Double click
SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in
Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL
C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL
C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE
C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE
C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE
C:\Program Files\??stem\attrib.exe
C:\WINDOWS\system32\?icrosoft\j?vaw.exe
C:\WINDOWS\system32\CFE843F59C.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\WINDOWS\system32\rqtwa.tmp
Finished
Heres an updated Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:38 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
1. Please download
Combofix and save to your desktop:
Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.
Save the File as
CFScript ->> Save it to your
Desktop
Using the Image as a reference, drag
CFScript into
ComboFix.exe
You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply
Contents of the 'Scheduled Tasks' folder
2007-07-18 20:27:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-25 00:01:01 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:18 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Contents of the 'Scheduled Tasks' folder
2007-07-18 20:27:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-25 01:01:02 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
1. Rerun Hijackthis (scan only) and place a check beside the following entry
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Close all other open windows except Hijackthis and Select "
Fix checked"
Close Hijackthis ->> Reboot your PC
2. Please download
ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
Click on Start Scan.
after the scan completes i twill produce a log for you, copy and paste the results of that scan as a reply to this thread
If any infections are found, (After you save the logfile), Click on Remove Infections.
Name: TrackingCookie.Revsci
Path: :mozilla.97:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: :mozilla.98:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: :mozilla.99:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Paypal
Path: :mozilla.109:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.121:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: :mozilla.122:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.129:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.133:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.134:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.136:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.137:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.138:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: :mozilla.143:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.153:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.154:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.155:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.156:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.157:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.161:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.162:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.163:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.164:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: :mozilla.170:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.173:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.174:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.175:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: :mozilla.178:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: :mozilla.179:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.196:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.197:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.198:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.199:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.200:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.201:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.202:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: :mozilla.204:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Cqcounter
Path: :mozilla.209:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.210:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.211:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.212:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.213:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.214:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.215:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.238:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.240:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.241:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.243:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: :mozilla.246:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: :mozilla.249:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: :mozilla.250:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: :mozilla.251:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: :mozilla.254:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: :mozilla.255:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Msn
Path: :mozilla.258:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Msn
Path: :mozilla.259:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Msn
Path: :mozilla.260:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Imrworldwide
Path: :mozilla.273:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Imrworldwide
Path: :mozilla.274:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Burstnet
Path: :mozilla.358:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Com
Path: :mozilla.371:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yadro
Path: :mozilla.681:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yadro
Path: :mozilla.682:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Cqcounter
Path: :mozilla.690:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Clickhype
Path: :mozilla.693:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Webtrends
Path: :mozilla.725:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Live
Path: :mozilla.741:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Live
Path: :mozilla.742:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Live
Path: :mozilla.743:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Burstbeacon
Path: :mozilla.766:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: Adware.PurityScan
Path: C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
Risk: Medium
Name: Hijacker.StartPage
Path: C:\QooBox\Quarantine\C\Program Files\Windows Media Player\qufaqyc.dll.vir
Risk: High
Name: Hijacker.StartPage
Path: C:\QooBox\Quarantine\C\Program Files\Windows Media Player\qufaqyc267.dll.vir
Risk: High
Name: Hijacker.StartPage
Path: C:\QooBox\Quarantine\C\Program Files\Windows Media Player\qufaqyc375.dll.vir
Risk: High
Name: Hijacker.StartPage
Path: C:\QooBox\Quarantine\C\Program Files\Windows Media Player\qufaqyc931.dll.vir
Risk: High
Name: Adware.TTC
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\B0\mwspasrt83122.exe.vir
Risk: Medium
Name: Downloader.Small.eqn
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\B1\wr730.exe.vir
Risk: High
Name: Downloader.VB.awj
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\b10FdUe\b10FdUe1099.exe.vir
Risk: High
Name: Adware.PurityScan
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\ICROSO~1\jаvaw.exe.vir
Risk: Medium
Name: Adware.PurityScan
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\isks.dll.vir
Risk: Medium
Name: Trojan.Small
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\wapisvit.exe.vir
Risk: High
Name: Adware.ZQuest
Path: C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir
Risk: Medium
Name: Rootkit.Agent.eq
Path: C:\SDFix\backups\backups.zip/backups/core.sys
Risk: High
Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Game\Cookies\game@ssl-hints.netflame[1].txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: :mozilla.27:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Fastclick
Path: :mozilla.29:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.30:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.31:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.32:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.33:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.34:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.35:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.36:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.37:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.38:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.40:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: :mozilla.49:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: :mozilla.50:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Overture
Path: :mozilla.55:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: :mozilla.56:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: :mozilla.57:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.58:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.59:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.60:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.61:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.62:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.65:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.66:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.67:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.68:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.69:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Trafficmp
Path: :mozilla.74:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Trafficmp
Path: :mozilla.75:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.76:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.77:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.78:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.79:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.80:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.81:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.86:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.87:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.106:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.107:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.124:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.125:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.126:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.127:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.128:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.129:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: :mozilla.131:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: :mozilla.132:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.151:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.152:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.153:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: :mozilla.154:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: :mozilla.155:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: :mozilla.156:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Euroclick
Path: :mozilla.157:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.158:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.159:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.160:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.161:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Overture
Path: :mozilla.162:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Netflame
Path: :mozilla.7:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Netflame
Path: :mozilla.8:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: :mozilla.58:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.68:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.69:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.70:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.71:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.72:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.73:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.74:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.75:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.83:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.84:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.85:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.86:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.87:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.92:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.93:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.94:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.95:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: :mozilla.96:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
sorry for the delay. The computer is running a lot better now. The pop ups have stopped, however start up still takes awhile. Not sure if thats virus/spyware related but it takes longer than it used to, thats for sure. Overall though, its working great. Thank you very much for your help...was very easy to follow.
here is the hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:56 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Glad to hear it. There are some things we can do to speed up start up. But first, we need to update 2 things
1.Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6.u2. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the " Download" button to the right. Check the box that says: " Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windowsi586-p.exe to install the newest version.
