 12:42 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpmbcrjilce.tmp
7/22/09 12:42 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETplrxlicife.tmp
7/22/09 12:42 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETplrxlicife.tmp
7/22/09 12:42 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETphrmmdrnjm.tmp
7/22/09 12:42 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpkqsgwgkod.tmp
7/22/09 12:42 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETpckdvyhbpv.tmp
7/22/09 12:41 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETpkojysahpy.tmp
7/22/09 12:41 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETowfgvellbn.tmp
7/22/09 12:41 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETphrmmdrnjm.tmp
7/22/09 12:41 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETovsajmtyqy.tmp
7/22/09 12:41 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETpckdvyhbpv.tmp
7/22/09 12:41 PM Deleted: Trojan.Win32.Koblu.lo /discs/C:/WINDOWS/Temp/txpxr_247812293374.b1k
7/22/09 12:41 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETowfgvellbn.tmp
7/22/09 12:41 PM Deleted: Trojan.Win32.Koblu.ahh /discs/C:/WINDOWS/Temp/txpxr_238281392889.b1k
7/22/09 12:41 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETovsajmtyqy.tmp
7/22/09 12:41 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETotmeetrstk.tmp
7/22/09 12:40 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETotmeetrstk.tmp
7/22/09 12:40 PM Detected: Trojan.Win32.Koblu.lo /discs/C:/WINDOWS/Temp/txpxr_247812293374.b1k
7/22/09 12:40 PM Detected: Trojan.Win32.Koblu.ahh /discs/C:/WINDOWS/Temp/txpxr_238281392889.b1k
7/22/09 12:40 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETglpxswnmvn.tmp
7/22/09 12:40 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETgjsgpijkui.tmp
7/22/09 12:40 PM Deleted: Packed.Win32.Tdss.m /discs/C:/WINDOWS/Temp/UAC9c8c.tmp
7/22/09 12:39 PM Detected: Packed.Win32.Tdss.m /discs/C:/WINDOWS/Temp/UAC9c8c.tmp
7/22/09 12:39 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETfuehthvvej.tmp
7/22/09 12:39 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETglpxswnmvn.tmp
7/22/09 12:39 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETfsqoniwndo.tmp
7/22/09 12:39 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETgjsgpijkui.tmp
7/22/09 12:39 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETgiqrcfqiky.tmp
7/22/09 12:39 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETgiqrcfqiky.tmp
7/22/09 12:39 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETfhxrtcqpxp.tmp
7/22/09 12:39 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETfuehthvvej.tmp
7/22/09 12:39 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETfelbovteej.tmp
7/22/09 12:39 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETfsqoniwndo.tmp
7/22/09 12:39 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETfhyylrcjej.tmp
7/22/09 12:39 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETfhyylrcjej.tmp
7/22/09 12:39 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETetthpqlmgw.tmp
7/22/09 12:39 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETfhxrtcqpxp.tmp
7/22/09 12:38 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETeqcrncwosm.tmp
7/22/09 12:38 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETfelbovteej.tmp
7/22/09 12:38 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETfdoklcjpyd.tmp
7/22/09 12:38 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETfdoklcjpyd.tmp
7/22/09 12:38 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETeclcyxafub.tmp
7/22/09 12:38 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETetthpqlmgw.tmp
7/22/09 12:38 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETebielnvpxj.tmp
7/22/09 12:38 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETeqcrncwosm.tmp
7/22/09 12:38 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETejvtdjfhgl.tmp
7/22/09 12:38 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETejvtdjfhgl.tmp
7/22/09 12:38 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETdxfuhcomue.tmp
7/22/09 12:37 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETeclcyxafub.tmp
7/22/09 12:37 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETdsvpdwpvxv.tmp
7/22/09 12:37 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETebielnvpxj.tmp
7/22/09 12:37 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETdrdalbpohu.tmp
7/22/09 12:37 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETdxfuhcomue.tmp
7/22/09 12:37 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETxyrbcvtnts.tmp
7/22/09 12:37 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETdsvpdwpvxv.tmp
7/22/09 12:37 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETxxvlsiutms.tmp
7/22/09 12:37 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETdrdalbpohu.tmp
7/22/09 12:37 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETcwcdicvnmx.tmp
7/22/09 12:36 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETcwcdicvnmx.tmp
7/22/09 12:36 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETxvadeqyebe.tmp
7/22/09 12:36 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETxyrbcvtnts.tmp
7/22/09 12:36 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETxqaploodmt.tmp
7/22/09 12:36 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETxxvlsiutms.tmp
7/22/09 12:36 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETxmxnkiupji.tmp
7/22/09 12:36 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETxvadeqyebe.tmp
7/22/09 12:36 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETxgngypdqxw.tmp
7/22/09 12:35 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETxqaploodmt.tmp
7/22/09 12:35 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwtvfasrtij.tmp
7/22/09 12:35 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETxmxnkiupji.tmp
7/22/09 12:35 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETxhpygcahts.tmp
7/22/09 12:35 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETxhpygcahts.tmp
7/22/09 12:35 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwsvqsdrbrn.tmp
7/22/09 12:35 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETxgngypdqxw.tmp
7/22/09 12:35 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwpvaoxsgrh.tmp
7/22/09 12:35 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwtvfasrtij.tmp
7/22/09 12:35 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwttgmlcavq.tmp
7/22/09 12:34 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwttgmlcavq.tmp
7/22/09 12:34 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwpstymeogq.tmp
7/22/09 12:34 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwsvqsdrbrn.tmp
7/22/09 12:34 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETwlbcnsqytq.tmp
7/22/09 12:34 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwpvaoxsgrh.tmp
7/22/09 12:34 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwkxptjefqg.tmp
7/22/09 12:34 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwpstymeogq.tmp
7/22/09 12:34 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwobjdebqag.tmp
7/22/09 12:34 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwobjdebqag.tmp
7/22/09 12:34 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETvxqftnqoko.tmp
7/22/09 12:34 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETwlbcnsqytq.tmp
7/22/09 12:34 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETvsttbarign.tmp
7/22/09 12:34 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwkxptjefqg.tmp
7/22/09 12:34 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwkialljisu.tmp
7/22/09 12:33 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETwkialljisu.tmp
7/22/09 12:33 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETvreexuiqmb.tmp
7/22/09 12:33 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETvxqftnqoko.tmp
7/22/09 12:33 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETvnqprqimnb.tmp
7/22/09 12:33 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETvsttbarign.tmp
7/22/09 12:33 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETvatftuyrce.tmp
7/22/09 12:33 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETvreexuiqmb.tmp
7/22/09 12:33 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETvpqxldtbvr.tmp
7/22/09 12:32 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETvpqxldtbvr.tmp
7/22/09 12:32 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.jm /discs/C:/WINDOWS/Temp/tmp0_541367781564.bk.old
7/22/09 12:32 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETvnqprqimnb.tmp
7/22/09 12:32 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.em /discs/C:/WINDOWS/Temp/tmp0_519824861817.bk.old
7/22/09 12:32 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETvatftuyrce.tmp
