 |
 |
| 
Pinkus
New Member
Date Joined Sep 2007
Total Posts : 9
| Posted 9-15-2007 2:42 (GMT +1) |   | Hello,
I've seem to have gotten smitfraud-c. I've restarted in safemode and run both smitfraudfix and smitrem. Neither has removed it. Every time I try and then reboot spybot will find it again. The only real thing that is noticable is that I can't use cont/alt/del and my background keeps getting canged.
I hope I followed all the forum rules correctly. Here are my log files:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:33:17 AM 9/15/2007
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208} -> Adware.Accoona : Cleaned with backup (quarantined).
HKU\S-1-5-21-789336058-879983540-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4} -> Adware.ActivShopper : Cleaned with backup (quarantined).
HKU\S-1-5-21-789336058-879983540-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Cleaned with backup (quarantined).
HKU\S-1-5-21-789336058-879983540-839522115-1004\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-789336058-879983540-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks\amp2pl.exe -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\U.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.296:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.337:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.494:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gretchen\Cookies\gretchen@msnportal.112.2o7.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.51:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.69:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.70:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.687:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.97:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Gretchen\Cookies\gretchen@atdmt.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.636:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.709:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.621:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Gretchen\Cookies\gretchen@doubleclick.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.205:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.206:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.247:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.248:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.672:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.673:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.674:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.648:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.389:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.390:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.391:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.393:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.750:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.58:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.59:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.60:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.61:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.62:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.63:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.64:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.65:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.66:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.420:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.421:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.433:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.434:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.435:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.690:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.443:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.446:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.447:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.448:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.449:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.450:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.451:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.452:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.453:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.454:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.455:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.623:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Gretchen\Cookies\gretchen@revsci.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.194:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.137:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.468:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.469:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.470:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.471:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.472:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.497:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.498:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.499:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.500:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.501:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.56:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.510:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.511:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.512:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.513:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.625:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.626:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.525:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.526:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.529:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Gretchen\Cookies\gretchen@tribalfusion.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.437:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.438:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.439:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.440:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.441:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.548:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.572:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.573:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.574:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.653:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.616:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.617:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.618:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.619:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.620:C:\Documents and Settings\Gretchen\Application Data\Mozilla\Firefox\Profiles\lm2o80p6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gretchen\Cookies\gretchen@ad.yieldmanager.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\winh32.exe -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