7/22/09 12:32 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETuqjhikbcxq.tmp
7/22/09 12:32 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETuqjhikbcxq.tmp
7/22/09 12:32 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.jc /discs/C:/WINDOWS/Temp/tmp0_470827677941.bk.old
7/22/09 12:32 PM Detected: Trojan-Downloader.Win32.DlfBfkg.jm /discs/C:/WINDOWS/Temp/tmp0_541367781564.bk.old
7/22/09 12:32 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.ds /discs/C:/WINDOWS/Temp/tmp0_41029551348.bk.old
7/22/09 12:32 PM Detected: Trojan-Downloader.Win32.DlfBfkg.em /discs/C:/WINDOWS/Temp/tmp0_519824861817.bk.old
7/22/09 12:32 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.cf /discs/C:/WINDOWS/Temp/tmp0_480368642868.bk.old
7/22/09 12:31 PM Detected: Trojan-Downloader.Win32.DlfBfkg.cf /discs/C:/WINDOWS/Temp/tmp0_480368642868.bk.old
7/22/09 12:31 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.ib /discs/C:/WINDOWS/Temp/tmp0_318131250350.bk.old
7/22/09 12:31 PM Detected: Trojan-Downloader.Win32.DlfBfkg.jc /discs/C:/WINDOWS/Temp/tmp0_470827677941.bk.old
7/22/09 12:31 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.as /discs/C:/WINDOWS/Temp/tmp0_393360851500.bk.old
7/22/09 12:31 PM Detected: Trojan-Downloader.Win32.DlfBfkg.ds /discs/C:/WINDOWS/Temp/tmp0_41029551348.bk.old
7/22/09 12:31 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.lp /discs/C:/WINDOWS/Temp/tmp0_250406244096.bk.old
7/22/09 12:31 PM Detected: Trojan-Downloader.Win32.DlfBfkg.as /discs/C:/WINDOWS/Temp/tmp0_393360851500.bk.old
7/22/09 12:31 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.bj /discs/C:/WINDOWS/Temp/tmp0_249417682310.bk.old
7/22/09 12:30 PM Detected: Trojan-Downloader.Win32.DlfBfkg.ib /discs/C:/WINDOWS/Temp/tmp0_318131250350.bk.old
7/22/09 12:30 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.cf /discs/C:/WINDOWS/Temp/tmp0_126613858120.bk.old
7/22/09 12:30 PM Detected: Trojan-Downloader.Win32.DlfBfkg.lp /discs/C:/WINDOWS/Temp/tmp0_250406244096.bk.old
7/22/09 12:30 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETofmakbqvbh.tmp
7/22/09 12:30 PM Detected: Trojan-Downloader.Win32.DlfBfkg.bj /discs/C:/WINDOWS/Temp/tmp0_249417682310.bk.old
7/22/09 12:30 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETodbexsriva.tmp
7/22/09 12:30 PM Detected: Trojan-Downloader.Win32.DlfBfkg.cf /discs/C:/WINDOWS/Temp/tmp0_126613858120.bk.old
7/22/09 12:30 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETnxibpsaiqy.tmp
7/22/09 12:30 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETofmakbqvbh.tmp
7/22/09 12:29 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETodcopeygoh.tmp
7/22/09 12:29 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETodcopeygoh.tmp
7/22/09 12:29 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETnqhssiipux.tmp
7/22/09 12:29 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETodbexsriva.tmp
7/22/09 12:29 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETntvucebqde.tmp
7/22/09 12:29 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETnxibpsaiqy.tmp
7/22/09 12:29 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETnpsgobadnf.tmp
7/22/09 12:28 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETntvucebqde.tmp
7/22/09 12:28 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETnovyckmbfm.tmp
7/22/09 12:28 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETnqhssiipux.tmp
7/22/09 12:28 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETneqvwvnuas.tmp
7/22/09 12:28 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETnpsgobadnf.tmp
7/22/09 12:28 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETnaxiiixtbv.tmp
7/22/09 12:28 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETnovyckmbfm.tmp
7/22/09 12:28 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmyabvfucio.tmp
7/22/09 12:28 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETneqvwvnuas.tmp
7/22/09 12:28 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETndptqnfyfh.tmp
7/22/09 12:27 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETndptqnfyfh.tmp
7/22/09 12:27 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmqgkjhbpsu.tmp
7/22/09 12:27 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETnaxiiixtbv.tmp
7/22/09 12:27 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmndewogihs.tmp
7/22/09 12:27 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmyabvfucio.tmp
7/22/09 12:27 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmurdxyxueu.tmp
7/22/09 12:25 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmurdxyxueu.tmp
7/22/09 12:25 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETmghjpeyktk.tmp
7/22/09 12:25 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmqgkjhbpsu.tmp
7/22/09 12:25 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmgeqlbcavr.tmp
7/22/09 12:25 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmndewogihs.tmp
7/22/09 12:25 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmkseexelql.tmp
7/22/09 12:24 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmkseexelql.tmp
7/22/09 12:24 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETmcofwrtcle.tmp
7/22/09 12:24 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETmghjpeyktk.tmp
7/22/09 12:24 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETlymylquqkm.tmp
7/22/09 12:23 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmgeqlbcavr.tmp
7/22/09 12:23 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETlwownwagdi.tmp
7/22/09 12:23 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETmcofwrtcle.tmp
7/22/09 12:23 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmacvwewfsq.tmp
7/22/09 12:22 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETmacvwewfsq.tmp
7/22/09 12:22 PM Deleted: Trojan-Downloader.Win32.FraudLoad.epp /discs/C:/WINDOWS/Temp/tempo-146682203.tmp
7/22/09 12:22 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETlymylquqkm.tmp
7/22/09 12:22 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETlwownwagdi.tmp
7/22/09 12:22 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.bj /discs/C:/WINDOWS/Temp/t4m0_383236822535.bk.old
7/22/09 12:22 PM Deleted: Trojan-Downloader.Win32.Small.jqv /discs/C:/WINDOWS/Temp/tempo-146682984.tmp
7/22/09 12:21 PM Detected: Trojan-Downloader.Win32.Small.jqv /discs/C:/WINDOWS/Temp/tempo-146682984.tmp
7/22/09 12:21 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.bm /discs/C:/WINDOWS/Temp/t4m0_251703690186.bk.old
7/22/09 12:21 PM Detected: Trojan-Downloader.Win32.FraudLoad.epp /discs/C:/WINDOWS/Temp/tempo-146682203.tmp
7/22/09 12:21 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.dl /discs/C:/WINDOWS/Temp/t4m0_127522669065.bk.old
7/22/09 12:21 PM Detected: Trojan-Downloader.Win32.DlfBfkg.bj /discs/C:/WINDOWS/Temp/t4m0_383236822535.bk.old
7/22/09 12:21 PM Deleted: Trojan-Downloader.Win32.DlfBfkg.cc /discs/C:/WINDOWS/Temp/t4m0_305297365439.bk.old
7/22/09 12:18 PM Detected: Trojan-Downloader.Win32.DlfBfkg.cc /discs/C:/WINDOWS/Temp/t4m0_305297365439.bk.old
7/22/09 12:18 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETcuwdvsxpwp.tmp
7/22/09 12:18 PM Detected: Trojan-Downloader.Win32.DlfBfkg.bm /discs/C:/WINDOWS/Temp/t4m0_251703690186.bk.old
7/22/09 12:18 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETckgyjepfyu.tmp
7/22/09 12:18 PM Detected: Trojan-Downloader.Win32.DlfBfkg.dl /discs/C:/WINDOWS/Temp/t4m0_127522669065.bk.old
7/22/09 12:18 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETcjqmuboxao.tmp
7/22/09 12:18 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETcuwdvsxpwp.tmp
7/22/09 12:18 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETclrcivnsdr.tmp
7/22/09 12:16 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETclrcivnsdr.tmp
7/22/09 12:16 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETceluxlsjtl.tmp
7/22/09 12:16 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETckgyjepfyu.tmp
7/22/09 12:16 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETcdijtqcngb.tmp
7/22/09 12:16 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETcjqmuboxao.tmp
7/22/09 12:16 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETchmymussuv.tmp
7/22/09 12:15 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETchmymussuv.tmp
7/22/09 12:15 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETbyrdimwcud.tmp
7/22/09 12:15 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETceluxlsjtl.tmp
7/22/09 12:15 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETbtwpvgeyxf.tmp
7/22/09 12:15 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETcdijtqcngb.tmp
7/22/09 12:15 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETcbciwgnkgi.tmp
7/22/09 12:14 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETcbciwgnkgi.tmp
7/22/09 12:14 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETblnwmaftfc.tmp
7/22/09 12:14 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETbyrdimwcud.tmp
7/22/09 12:14 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETbhhlcvtnbu.tmp
7/22/09 12:14 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETbtwpvgeyxf.tmp
7/22/09 12:14 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETbqndqsvvhv.tmp
7/22/09 12:14 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETbqndqsvvhv.tmp
7/22/09 12:14 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETbcwqpkwcjc.tmp
7/22/09 12:14 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETblnwmaftfc.tmp
7/22/09 12:14 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETbamdsrspnt.tmp
7/22/09 12:14 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETbhhlcvtnbu.tmp
7/22/09 12:14 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETbcxvoouhuv.tmp
7/22/09 12:13 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETbcxvoouhuv.tmp
7/22/09 12:13 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETavhispuxgm.tmp
7/22/09 12:13 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETbcwqpkwcjc.tmp
7/22/09 12:13 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETauoywtccff.tmp
7/22/09 12:13 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETbamdsrspnt.tmp
7/22/09 12:13 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETayxglytkqb.tmp
7/22/09 12:12 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETayxglytkqb.tmp
7/22/09 12:12 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETapdkkslrlh.tmp
7/22/09 12:12 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETavhispuxgm.tmp
7/22/09 12:12 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETarfnilpsam.tmp
7/22/09 12:12 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETauoywtccff.tmp
7/22/09 12:12 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETaoftevymci.tmp
7/22/09 12:12 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETarfnilpsam.tmp
7/22/09 12:12 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETaibkufvply.tmp
7/22/09 12:11 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETapdkkslrlh.tmp
7/22/09 12:11 PM Deleted: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETaegnhhugtb.tmp
7/22/09 12:11 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETaoftevymci.tmp
7/22/09 12:11 PM Deleted: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETairugylrbr.tmp
7/22/09 12:10 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETairugylrbr.tmp
7/22/09 12:10 PM Detected: Trojan.Win32.Small.bzc /discs/C:/WINDOWS/Temp/SKYNETaibkufvply.tmp
7/22/09 12:10 PM Detected: Trojan.Win32.Monder.cqbi /discs/C:/WINDOWS/Temp/SKYNETaegnhhugtb.tmp
7/22/09 12:02 PM Deleted: Trojan.Win32.Vapsup.cn /discs/C:/WINDOWS/system32/Policies/update-script.bat
7/22/09 12:02 PM Detected: Trojan.Win32.Vapsup.cn /discs/C:/WINDOWS/system32/Policies/update-script.bat
7/22/09 11:58 AM Deleted: Rootkit.Win32.Pakes.sx /discs/C:/WINDOWS/system32/drivers/UACnnhnojnatuyirrr.sys
7/22/09 11:57 AM Detected: Rootkit.Win32.Pakes.sx /discs/C:/WINDOWS/system32/drivers/UACnnhnojnatuyirrr.sys
7/22/09 11:48 AM Deleted: Trojan.Win32.TDSS.aekg /discs/C:/WINDOWS/system32/UACvbsldktuqlmheem.dll
7/22/09 11:48 AM Deleted: Trojan.Win32.TDSS.aida /discs/C:/WINDOWS/system32/UACgduccoapukfkhof.dll
7/22/09 11:48 AM Deleted: Trojan-Downloader.Win32.DlfBfkg.ju /discs/C:/WINDOWS/system32/wiwow64.exe
7/22/09 11:48 AM Detected: Trojan.Win32.TDSS.aekg /discs/C:/WINDOWS/system32/UACvbsldktuqlmheem.dll
7/22/09 11:48 AM Deleted: Trojan.Win32.TDSS.adzz /discs/C:/WINDOWS/system32/UACodawytbfjqwdwrw.dll
7/22/09 11:47 AM Detected: Trojan.Win32.TDSS.adzz /discs/C:/WINDOWS/system32/UACodawytbfjqwdwrw.dll
7/22/09 11:47 AM Detected: Trojan.Win32.TDSS.aida /discs/C:/WINDOWS/system32/UACgduccoapukfkhof.dll
7/22/09 11:46 AM Detected: Trojan-Downloader.Win32.DlfBfkg.ju /discs/C:/WINDOWS/system32/wiwow64.exe
7/22/09 11:40 AM Deleted: Trojan.Win32.VBimay.gd /discs/C:/WINDOWS/system32/wiawow32.sys
7/22/09 11:40 AM Detected: Trojan.Win32.VBimay.gd /discs/C:/WINDOWS/system32/wiawow32.sys
7/22/09 11:39 AM Deleted: Trojan.Win32.Koblu.abp /discs/C:/WINDOWS/system32/sopidkc.exe
7/22/09 11:39 AM Deleted: Packed.Win32.Tdss.m /discs/C:/WINDOWS/system32/UACdridvtnebogbakx.dll
7/22/09 11:39 AM Detected: Trojan.Win32.Koblu.abp /discs/C:/WINDOWS/system32/sopidkc.exe
7/22/09 11:39 AM Deleted: Trojan.Win32.Monder.cqcs /discs/C:/WINDOWS/system32/MSIVXscsgpaqiyaqjanjexlvoaomvxuovmoov.dll
7/22/09 11:39 AM Deleted: Trojan.Win32.Agent.clxm /discs/C:/WINDOWS/system32/MSIVXjuatwtusawpyanecskkpayynrynqamvj.dll
7/22/09 11:39 AM Detected: Packed.Win32.Tdss.m /discs/C:/WINDOWS/system32/UACdridvtnebogbakx.dll
7/22/09 11:39 AM Deleted: Trojan.Win32.TDSS.aicz /discs/C:/WINDOWS/system32/UACbufirpkflaetadx.dll
7/22/09 10:31 AM Detected: Trojan.Win32.TDSS.aicz /discs/C:/WINDOWS/system32/UACbufirpkflaetadx.dll
7/22/09 10:30 AM Detected: Trojan.Win32.Monder.cqcs /discs/C:/WINDOWS/system32/MSIVXscsgpaqiyaqjanjexlvoaomvxuovmoov.dll
7/22/09 10:30 AM Detected: Trojan.Win32.Agent.clxm /discs/C:/WINDOWS/system32/MSIVXjuatwtusawpyanecskkpayynrynqamvj.dll
7/22/09 5:54 AM Untreated: not-a-virus:AdWare.Win32.MegaSearch.s /discs/C:/Program Files/Common Files/Real/Toolbar/RealBar.dll Skipped by user
7/22/09 5:50 AM Detected: not-a-virus:AdWare.Win32.MegaSearch.s /discs/C:/Program Files/Common Files/Real/Toolbar/RealBar.dll
7/22/09 1:31 AM Deleted: Trojan.Win32.TDSS.ahfr /discs/C:/Documents and Settings/levi/Local Settings/Temp/UACe20.tmp
7/22/09 1:30 AM Deleted: Trojan.Win32.TDSS.ahfr /discs/C:/Documents and Settings/levi/Local Settings/Temp/UAC2956.tmp
7/22/09 1:30 AM Deleted: Trojan.Win32.TDSS.ahii /discs/C:/Documents and Settings/levi/Local Settings/Temp/UAC2066.tmp
7/22/09 1:30 AM Detected: Trojan.Win32.TDSS.ahfr /discs/C:/Documents and Settings/levi/Local Settings/Temp/UACe20.tmp
7/22/09 1:30 AM Deleted: Trojan.Win32.TDSS.ahfr /discs/C:/Documents and Settings/levi/Local Settings/Temp/UAC8c6f.tmp
7/22/09 1:25 AM Detected: Trojan.Win32.TDSS.ahfr /discs/C:/Documents and Settings/levi/Local Settings/Temp/UAC8c6f.tmp
7/22/09 1:25 AM Detected: Trojan.Win32.TDSS.ahfr /discs/C:/Documents and Settings/levi/Local Settings/Temp/UAC2956.tmp
7/22/09 1:25 AM Detected: Trojan.Win32.TDSS.ahii /discs/C:/Documents and Settings/levi/Local Settings/Temp/UAC2066.tmp
7/21/09 11:47 PM Deleted: not-a-virus:AdWare.Win32.EZula.ak /discs/C:/Documents and Settings/All Users/Application Data/Symantec/Norton AntiVirus/Quarantine/60303908.exe
7/21/09 11:47 PM Detected: not-a-virus:AdWare.Win32.EZula.ak /discs/C:/Documents and Settings/All Users/Application Data/Symantec/Norton AntiVirus/Quarantine/60303908.exe/CryptFF/WISE0001.BIN
7/21/09 11:43 PM Task started
Scan: completed 7/23/09 9:29 AM (events: 8, objects: 323300, time: 18:58:28)
7/22/09 1:44 PM Task stopped
7/22/09 1:41 PM Task started
Scan: completed 7/23/09 9:29 AM (events: 8, objects: 323300, time: 18:58:28)
7/22/09 2:04 PM Task completed
7/22/09 1:49 PM Task started
Scan: completed 7/23/09 9:29 AM (events: 8, objects: 323300, time: 18:58:28)
7/22/09 2:30 PM Task started
7/22/09 2:36 PM Detected: Password-protected-EXE /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/ZlobVideoAccessActiveXObject.zip/uninst.exe
7/22/09 2:37 PM Untreated: Password-protected-EXE /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/ZlobVideoAccessActiveXObject.zip/uninst.exe Skipped by user
7/23/09 6:27 AM Detected: Trojan.Win32.Agent.clxm /discs/C:/WINDOWS/system32/MSIVXjuatwtusawpyanecskkpayynrynqamvj.dll
7/23/09 6:27 AM Detected: Trojan.Win32.Monder.cqcs /discs/C:/WINDOWS/system32/MSIVXscsgpaqiyaqjanjexlvoaomvxuovmoov.dll
7/23/09 9:29 AM Deleted: Trojan.Win32.Agent.clxm /discs/C:/WINDOWS/system32/MSIVXjuatwtusawpyanecskkpayynrynqamvj.dll
7/23/09 9:29 AM Deleted: Trojan.Win32.Monder.cqcs /discs/C:/WINDOWS/system32/MSIVXscsgpaqiyaqjanjexlvoaomvxuovmoov.dll
7/23/09 9:29 AM Task completed
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Hi pokesph
Are you sure you really want to try to clean this system? There are rootkits, rogue security applications that can cause system damage, and infections with backdoor capability that can allow attackers to access the computer, stealing passwords and personal data. I highly recommend that from a clean, uninfected system you immediately change all the passwords on any systems you access from this system. If you do any on-line banking, or store any financial information on this system, you should immediately call your financial institution and advise them of the situation so you can secure your accounts.