Sat 09/15/2007 9:34:02.14
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 09:34:02
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000213
scanning hidden files ...
hidden processes: 0
hidden files: 0
ComboFix 07-09-14.2 - "Gaming" 2007-09-15 9:35:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1681 [GMT -4:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
.
2007-09-15 09:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-15 09:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-15 09:18 <DIR> d-------- C:\Program Files\CCleaner
2007-09-15 04:39 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-15 04:21 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
2007-09-15 04:06 <DIR> d-------- C:\desktopclean
2007-09-15 03:14 2,378 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-15 02:54 <DIR> d-------- C:\WINDOWS\pss
2007-09-15 02:33 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-09-15 02:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-15 02:17 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-09-15 01:57 21,504 --a------ C:\WINDOWS\system32\qiawpbjj.dll
2007-09-15 01:57 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-09-13 16:02 492,544 --a------ C:\WINDOWS\system32\HtBt.dll
2007-09-12 17:02 76,800 --a------ C:\WINDOWS\system32\unrar.dll
2007-09-12 17:02 543,232 --a------ C:\WINDOWS\system32\GE.dll
2007-09-12 17:02 481,792 --a------ C:\WINDOWS\system32\SoUI.dll
2007-09-12 17:02 310,691 --a------ C:\WINDOWS\system32\head.exe
2007-09-12 17:02 <DIR> d-------- C:\Program Files\SoftPortal
2007-09-11 21:14 <DIR> d-------- C:\Program Files\My Sam's Club Digital Photo Center
2007-09-11 21:14 <DIR> d-------- C:\DOCUME~1\Gaming\APPLIC~1\My Sam's Club Digital Photo Center
2007-09-11 21:09 589,824 --a------ C:\WINDOWS\system32\DVDRProX.dll
2007-09-11 21:03 <DIR> d-------- C:\DOCUME~1\Gaming\APPLIC~1\Digital Album Organizer
2007-08-31 17:23 <DIR> d-------- C:\DOCUME~1\Gaming\APPLIC~1\WinRAR
2007-08-31 17:20 <DIR> d-------- C:\Program Files\WinAce
2007-08-31 17:13 <DIR> d-------- C:\Program Files\OCTGN
2007-08-28 16:05 <DIR> d-------- C:\temp
2007-08-28 16:05 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-08-25 16:30 <DIR> d-------- C:\Program Files\CCG Workshop
2007-08-17 16:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-15 01:57 567 --a------ C:\WINDOWS\system32\drivers\users_rating.gif
2007-09-15 01:56 841 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
2007-09-15 01:56 811 --a------ C:\WINDOWS\system32\drivers\download_btn.gif
2007-09-15 01:56 746 --a------ C:\WINDOWS\system32\drivers\buy_btn.gif
2007-09-15 01:56 737 --a------ C:\WINDOWS\system32\drivers\logo_bg.gif
2007-09-15 01:56 580 --a------ C:\WINDOWS\system32\drivers\features.gif
2007-09-15 01:56 579 --a------ C:\WINDOWS\system32\drivers\spy_away_header_small.gif
2007-09-15 01:56 5097 --a------ C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-09-15 01:56 4557 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
2007-09-15 01:56 427 --a------ C:\WINDOWS\system32\drivers\4_stars.gif
2007-09-15 01:56 365 --a------ C:\WINDOWS\system32\drivers\5_stars.gif
2007-09-15 01:56 1804 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
2007-09-15 01:56 14484 --a------ C:\WINDOWS\system32\drivers\protect.gif
2007-09-15 01:56 1139 --a------ C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-09-15 01:56 1009 --a------ C:\WINDOWS\system32\drivers\arrow.gif
2007-09-15 01:41 --------- d-------- C:\Program Files\Trillian
2007-09-15 01:41 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\Xfire
2007-09-11 21:09 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-11 14:05 --------- d---s---- C:\Program Files\Xfire
2007-08-12 20:38 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\Leadertech
2007-08-12 20:38 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\AdobeUM
2007-08-12 20:38 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\AdobeAUM
2007-08-12 01:20 --------- d-------- C:\Program Files\GRETECH
2007-08-12 01:20 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\GRETECH
2007-08-09 05:51 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\BitTorrent
2007-07-29 19:26 --------- d-------- C:\Program Files\mIRC
2007-06-30 10:18 4 -r-hs---- C:\MSDOS.BIN
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{026B5895-3E8E-49A9-8EEE-B52A326DA962}]
2007-09-15 01:57 21504 --a------ C:\WINDOWS\system32\qiawpbjj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF3446E8-FC32-4E55-9C56-0B8DA015FC10}]
2007-08-23 17:02 543232 --a------ C:\WINDOWS\system32\GE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-01-23 21:39]
"nwiz"="nwiz.exe" [2007-01-23 21:39 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-01-23 21:39]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-08-18 04:52]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [2005-08-11 13:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autoplay.exe
*Newly Created Service* - AVGASCLN
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 09:37:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-15 9:37:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-15 09:37
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 9:40:05 AM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gaming\Desktop\alternativ.exe
O2 - BHO: qiawpbjj.msdn_hlp - {026B5895-3E8E-49A9-8EEE-B52A326DA962} - C:\WINDOWS\system32\qiawpbjj.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {EF3446E8-FC32-4E55-9C56-0B8DA015FC10} - C:\WINDOWS\system32\GE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179588240532
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)Post Edited (Pinkus) : 15-09-2007 13:47:57 GMT | | Back to Top | | |
|
Pinkus
New Member
Date Joined Sep 2007
Total Posts : 9
| Posted 9-15-2007 4:35 (GMT +1) | | Okay, so here is what I did:
I rebooted back into safe mode.
I ran all the programs you listed in your "do this first" thread. I then ran smitfraudfix and smitrem programs.
I then scanned with spybot and only found 2 entries for aconti. Then rebooted back into normal windows
Everything seemed to be fine for like 5 minutes. I decided to run another spybot scan to see if anything was left. As soon as I clicked scan, literally, my desktop got changed again and my toolbar had that "you computer may be infected, click to install" popup...
Now spybot shows 4 entries for smitfraud again...
I've used spybot to deny a change to my registry for some browser helper. Now spybot tells me every minute that it has denied about 8 attempts to change registry for this browser helper object.