Though the infections can be identified and can be killed, because of their backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many rogue security applications can also delete legitimate portions of Windows and your system is likely damaged. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:
How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.
Please disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.
Clean your Cache and Cookies in IE:
-Close all instances of Outlook Express and Internet Explorer
-Go to Control Panel > Internet Options > General tab
-Click the "Delete Cookies" button
-Next to it, Click the "Delete Files" button
-When prompted, place a check in: "Delete all offline content", click OK
Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Private Data).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
Clean other Temporary files + Recycle bin
-Go to start > run and type: cleanmgr and click ok.
-Let it scan your system for files to remove.
-Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
-Press OK to remove them.
For now, you will need to download any applications needed from a clean system, burn them to CD/DVD, and transfer them to the infected system (do NOT use a USB flash drive as it can become infected and then infect your other systems).
Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.
- Download The Avira AntiVir Rescue System from
- There is a tutorial for the scanner here:
»forum.avira.com/wbb/index.php?pa···ID=82163
- Just double-click on the rescue system package to burn it to a CD/DVD.
- Then please use that CD/DVD with Avira Rescue System to boot your computer.[/list]You'll get a boot option to either boot from hard drive or AntiVir Rescue System.
Press the number 2 on your keyboard to boot into AntiVir Rescue System.
Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.
Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.
Then please start the scan.
The Avira AntiVir Rescue System wil now
- repair a damaged system,
- rescue data,
- scan the system for virus infections.
Then let's do the same thing with a BitDefender scanner. Download the BitDefender LiveCD disc here:
»download.bitdefender.com/rescue_cd
Download the most recent ISO file, and burn it to CD.
If you encounter problems running the Rescue CD, you can get further assistance at »forum.bitdefender.com/index.php?···orum=185
If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.
Download LSPfix from
Unzip it to its own folder.
Run the program, and check "I know what I'm doing", and then select each instance of
c:\windows\system32\winhelper.dll
in the left-hand panel and click >> to move it to the right-hand panel. Then click Finish to allow LSPfix to rebuild the LSP chain.
Please Run Malwarebytes' Anti-Malware.
- Click the Update tab.
- Click Check for Updates.
- If an update is found, it will download and install.
- Click the Scanner tab.
- Select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »us.rd.yahoo.com/customize/ycomp/···ahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »red.clientapps.yahoo.com/customi···ahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {1BB4FE87-965D-4509-8E84-23B04F9A9C9B} - C:\WINDOWS\system32\nnnnNFYQ.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {62990F9D-37BC-4A98-AE85-E5643B696EED} - C:\WINDOWS\system32\khfFXrqQ.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKUS\S-1-5-18\..\Run: [kell] C:\Program Files\Manson\liser.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [kell] C:\Program Files\Manson\liser.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.
Using Windows Explorer, locate the following files/folders, and delete them (if still there):
C:\WINDOWS\system32\nnnnNFYQ.dll
C:\WINDOWS\system32\khfFXrqQ.dll
C:\Program Files\Manson (folder)
Please run HijackThis, click on "Open the Misc Tools section", and then on "Open Uninstall Manager". Click the "Save list" button, save the file uninstall_list.txt to your Desktop, and post the contents here for review.
Download Security Check by screen317 and save it to your Desktop:
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Please post a new HijackThis log, the log from MBAM, the contents of uninstall_list.txt, the contents of checkup.txt, and note any errors encountered.
--
Proud ASAP member since 2005
Microsoft MVP/Windows Security 2009 | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
·Comcast
| reply to pokesph
Hi,
Thanks for the help.. yes I know this system is extremely owned.. but we'd like to save it if we can..
All temp, cache, and cookies were removed.
Your suggested rescue cd's (Avira AntiVir Rescue System and BitDefender LiveCD) will not run on this system at all. It seems neither will load the scanner part (I'm assuming its a X / video conflict of some sort)
Moving on.. LSPFix was ran and cleared said objects.
Malwarebytes' Anti-Malware 1.39
Database version: 2493
Windows 5.1.2600 Service Pack 2
7/24/2009 9:16:46 AM
mbam-log-2009-07-24 (09-16-46).txt
Scan type: Quick Scan
Objects scanned: 139345
Time elapsed: 29 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\Temp\SKYNETeexnqvnced.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SKYNETwltgkerv.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SKYNETxmskhikc.dat (Trojan.Agent) -> Quarantined and deleted successfully.
--------------------------------------------------
I removed objects noted in HighjackThis, system32 and program files were NOT there.
here is the uninstall_list.txt
ACDSee 6.0 PowerPack
Ad-Aware
Ad-Aware
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 5.0
Adobe ActiveShare 1.5
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 6.0.2 ME
Adobe Shockwave Player
Agere Systems PCI Soft Modem
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CDDRV_Installer
CDK Players
Color Darkroom
CONTROLTOTAL
Cubis Deluxe
Disc2Phone
Drivers Install For Linksys Easylink Advisor
DVD Shrink 3.2
Ethereal 0.10.13
FinePixViewer Ver.4.0
FUJIFILM USB Driver
GdiplusUpgrade
Ghost Rider Screen Saver
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Halsoft Chess
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Update
i90c Multimedia CD User's Guide
ijji Auto Installer
ImageMixer VCD for FinePix
Index.DAT File Viewer
Intel(R) 537EP Modem
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 13
Java(TM) 6 Update 5
KhalInstallWrapper
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MicroStaff WINASPI NT
Mozilla Firefox (3.0.11)
MSN Messenger 7.5
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MUSICMATCH Jukebox
MyDVD
neroxml
NOMAD II Manual
Norton Internet Security
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
overland
PENTAX USB DISK Device
PowerDVD
QuickTime
RAW FILE CONVERTER LE
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Internet Explorer 8 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Shockwave
ShowBiz
Sonic CinePlayer
Sonic DLA
Sonic Foundry ACID 3.0g
Sonic Simple Backup
Style Enhancer Micro 2.0
Text Twist
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VCRedistSetup
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WildPackets AiroPeek Demonstration
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8 Beta 2
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.1
XPepius
Yahoo! Messenger
----------------------------------------------
and the securitycheck.exe's log
Results of screen317's Security Check version 0.98.5
Windows XP Service Pack 2
[color=red]Out of date service pack!![/color]
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Disabled!
Norton Internet Security
[color=blue]
[/color]
``````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Ad-Aware
Windows Defender
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 13
Java(TM) 6 Update 5
[color=red]Out of date Java installed![/color]
Adobe Flash Player 10
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 6.0.2 ME
[color=red]Out of date Adobe Reader installed![/color]
``````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Ad-Aware AAWService.exe
[color=red]Ad-Aware AAWTray.exe is disabled![/color]
``````````````````````````````
[u]DNS Vulnerability Check:[/u]
GREAT! (Very random)
`````````End of Log```````````
and finally the last run of HighjackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:09 AM, on 7/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijaxThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\James\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »a1540.g.akamai.net/7/1540/52/200···ugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - »www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%20Twist/Images/stg_drm.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - »tools.ebayimg.com/eps/wl/activex···3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »update.microsoft.com/microsoftup···31482312
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - »launch.gamespyarcade.com/softwar···unch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···ient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - »us.dl1.yimg.com/download.yahoo.c···lete.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »fpdownload2.macromedia.com/get/f···lash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - »download.mcafee.com/molbin/iss-l···scan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - »chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - »www.creative.com/SU/ocx/12119/CTPID.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - Logitech Inc. - (no file)
O23 - Service: McAfee Network Agent (McNASvc) - Logitech Inc. - (no file)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 9616 bytes
----------------------------------------------------------
No other errors were noted in the above actions.
Thanks again for all your help, this machine is a nightmare and its nice to be able to share it with others.
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Just to be certain, you did actually boot from the rescue CD's rather than attempt to simply run the scanner, correct?
You have entries in your HijackThis log from AVG, but it didn't appear in your uninstall list or in the results from Security Check. It is not recommended to run more than one antivirus program resident, as they can conflict with each other, and you actually end up with less protection, not more, and you do have Norton Internet Security installed. Based on that, I recommend running this tool to uninstall any remnants of AVG:
Download and run the AVG Remover (avgremover.exe)
from »www.avg.com/uk.download-tools.
- Click Save and save the file to any folder on the computer.
- Navigate to the folder where the file is saved.
- Double-click avgremover.exe and follow the prompts.
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Java(TM) 6 Update 5
From an uninfected system, download the latest version of Kaspersky Virus Removal Tool
- Burn the file to CD.
- Reboot the infected system to Safe mode.
- Transfer the file from CD to the infected system.
- Close all other applications and double-click and run the installer.
- When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
- If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
- After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
- In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
- If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
- In the Scan window click the Reports button and select Save to file.
- Name the report AVPT.txt, and save it to the Desktop.
- Close AVPTool.
- You will be prompted if you want to uninstall the program; click Yes.
- You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
- Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.
Download ComboFix© by sUBs from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Familiarize yourself with ComboFix before running it:
»www.bleepingcomputer.com/combofi···combofix
- Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.
Please post a new HijackThis log, the requested portion of the log form Kaspersky's Virus Removal Tool, and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.
--
Proud ASAP member since 2005
Microsoft MVP/Windows Security 2009 | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
·Comcast
| reply to pokesph
Just to be certain, you did actually boot from the rescue CD's rather than attempt to simply run the scanner, correct? Yes, booted from the live cd.. loaded linux kernel just fine but won't go into the GUI / scanners (others I initially had tried also failed for the same reason, most likely a gfx card conflict)
anyways, back to business..
AVG Remover ran
Java 6 update 5 removed
kaspersky AVPT log:
Scan
----
Scanned: 706538
Detected: 0
Untreated: 0
Start time: 7/24/2009 2:33:42 PM
Duration: 15:25:59
Finish time: 7/25/2009 5:59:41 AM
Detected
--------
Status Object
------ ------
-------------------------------------------------------------
HighjackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:06 AM, on 7/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijaxThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\James\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »a1540.g.akamai.net/7/1540/52/200···ugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - »www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%20Twist/Images/stg_drm.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - »tools.ebayimg.com/eps/wl/activex···3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »update.microsoft.com/microsoftup···31482312
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - »launch.gamespyarcade.com/softwar···unch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···ient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - »us.dl1.yimg.com/download.yahoo.c···lete.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »fpdownload2.macromedia.com/get/f···lash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - »download.mcafee.com/molbin/iss-l···scan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - »chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - »www.creative.com/SU/ocx/12119/CTPID.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - Logitech Inc. - (no file)
O23 - Service: McAfee Network Agent (McNASvc) - Logitech Inc. - (no file)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 9696 bytes
-------------------------------------------------------------
Continued in next post..
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
·Comcast
| reply to pokesph
and finally the ComboFix log:
ComboFix 09-07-24.01 - James 07/25/2009 8:05.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.233 [GMT -7:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\MSX
c:\recycler\NPROTECT
c:\windows\appatc~1
c:\windows\Install.txt
c:\windows\Installer\1581c2c.msi
c:\windows\Installer\850b66.msi
c:\windows\Installer\850b7d.msi
c:\windows\run.log
c:\windows\system32\_000117_.tmp.dll
c:\windows\system32\Install.txt
c:\windows\system32\QqrXFfhk.ini
c:\windows\system32\QqrXFfhk.ini2
c:\windows\system32\QYFNnnnn.ini
c:\windows\system32\QYFNnnnn.ini2
c:\windows\system32\UACdqwcudghwlqaorm.log
c:\windows\system32\uactmp.db
c:\windows\system32\UACvcrejmknckjqswv.dat
c:\windows\system32\UACwllqhifnoautnkn.db
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISEXENG
-------\Legacy_MSNCACHE
-------\Legacy_RPCPATCH
-------\Legacy_RPCTFTPD
-------\Legacy_SOPIDKC
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-25 15:23 . 2009-07-24 19:08 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-07-24 19:10 . 2009-07-24 19:08 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-07-24 19:09 . 2009-07-24 19:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-24 19:09 . 2009-07-24 19:09 -------- d-----w- c:\program files\Symantec
2009-07-24 19:09 . 2009-07-24 19:09 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-24 19:09 . 2009-07-24 19:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-24 19:07 . 2009-07-24 19:07 -------- d-----w- c:\windows\system32\drivers\NIS
2009-07-24 19:07 . 2009-07-24 19:07 -------- d-----w- c:\program files\Norton Internet Security
2009-07-24 19:07 . 2009-07-25 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-24 19:07 . 2009-07-24 19:07 -------- d-----w- c:\program files\Windows Sidebar
2009-07-24 19:07 . 2009-07-24 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-24 19:07 . 2009-07-24 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-24 19:07 . 2009-07-24 19:07 -------- d-----w- c:\program files\NortonInstaller
2009-07-24 01:27 . 2009-07-24 01:27 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Symantec
2009-07-24 01:15 . 2009-07-24 19:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-24 01:14 . 2009-07-24 18:23 -------- d-----w- c:\program files\old_Norton Internet Security
2009-07-23 22:08 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-23 21:54 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-23 21:53 . 2009-07-23 21:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-23 21:53 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-23 21:52 . 2009-07-23 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-23 21:52 . 2009-07-23 21:52 -------- d-----w- c:\program files\Lavasoft
2009-07-23 19:10 . 2009-07-23 19:10 -------- d-----w- c:\program files\Windows Defender
2009-07-23 19:08 . 2009-07-23 19:08 -------- d-----w- c:\program files\Trend Micro
2009-07-23 16:41 . 2009-07-23 16:41 -------- d-----w- c:\documents and settings\James\Application Data\Malwarebytes
2009-07-22 21:16 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 21:16 . 2009-07-23 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 21:16 . 2009-07-22 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-22 21:16 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 05:23 . 2009-07-22 05:23 -------- d-----w- c:\windows\ERUNT
2009-07-22 05:22 . 2009-07-22 06:14 -------- d-----w- C:\SDFix
2009-07-21 23:35 . 2009-07-24 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-08 02:56 . 2009-05-27 02:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-07-05 01:42 . 2009-07-05 01:42 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\AVG Security Toolbar
2009-07-03 19:15 . 2009-07-03 19:15 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Yahoo
2009-06-28 08:00 . 2009-07-14 05:28 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-27 16:09 . 2009-06-27 16:09 -------- d-----w- c:\documents and settings\linda huser\Local Settings\Application Data\AVG Security Toolbar
2009-06-26 23:45 . 2009-06-26 23:45 -------- d-----w- c:\documents and settings\levi\Local Settings\Application Data\AVG Security Toolbar
2009-06-26 22:22 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-26 04:03 . 2009-06-26 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-26 04:02 . 2009-06-26 04:02 -------- d-----w- c:\program files\AVG
2009-06-26 04:02 . 2009-07-23 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 21:26 . 2006-10-19 05:20 -------- d-----w- c:\program files\Java
2009-07-24 19:09 . 2009-07-24 19:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-24 19:09 . 2009-07-24 19:09 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-24 19:00 . 2004-01-09 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\1
2009-07-23 19:10 . 2003-10-27 06:00 67664 ----a-w- c:\documents and settings\James\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-23 19:10 . 2005-06-28 00:50 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-07-23 17:46 . 2005-06-28 18:10 -------- d-----w- c:\documents and settings\James\Application Data\Lavasoft
2009-07-23 16:37 . 2007-03-27 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-10 04:40 . 2004-05-18 01:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-06 04:48 . 2008-06-30 23:31 -------- d-----w- c:\program files\Freeciv-2.1.5-gtk2
2009-07-06 04:21 . 2008-03-05 23:21 -------- d--ha-w- c:\documents and settings\All Users\Application Data\GTek
2009-07-06 04:21 . 2007-03-26 21:36 28276 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2009-07-03 19:09 . 2006-06-13 05:01 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
2009-06-30 09:48 . 2008-09-10 06:23 -------- d-----w- c:\program files\Applications
2009-06-23 05:47 . 2003-10-24 17:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-23 05:46 . 2004-11-24 06:13 -------- d-----w- c:\program files\ESPNMotion
2009-06-23 05:44 . 2004-05-18 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-23 05:38 . 2009-06-23 05:38 67 ----a-w- c:\program files\rem_cdk.bat
2009-06-23 05:37 . 2009-06-23 05:37 -------- d-----w- c:\program files\MSN Messenger
2009-06-23 05:37 . 2008-03-03 20:14 -------- d-----w- c:\program files\MySpace
2009-06-23 05:33 . 2008-01-18 21:48 -------- d-----w- c:\program files\Yahoo!