This is what I scan, pretty much everytime, with spybot.
cnsmin
7fasst
accoona
adbreak
inetspeak
smitfraud-c
swagent
I also just got a microsoft.windowssecuritycenter.taskmanager registry change showing up in the spybot scan.
I also noticed that for the first 5 minutes of windows being up and running, cont.alt.delete worked, now it has been disabled again. | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14296
| Posted 9-15-2007 4:45 (GMT +1) | | Hi Pinkus
Please download Free Version of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
Download and install DrWebCureit:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
http://spywareinfo.dk/download/drweb-cureit.exe
to your desktop.
Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the green screwdriver-
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select -Delete
Click on the drive(s) you want to scan . A red dot will mark the selected drive(s) . Then hit the green arrow in lower right corner It will now scan your drive(s), say yes to all
After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Start Superantispyware.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot
Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.
Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running ?
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14296
| Posted 9-16-2007 1:36 (GMT +1) | | |
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:
O2 - BHO: (no name) - {026B5895-3E8E-49A9-8EEE-B52A326DA962} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {EF3446E8-FC32-4E55-9C56-0B8DA015FC10} - C:\WINDOWS\system32\GE.dll (file missing)
You may want to print this or save it to notepad as we will go to safe mode.
Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
Delete-
Files:
C:\WINDOWS\system32\qiawpbjj.exe
Reboot normally
1. Download AVG Anti-Virus Free Edition
2. AVG Free Anti-Virus can be downloaded from the AVG website.
3. Scroll down the page and click Download Free Version. Under the Windows section, click to download the file under AVG Free for Windows installation files. Click OK to save the file to your PC.
4. Double-click the file you downloaded, and click Next on the welcome screen. Click Accept to agree to the License Agreement. Choose Standard Installation then click Next.
5. A window will now pop-up if there are any available updates. Click Update to download them. AVG will download and automatically install any updates. Click OK when finished.
6. Back on the First Run window, click Next to proceed. Leave the Daily Scanning settings as they are and click Next.
7. You now have the option to perform a scan to test your computer for viruses.
8. Click Scan computer!
Reboot normally, post new hijackthis log and tell how things are running ?
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
Pinkus
New Member
Date Joined Sep 2007
Total Posts : 9
| Posted 9-16-2007 5:33 (GMT +1) | | So far so good. Only been a few minutes since the reboot.
The problems I still see are 2 things.
I still can't use cont+alt+del and when I go to change my background it crashes explorer, which really isn't a problem, since it just restarts itself.
I'll give it a few minutes before I claim success, since last time it took like 5 minutes before all hell broke loose again.
Actually, now that I think about it, it seemed to come back when I used spybot to scan, spybot didn't load with windows this time, so maybe I'll just uninstall it to be safe.
Here's my hihackthis log
Logfile of HijackThis v1.99.1
Scan saved at 12:33:54 PM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Gaming\Desktop\alternativ.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179588240532
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) | | Back to Top | | |
|
Pinkus
New Member
Date Joined Sep 2007
Total Posts : 9
| Posted 9-17-2007 2:08 (GMT +1) | | Up and running now for a few hours. Everything is great. Thanks a bunch.
I just have to figure out how to enable cont+alt+del now.
But again, thank you very very much! | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14296
| Posted 9-17-2007 6:33 (GMT +1) | | | Let´s see if SDFix can get crtl+alt+del to run again -
and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
and save it to your desktop.
When you have done this, please boot into Safe Mode (Tap F8 during startup).
Open the extracted folder - C:\ SDFix and doubleclick on RunThis.bat to start the script.
Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of Report.txt back in this thread along with fresh hijackthis log, new combofix log and tell how things are running
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
Pinkus
New Member
Date Joined Sep 2007
Total Posts : 9
| Posted 9-27-2007 11:17 (GMT +1) | | I had something save about 40GBs worth of .tmp files into my system32 folder. I deleted them all, but a few are showing back up.
I ran AVG and found trojan.bho and removed it. Still was getting some problems, so I went back and basically redid everyting you told me to do the first time. After running combofix my system appears to be running fine. And cureit found no virus's. Here's combofix and hijackthis logs:
ComboFix 07-09-14.2 - "Gaming" 2007-09-27 6:10:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1643 [GMT -4:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Gaming\APPLIC~1\microsoft\internet explorer\desktop.htt
C:\DOCUME~1\Gaming\systerm.exe
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\Gaming.\systerm.exe
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\bdebabac.dll
C:\WINDOWS\system32\gln.dll
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\krnl32.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\win32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((( Files Created from 2007-08-27 to 2007-09-27 )))))))))))))))))))))))))))))))
.