2009-06-22 19:49 . 2009-06-22 19:35 -------- d--h--w- c:\documents and settings\levi\Application Data\ijjigame
2009-06-22 19:36 . 2009-06-22 19:36 220926964 ----a-w- c:\documents and settings\levi\Application Data\ijjigame\U_GUNZ_setup.exe
2009-06-22 19:17 . 2009-06-22 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2009-06-22 19:15 . 2009-06-22 19:15 -------- d-----w- c:\program files\NHN USA
2009-06-22 19:15 . 2003-10-27 01:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 14:55 . 2003-03-31 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 20:20 . 2009-06-12 20:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 20:17 . 2009-06-12 20:17 152576 ----a-w- c:\documents and settings\James\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-04 00:48 . 2009-06-22 19:17 779720 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PurpleBean.exe
2009-06-03 19:27 . 2003-05-30 17:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 01:08 . 2009-06-22 19:17 591320 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ExLauncher.exe
2009-05-27 00:31 . 2009-06-22 19:15 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-13 03:48 . 2009-06-22 19:15 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-05-07 15:44 . 2003-03-31 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-06-29 04:20 . 2008-06-23 19:09 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2005-02-04 05:36 . 2005-01-14 03:25 475 --sha-w- c:\windows\system32\xibhhkeb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-02 282624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2002-04-19 87039]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-24 113664]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2004-2-8 200704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\cinetray.exe [2002-9-18 98304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Documents and Settings\\levi\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/23/2009 2:54 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [7/24/2009 12:08 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [7/24/2009 12:08 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [7/24/2009 12:08 PM 482352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [7/24/2009 12:08 PM 115560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090206.001\IDSxpx86.sys [7/24/2009 12:08 PM 276344]
S2 xuwk;xuwk;c:\windows\system32\drivers\mjplgi.sys --> c:\windows\system32\drivers\mjplgi.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
.
Contents of the 'Scheduled Tasks' folder
2009-07-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
2009-07-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 21:06]
2009-07-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
2009-07-24 c:\windows\Tasks\System Restore.job
- c:\windows\system32\Restore\rstrui.exe [2003-10-23 07:56]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-DIGStream - c:\program files\DIGStream\digstream.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\James\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\wakxce4i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2009-07-25 08:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,86,ea,d1,6a,16,2f,43,a1,fa,d9,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,86,ea,d1,6a,16,2f,43,a1,fa,d9,\
[HKEY_USERS\S-1-5-21-1659004503-220523388-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-07-25 8:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-25 15:39
Pre-Run: 3,347,161,088 bytes free
Post-Run: 4,667,256,832 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
297 --- E O F --- 2009-07-24 08:17
thanks again for your assist and expertise in helping me clean this mess up
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| reply to pokesph
Please disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.
IMVU 3D messenger has been known to cause problems and, unless it is something you really want to keep, I recommend optionally removing it using the Control Panel's Add or Remove Programs.
I see you have Viewpoint installed...
Viewpoint Manager is considered to be foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". This will change though, please read this article:
»www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
- Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
Reboot afterwards. -- Important!
If you chose to uninstall Viewpoint, after rebooting, using Windows Explorer delete the following folder if still there:
C:\Program Files\Viewpoint
Please Run Malwarebytes' Anti-Malware.
- Click the Update tab.
- Click Check for Updates.
- If an update is found, it will download and install.
- Click the Scanner tab.
- Select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
I still see entries for AVG 8 in your log.
Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.
Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\AVG
We need to make sure you have the most recent version of ComboFix.
Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from one of these links:
Save the file to your Desktop.
Close any open browsers.
Close your AntiVirus and any anti-spyware programs you may be running.
For this next step, please ensure that ComboFix.exe is on your desktop:
Please open Notepad*Do Not Use Wordpad!*(Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.
quote:
Driver::
xuwk
FIle::
c:\windows\system32\drivers\mjplgi.sys
c:\windows\system32\xibhhkeb.dll
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply.
Download the latest version of Kaspersky Virus Removal Tool
- Reboot to Safe mode.
- Close all other applications and double-click and run the installer.
- When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
- If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
- After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
- In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
- If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
- In the Scan window click the Reports button and select Save to file.
- Name the report AVPT.txt, and save it to the Desktop.
- Close AVPTool.
- You will be prompted if you want to uninstall the program; click Yes.
- You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
- Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.
Please post a new HijackThis log, the log from MBAM, the requested portion of the Kaspersky log (the Detected section), and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.
--
Proud ASAP member since 2005
Microsoft MVP/Windows Security 2009 | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
·Comcast
1 edit | reply to pokesph
OK,
Defender is disabled (has been since last runs..)
IMVU has been removed
Viewpoint has been uninstalled completely
malwarebytes removal of noted entries done
and combo fix w/ script has ran.
Kaspersky's AVPT tool has scanned, noted 2 deletions.
logs follow, latest HighJack this, malwarebytes, AVPT detected, and combofix's (in a second post)
-------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:44 PM, on 7/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijaxThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\James\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »a1540.g.akamai.net/7/1540/52/200···ugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - »www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%20Twist/Images/stg_drm.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - »tools.ebayimg.com/eps/wl/activex···3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »update.microsoft.com/microsoftup···31482312
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - »launch.gamespyarcade.com/softwar···unch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···ient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - »us.dl1.yimg.com/download.yahoo.c···lete.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »fpdownload2.macromedia.com/get/f···lash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - »download.mcafee.com/molbin/iss-l···scan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - »chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - »www.creative.com/SU/ocx/12119/CTPID.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - Logitech Inc. - (no file)
O23 - Service: McAfee Network Agent (McNASvc) - Logitech Inc. - (no file)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 9346 bytes
-------------------------------------------------------------
Malwarebytes' Anti-Malware 1.39
Database version: 2502
Windows 5.1.2600 Service Pack 2
7/25/2009 6:46:36 PM
mbam-log-2009-07-25 (18-46-36).txt
Scan type: Quick Scan
Objects scanned: 121646
Time elapsed: 7 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------------------------------------
AVPT Scan
----
Scanned: 752752
Detected: 2
Untreated: 0
Start time: 7/25/2009 7:41:29 PM
Duration: 17:55:05
Finish time: 7/26/2009 1:36:34 PM
Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.Monder.cqcs File: C:\System Volume Information\_restore{6A1300FD-635C-4B9B-9F26-01F602E8D656}\RP1555\A0820748.dll
deleted: Trojan program Trojan.Win32.Agent.clxm File: C:\System Volume Information\_restore{6A1300FD-635C-4B9B-9F26-01F602E8D656}\RP1555\A0820755.dll
-------------------------------------------------------------
no notable errors aside from password protected file access errors..
combofix logs follow...
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
·Comcast
| reply to pokesph
... continued
ComboFix Log
----------------------------------------------------------------
ComboFix 09-07-24.03 - James 07/25/2009 18:59.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.228 [GMT -7:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\James\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
"c:\wimdows\system32\drivers\mjplgi.sys"
"c:\windows\system32\xibhhkeb.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\xibhhkeb.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XUWK
-------\Service_xuwk
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.
2009-07-26 02:14 . 2009-07-24 19:08 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-07-24 19:10 . 2009-07-24 19:08 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-07-24 19:09 . 2009-07-24 19:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-24 19:09 . 2009-07-24 19:09 -------- d-----w- c:\program files\Symantec
2009-07-24 19:09 . 2009-07-24 19:09 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-24 19:09 . 2009-07-24 19:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-24 19:07 . 2009-07-24 19:07 -------- d-----w- c:\windows\system32\drivers\NIS
2009-07-24 19:07 . 2009-07-24 19:07 -------- d-----w- c:\program files\Norton Internet Security
2009-07-24 19:07 . 2009-07-25 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-24 19:07 . 2009-07-24 19:07 -------- d-----w- c:\program files\Windows Sidebar
2009-07-24 19:07 . 2009-07-24 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-24 19:07 . 2009-07-24 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-24 19:07 . 2009-07-24 19:07 -------- d-----w- c:\program files\NortonInstaller
2009-07-24 01:27 . 2009-07-24 01:27 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Symantec
2009-07-24 01:15 . 2009-07-24 19:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-24 01:14 . 2009-07-24 18:23 -------- d-----w- c:\program files\old_Norton Internet Security
2009-07-23 22:08 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-23 21:54 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-23 21:53 . 2009-07-23 21:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-23 21:53 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-23 21:52 . 2009-07-23 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-23 21:52 . 2009-07-23 21:52 -------- d-----w- c:\program files\Lavasoft
2009-07-23 19:10 . 2009-07-23 19:10 -------- d-----w- c:\program files\Windows Defender
2009-07-23 19:08 . 2009-07-23 19:08 -------- d-----w- c:\program files\Trend Micro
2009-07-23 16:41 . 2009-07-23 16:41 -------- d-----w- c:\documents and settings\James\Application Data\Malwarebytes
2009-07-22 21:16 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 21:16 . 2009-07-23 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 21:16 . 2009-07-22 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-22 21:16 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 05:23 . 2009-07-22 05:23 -------- d-----w- c:\windows\ERUNT
2009-07-22 05:22 . 2009-07-22 06:14 -------- d-----w- C:\SDFix
2009-07-21 23:35 . 2009-07-24 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-08 02:56 . 2009-05-27 02:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-07-05 01:42 . 2009-07-05 01:42 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\AVG Security Toolbar
2009-07-03 19:15 . 2009-07-03 19:15 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Yahoo
2009-06-28 08:00 . 2009-07-14 05:28 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-27 16:09 . 2009-06-27 16:09 -------- d-----w- c:\documents and settings\linda huser\Local Settings\Application Data\AVG Security Toolbar
2009-06-26 23:45 . 2009-06-26 23:45 -------- d-----w- c:\documents and settings\levi\Local Settings\Application Data\AVG Security Toolbar
2009-06-26 22:22 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-26 04:03 . 2009-06-26 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-26 04:02 . 2009-07-23 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 01:29 . 2004-01-20 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-25 20:47 . 2004-01-08 07:20 -------- d-----w- c:\program files\NoAdware
2009-07-25 18:39 . 2007-03-27 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-24 21:26 . 2006-10-19 05:20 -------- d-----w- c:\program files\Java
2009-07-24 19:09 . 2009-07-24 19:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-24 19:09 . 2009-07-24 19:09 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-24 19:00 . 2004-01-09 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\1
2009-07-23 19:10 . 2003-10-27 06:00 67664 ----a-w- c:\documents and settings\James\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-23 19:10 . 2005-06-28 00:50 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-07-23 17:46 . 2005-06-28 18:10 -------- d-----w- c:\documents and settings\James\Application Data\Lavasoft
2009-07-10 04:40 . 2004-05-18 01:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-06 04:48 . 2008-06-30 23:31 -------- d-----w- c:\program files\Freeciv-2.1.5-gtk2
2009-07-06 04:21 . 2008-03-05 23:21 -------- d--ha-w- c:\documents and settings\All Users\Application Data\GTek
2009-07-06 04:21 . 2007-03-26 21:36 28276 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2009-07-03 19:09 . 2006-06-13 05:01 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
2009-06-30 09:48 . 2008-09-10 06:23 -------- d-----w- c:\program files\Applications
2009-06-23 05:47 . 2003-10-24 17:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-23 05:46 . 2004-11-24 06:13 -------- d-----w- c:\program files\ESPNMotion
2009-06-23 05:44 . 2004-05-18 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-23 05:38 . 2009-06-23 05:38 67 ----a-w- c:\program files\rem_cdk.bat
2009-06-23 05:37 . 2009-06-23 05:37 -------- d-----w- c:\program files\MSN Messenger
2009-06-23 05:37 . 2008-03-03 20:14 -------- d-----w- c:\program files\MySpace
2009-06-23 05:33 . 2008-01-18 21:48 -------- d-----w- c:\program files\Yahoo!
2009-06-22 19:49 . 2009-06-22 19:35 -------- d--h--w- c:\documents and settings\levi\Application Data\ijjigame
2009-06-22 19:36 . 2009-06-22 19:36 220926964 ----a-w- c:\documents and settings\levi\Application Data\ijjigame\U_GUNZ_setup.exe
2009-06-22 19:17 . 2009-06-22 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2009-06-22 19:15 . 2009-06-22 19:15 -------- d-----w- c:\program files\NHN USA
2009-06-22 19:15 . 2003-10-27 01:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 14:55 . 2003-03-31 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 20:20 . 2009-06-12 20:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 20:17 . 2009-06-12 20:17 152576 ----a-w- c:\documents and settings\James\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-04 00:48 . 2009-06-22 19:17 779720 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PurpleBean.exe
2009-06-03 19:27 . 2003-05-30 17:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 01:08 . 2009-06-22 19:17 591320 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ExLauncher.exe
2009-05-27 00:31 . 2009-06-22 19:15 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-13 03:48 . 2009-06-22 19:15 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-05-07 15:44 . 2003-03-31 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-06-29 04:20 . 2008-06-23 19:09 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-25_15.26.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-26 02:18 . 2009-07-26 02:18 16384 c:\windows\Temp\Perflib_Perfdata_760.dat
+ 2009-07-26 02:15 . 2009-07-26 02:15 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat
+ 2009-07-26 02:14 . 2009-07-26 02:14 16384 c:\windows\Temp\Perflib_Perfdata_198.dat
+ 2007-03-30 19:28 . 2009-07-26 02:16 5079040 c:\windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-30 19:28 . 2009-07-25 15:25 5079040 c:\windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-02 282624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2002-04-19 87039]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-24 113664]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2004-2-8 200704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\cinetray.exe [2002-9-18 98304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Documents and Settings\\levi\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/23/2009 2:54 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [7/24/2009 12:08 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [7/24/2009 12:08 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [7/24/2009 12:08 PM 482352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [7/24/2009 12:08 PM 115560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090206.001\IDSxpx86.sys [7/24/2009 12:08 PM 276344]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
.
Contents of the 'Scheduled Tasks' folder
2009-07-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
2009-07-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 21:06]
2009-07-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
2009-07-24 c:\windows\Tasks\System Restore.job
- c:\windows\system32\Restore\rstrui.exe [2003-10-23 07:56]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\James\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\wakxce4i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2009-07-25 19:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,86,ea,d1,6a,16,2f,43,a1,fa,d9,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,86,ea,d1,6a,16,2f,43,a1,fa,d9,\
[HKEY_USERS\S-1-5-21-1659004503-220523388-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-07-26 19:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-26 02:26
ComboFix2.txt 2009-07-25 15:39
Pre-Run: 4,749,787,136 bytes free
Post-Run: 4,711,890,944 bytes free
262 --- E O F --- 2009-07-24 08:17
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
1 edit | Please run HijackThis, click on "Open the Misc Tools section", and then on "Open Uninstall Manager".
Highlight the entry for CONTROLTOTAL
On the right-hand side of the window there is a block that lists the Uninstall command:.
Write down that string and post it in your next reply.
Close HijackThis.