2007-09-27 02:33 <DIR> d-------- C:\Program Files\SpywareSoftStop
2007-09-26 22:29 6,176 --a------ C:\WINDOWS\system32\win321.exe
2007-09-26 22:29 31,094 --a------ C:\WINDOWS\system32\center2.exe
2007-09-26 22:29 226,166 --a------ C:\WINDOWS\system32\center.exe
2007-09-26 17:19 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-09-26 15:24 541,696 --a------ C:\WINDOWS\system32\GE.dll
2007-09-22 17:20 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-20 15:38 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-09-20 15:38 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-09-20 15:38 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-09-20 15:38 <DIR> d-------- C:\Program Files\Flagship Studios
2007-09-20 15:31 <DIR> d-------- C:\Hellgate London Beta Setup
2007-09-20 02:33 5,664 --a------ C:\DOCUME~1\Gaming\mssvmdll.dll
2007-09-19 21:52 3,999,951,153 --a------ C:\HGLbetaInstall103.exe
2007-09-19 21:52 <DIR> d-------- C:\DOCUME~1\Gaming\.DownloadManager
2007-09-19 15:56 89,088 --a------ C:\WINDOWS\system32\rtnka.dll
2007-09-19 15:56 1,592,320 --a------ C:\WINDOWS\system32\rtnka.dat
2007-09-17 16:18 632 --a------ C:\WINDOWS\system32\aykvwsys.dat
2007-09-17 16:18 <DIR> d-------- C:\Program Files\ZkeSoft
2007-09-17 16:14 <DIR> d-------- C:\Program Files\Advanced Batch Converter
2007-09-15 11:57 <DIR> d-------- C:\DOCUME~1\Gaming\DoctorWeb
2007-09-15 11:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-15 11:52 <DIR> d-------- C:\DOCUME~1\Gaming\APPLIC~1\SUPERAntiSpyware.com
2007-09-15 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-15 11:30 30,208 --a------ C:\WINDOWS\system32\ace16win.dll
2007-09-15 09:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-15 09:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-15 09:18 <DIR> d-------- C:\Program Files\CCleaner
2007-09-15 04:39 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-15 03:14 2,574 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-15 02:54 <DIR> d-------- C:\WINDOWS\pss
2007-09-15 02:33 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-09-15 02:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-15 02:17 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-09-13 16:02 492,544 --a------ C:\WINDOWS\system32\HtBt.dll
2007-09-12 17:02 76,800 --a------ C:\WINDOWS\system32\unrar.dll
2007-09-12 17:02 481,792 --a------ C:\WINDOWS\system32\SoUI.dll
2007-09-12 17:02 310,691 --a------ C:\WINDOWS\system32\head.exe
2007-09-12 17:02 <DIR> d-------- C:\Program Files\SoftPortal
2007-09-11 21:14 <DIR> d-------- C:\Program Files\My Sam's Club Digital Photo Center
2007-09-11 21:14 <DIR> d-------- C:\DOCUME~1\Gaming\APPLIC~1\My Sam's Club Digital Photo Center
2007-09-11 21:09 589,824 --a------ C:\WINDOWS\system32\DVDRProX.dll
2007-09-11 21:03 <DIR> d-------- C:\DOCUME~1\Gaming\APPLIC~1\Digital Album Organizer
2007-08-31 17:23 <DIR> d-------- C:\DOCUME~1\Gaming\APPLIC~1\WinRAR
2007-08-31 17:20 <DIR> d-------- C:\Program Files\WinAce
2007-08-31 17:13 <DIR> d-------- C:\Program Files\OCTGN
2007-08-28 16:05 <DIR> d-------- C:\temp
2007-08-28 16:05 <DIR> d-------- C:\Program Files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 21:43 --------- d-------- C:\Program Files\Trillian
2007-09-26 18:18 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\BitTorrent
2007-09-26 18:15 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\Xfire
2007-09-26 17:19 --------- d---s---- C:\Program Files\Xfire
2007-09-15 12:11 --------- d-------- C:\Program Files\mIRC
2007-09-15 11:51 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-15 01:57 567 --a------ C:\WINDOWS\system32\drivers\users_rating.gif
2007-09-15 01:56 841 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
2007-09-15 01:56 811 --a------ C:\WINDOWS\system32\drivers\download_btn.gif
2007-09-15 01:56 746 --a------ C:\WINDOWS\system32\drivers\buy_btn.gif
2007-09-15 01:56 737 --a------ C:\WINDOWS\system32\drivers\logo_bg.gif
2007-09-15 01:56 580 --a------ C:\WINDOWS\system32\drivers\features.gif
2007-09-15 01:56 579 --a------ C:\WINDOWS\system32\drivers\spy_away_header_small.gif
2007-09-15 01:56 5097 --a------ C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-09-15 01:56 4557 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
2007-09-15 01:56 427 --a------ C:\WINDOWS\system32\drivers\4_stars.gif
2007-09-15 01:56 365 --a------ C:\WINDOWS\system32\drivers\5_stars.gif
2007-09-15 01:56 1804 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
2007-09-15 01:56 14484 --a------ C:\WINDOWS\system32\drivers\protect.gif
2007-09-15 01:56 1139 --a------ C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-09-15 01:56 1009 --a------ C:\WINDOWS\system32\drivers\arrow.gif
2007-09-11 21:09 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 16:30 --------- d-------- C:\Program Files\CCG Workshop
2007-08-17 16:12 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-12 20:38 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\Leadertech
2007-08-12 20:38 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\AdobeUM
2007-08-12 20:38 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\AdobeAUM
2007-08-12 01:20 --------- d-------- C:\Program Files\GRETECH
2007-08-12 01:20 --------- d-------- C:\DOCUME~1\Gaming\APPLIC~1\GRETECH
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-30 10:18 4 -r-hs---- C:\MSDOS.BIN
.
((((((((((((((((((((((((((((( snapshot_2007-09-15_ 93719.40 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 163,328 2007-09-20 03:46:25 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 3,670,016 2007-09-22 21:28:52 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 147,456 2007-09-22 21:28:52 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-20 03:46:25 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 3,670,016 2007-09-22 21:20:22 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
----a-w 147,456 2007-09-22 21:20:22 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
----a-r 29,696 2007-09-15 15:52:06 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
----a-r 18,944 2007-09-15 15:52:06 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
----a-r 65,024 2007-09-15 15:52:06 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
----a-r 190,696 2007-06-11 17:04:38 C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-dcf7-f96da086b434}]
2007-09-20 02:33 4640 --a------ C:\DOCUME~1\Gaming\LOCALS~1\Temp\winhid64.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C6B8C69-9285-4D94-8492-9E920C8C2B65}]
2007-09-20 02:33 4640 --a------ C:\DOCUME~1\Gaming\LOCALS~1\Temp\mssvmdll.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF3446E8-FC32-4E55-9C56-0B8DA015FC10}]
2007-09-24 23:00 541696 --a------ C:\WINDOWS\system32\GE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-01-23 21:39]
"nwiz"="nwiz.exe" [2007-01-23 21:39 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-01-23 21:39]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-08-18 04:52]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [2005-08-11 13:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"shellbn"="C:\WINDOWS\System32\krnl32.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"SpywareSoftStop"="C:\Program Files\SpywareSoftStop\SpywareSoftStop.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autoplay.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-27 06:12:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-27 6:12:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-27 06:12
C:\ComboFix2.txt ... 2007-09-15 11:04
C:\ComboFix3.txt ... 2007-09-15 09:37
.
--- E O F ---
ComboFix 07-09-14.2 - "Gaming" 2007-09-27 6:10:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1643 [GMT -4:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Gaming\APPLIC~1\microsoft\internet explorer\desktop.htt
C:\DOCUME~1\Gaming\systerm.exe
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\Gaming.\systerm.exe
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\bdebabac.dll
C:\WINDOWS\system32\gln.dll
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\krnl32.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\win32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((( Files Created from 2007-08-27 to 2007-09-27 )))))))))))))))))))))))))))))))
.
2007-09-27 02:33 <DIR> d-------- C:\Program Files\SpywareSoftStop
2007-09-26 22:29 6,176 --a------ C:\WINDOWS\system32\win321.exe
2007-09-26 22:29 31,094 --a------ C:\WINDOWS\system32\center2.exe
2007-09-26 22:29 226,166 --a------ C:\WINDOWS\system32\center.exe
2007-09-26 17:19 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-09-26 15:24 541,696 --a------ C:\WINDOWS\system32\GE.dll
2007-09-22 17:20 <DIR> d------- | |
| |