Go to Start > Control Panel > Add or Remove Programs and remove the following program:
CONTROLTOTAL
You also need the current version of Adobe Acrobat Reader to correct security vulnerabilities.
Go to Start > Control Panel > Add or Remove Programs and remove the following program:
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.2 ME
Then go to »www.adobe.com and download and install the current version of Acrobat Reader.
Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\James\Start Menu\Programs\IMVU\Run IMVU.lnk
Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.
Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.
Then using Windows Explorer delete the following folder (if still there):
C:\Documents and Settings\James\Start Menu\Programs\IMVU
Now you need to hide the files you un-hid earlier:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading unselect "Show hidden files and folders".
Check the "Hide protected operating system files (recommended)" option.
Click Yes to confirm. Click OK.
I would still like to see a clean MBAM log, those entries were still there.
Please Run Malwarebytes' Anti-Malware.
- Click the Update tab.
- Click Check for Updates.
- If an update is found, it will download and install.
- Exit MBAM.
- Reboot to Safe mode (NOT with networking)
- Start MBAM.
- Click the Scanner tab.
- Select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
With all that was there to start with, I would run another virus scanner, as we probably have not found everything.
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan
Wait for the scan to finish
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log in your next reply.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6.
- Scroll down to where it says "Java SE Runtime Environment (JRE), JRE 6 Update 14".
- Click the "Download" button to the right.
- In the Window that opens, select Windows, and check the "agree" box and click "Continue".
- Click on the link to download Windows Offline Installation and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Examples of older versions in Add or Remove Programs:
-- Java 2 Runtime Environment, SE v1.4.2
-- J2SE Runtime Environment 5.0
-- J2SE Runtime Environment 5.0 Update 2
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u14-windows-i586-p.exe that you downloaded to install the newest version.
Please post a new HijackThis log, the log from MBAM, the log from ESET's online scanner, and note any errors encountered.
--
Proud ASAP member since 2005
Microsoft MVP/Windows Security 2009 | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
·Comcast
| reply to pokesph
quote:
Highlight the entry for CONTROLTOTAL
On the right-hand side of the window there is a block that lists the Uninstall command:.
cmd: C:\Program Files\CONTROLTOTAL\uninstall.exe
adobe acrobat reader(s) removed and updated.
HighjackThis object: O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\James\Start Menu\Programs\IMVU\Run IMVU.lnk has been removed
Deleted the folder:
C:\Documents and Settings\James\Start Menu\Programs\IMVU
MBAM found a couple more.. deleted. (in the _restore dir)
Ran the ESET Online Scanner
Old java updated, restarted and new ver installed.
logs follow, latest Highjackthis, MBAM and eset's in that order..
-------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:40 PM, on 7/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijaxThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »a1540.g.akamai.net/7/1540/52/200···ugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - »www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%20Twist/Images/stg_drm.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - »tools.ebayimg.com/eps/wl/activex···3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »update.microsoft.com/microsoftup···31482312
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - »launch.gamespyarcade.com/softwar···unch.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - »download.eset.com/special/eos/On···nner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···ient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - »us.dl1.yimg.com/download.yahoo.c···lete.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »fpdownload2.macromedia.com/get/f···lash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - »download.mcafee.com/molbin/iss-l···scan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - »chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - »www.creative.com/SU/ocx/12119/CTPID.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - Logitech Inc. - (no file)
O23 - Service: McAfee Network Agent (McNASvc) - Logitech Inc. - (no file)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 9097 bytes
-------------------------------------------------------------
Malwarebytes' Anti-Malware 1.39
Database version: 2510
Windows 5.1.2600 Service Pack 2
7/26/2009 9:28:09 PM
mbam-log-2009-07-26 (21-28-09).txt
Scan type: Quick Scan
Objects scanned: 120760
Time elapsed: 9 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------------------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=339c5456da0be64cb9c8811aaca940b8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-27 06:06:13
# local_time=2009-07-26 11:06:13 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3588 41 100 96 2122617343750
# compatibility_mode=5889 61 66 100 731035832968750
# scanned=123901
# found=8
# cleaned=8
# scan_time=4671
C:\Documents and Settings\James\Desktop\nero\Nero-8.2.8.0_eng_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\QqrXFfhk.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\QqrXFfhk.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\QYFNnnnn.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\QYFNnnnn.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{6A1300FD-635C-4B9B-9F26-01F602E8D656}\RP1557\A0821816.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{6A1300FD-635C-4B9B-9F26-01F602E8D656}\RP1557\A0821817.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{6A1300FD-635C-4B9B-9F26-01F602E8D656}\RP1561\A0822343.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Download the Registry Search Tool from here:
Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)
In the dialog that opens enter the following:
minibugtransporter
Press 'OK'
The search will run for a while then alert you when it is finished.
Press 'OK' and copy the contents of the WordPad window and post in this thread.
--
Proud ASAP member since 2005
Microsoft MVP/Windows Security 2009 | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs: | reply to pokesph
regsrch for minibugtransporter
"no instances found" | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Please run Notepad and copy the following text into a new file:
quote:
sc config MBackMonitor start= disabled
sc stop MBackMonitor
sc delete MBackMonitor
sc config McNASvc start= disabled
sc stop McNASvc
sc delete McNASvc
Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. Please note any errors encountered.
I recommend installing a software firewall. I didn't see one in your HijackThis log (the XP firewall isn't sufficient protection, it only checks incoming data). Two free firewalls are Sunbelt Personal Firewall available from »www.sunbeltsoftware.com/Home-Hom···Firewall, and Zone Alarm available from »www.zonealarm.com/security/en-us···wall.htm. There is a tutorial on understanding firewalls at »www.bleepingcomputer.com/forums/···l60.html and a tutorial from Markus Jansson on setting up ZoneAlarm at »www.markusjansson.net/eza.html. If you install ZoneAlarm (an excellent firewall), I recommend NOT installing the new optional feature Spy Blocker, as it's run by the questionable search engine Ask.com. You can read more about Ask.com here.
Please post a new HijackThis log.
--
Proud ASAP member since 2005
Microsoft MVP/Windows Security 2009 | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
·Comcast
| reply to pokesph
ComboFix removed successfully.
remove batch file ran without error.
client plans to run NIS 2009 / 2010 on this machine. I will advise to get ZoneAlarm firewall as well.
----------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:10 PM, on 7/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijaxThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »a1540.g.akamai.net/7/1540/52/200···ugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - »www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%20Twist/Images/stg_drm.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - »tools.ebayimg.com/eps/wl/activex···3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »update.microsoft.com/microsoftup···31482312
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - »launch.gamespyarcade.com/softwar···unch.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - »download.eset.com/special/eos/On···nner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···ient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - »us.dl1.yimg.com/download.yahoo.c···lete.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »fpdownload2.macromedia.com/get/f···lash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - »download.mcafee.com/molbin/iss-l···scan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - »chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - »www.creative.com/SU/ocx/12119/CTPID.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 8957 bytes
-------------------------------------------------------------
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| If your version of Spybot Search & Destroy is older than 1.6.2, uninstall it and download and install the current version. If you already have the current version, skip the download and install steps.
Download and install Spybot Search & Destroy:
http://www.safer-networking.org/en/download/index.html
- Accept the Default Settings when installing.
- In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.
- Close ALL windows except Spybot S&D
- ]Click the button to ‘Search for Updates’ and then download and install all available Updates.
- Close Spybot Search & Destroy
Re-run Spybot Search & Destroy
- click the button ‘Check for Problems’
- When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window.
- Make certain there is a check mark beside all of the RED entries ONLY.
- Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
Exit Spybot Search & Destroy.
Note: If there is anything that Spybot Search & Destroy cannot remove, try running it from Safe mode.
That was everything that several different utilities and multiple antivirus scanning engines found. There could still be something there needing to be removed, but we've done what's practical to locate and remove anything bad.
Are there any continuing problems at this point?
--
Proud ASAP member since 2005
Microsoft MVP/Windows Security 2009 | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
·Comcast
| reply to pokesph
spybot S&D installed and updated.
scan ran and all items found were removed.
I find no rogue processes or other nasties running and the PC is actually working well 
M$ update (site) isn't running from IE, but he was using a beta of IE8 still, updating it to see if that solves the problem.
baring the issue with MS Update, all else looks good..
If IE still can't run the update I'll post again saying so.
thanks SO much for your second set of eyes and the major assist with this seriously messed up box.
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com | |
-
|