2.Visit Microsoft's Windows
Update Site and download the latest operating system updates
Once done, let me see one more Hijackthis log and we will tweek it for speed
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:27 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
bamajim
10.4K Posts
0
July 23rd, 2007 00:00
It will take a couple of runs at this to completely remove the infection so please be patient
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
username455
28 Posts
0
July 24th, 2007 23:00
heres the SDFix log:
SDFix: Version 1.93
Run by Game on Tue 07/24/2007 at 04:49 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
core
ImagePath:
system32\drivers\core.sys
core - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\poolsv.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\wr.txt - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1159588867\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1159588867\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1159588867\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1159588867\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"="C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL
C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL
C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE
C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE
C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE
C:\Program Files\??stem\attrib.exe
C:\WINDOWS\system32\?icrosoft\j?vaw.exe
C:\WINDOWS\system32\CFE843F59C.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\WINDOWS\system32\rqtwa.tmp
Finished
Heres an updated Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:38 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {641F1887-DE18-ECC9-1C14-8E8DBA578FB4} - C:\WINDOWS\system32\isks.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: 0 - {8A121248-C067-4786-91B9-18CBF1559EDC} - C:\Program Files\Windows Media Player\qufaqyc267.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.7.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 9832 bytes
bamajim
10.4K Posts
0
July 24th, 2007 23:00
1. Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
MRU Graduate
"The world is what you make of it"
bamajim
10.4K Posts
0
July 25th, 2007 00:00
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.bak1
Save the File as CFScript ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
CastleCops Instructor
MRU Graduate
"The world is what you make of it"
username455
28 Posts
0
July 25th, 2007 00:00
"Game" - 2007-07-24 17:59:01 [GMT -7:00] - ComboFix 07-07-24.5 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\asembl~1
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\stem~1
C:\Program Files\stem~1\attrib.exe
C:\Program Files\Windows Media Player\qufaqyc.dll
C:\Program Files\Windows Media Player\qufaqyc267.dll
C:\Program Files\Windows Media Player\qufaqyc375.dll
C:\Program Files\Windows Media Player\qufaqyc931.dll
C:\temp\tn3
C:\WINDOWS\system32\B0
C:\WINDOWS\system32\B0\mwspasrt83122.exe
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\B1\wr730.exe
C:\WINDOWS\system32\b10FdUe
C:\WINDOWS\system32\b10FdUe\b10FdUe1099.exe
C:\WINDOWS\system32\B2
C:\WINDOWS\system32\B3
C:\WINDOWS\system32\B4
C:\WINDOWS\system32\B5
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\icroso~1\j?vaw.exe
C:\WINDOWS\system32\isks.dll
C:\WINDOWS\system32\wapisvit.exe
C:\WINDOWS\tk58.exe
((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))
2007-07-24 17:58 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 16:48 d-------- C:\WINDOWS\ERUNT
2007-07-24 08:52 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-24 08:52 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-23 19:22 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-07-23 19:22 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-07-23 19:22 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-07-23 19:22 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-07-23 19:22 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-07-23 19:22 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-07-23 19:21 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-07-23 19:21 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-07-23 19:21 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-23 19:21 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-07-23 19:20 707,360 --a------ C:\WINDOWS\vVX3000.exe
2007-07-23 19:20 473,888 --a------ C:\WINDOWS\vVX3000.dll
2007-07-23 19:20 199,456 --a------ C:\WINDOWS\system32\LCCoin13.dll
2007-07-23 19:20 183,072 --a------ C:\WINDOWS\system32\cVX3000.dll
2007-07-23 19:20 109,344 --a------ C:\WINDOWS\VX3000.dll
2007-07-23 19:20 1,964,064 --a------ C:\WINDOWS\system32\drivers\VX3000.sys
2007-07-23 19:18 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-23 19:18 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-23 19:18 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-23 19:18 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-23 19:18 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-23 19:18 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-23 19:18 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-23 19:18 d-------- C:\Program Files\Microsoft LifeCam
2007-07-23 19:17 d-------- C:\Program Files\Windows Live Toolbar
2007-07-23 19:17 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-07-21 21:29 73,288 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-07-21 21:29 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-07-21 21:18 d-------- C:\DOCUME~1\Game\APPLIC~1\Download Manager
2007-07-18 14:30 d-------- C:\eL2Walker10.8.6-FULL
2007-07-18 14:29 d-------- C:\eL2Walker1.78
2007-07-18 13:18 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-17 17:23 d-------- C:\Program Files\Common Files\AOL
2007-07-17 17:10 d-------- C:\Program Files\AIM6
2007-07-17 15:53 d-------- C:\Program Files\Lavasoft
2007-07-17 15:53 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-17 15:41 d-------- C:\VundoFix Backups
2007-07-17 10:10 1,808,221 ---hs---- C:\WINDOWS\system32\rqtwa.ini2
2007-07-13 11:42 1,805,376 --ahs---- C:\WINDOWS\system32\rqtwa.bak2
2007-07-11 12:57 1,948,436 --ahs---- C:\WINDOWS\system32\rqtwa.bak1
2007-07-11 12:51 d-------- C:\Temp\brr
2007-07-11 12:51 d-------- C:\Temp\0c2
2007-07-11 12:51 d-------- C:\Temp
2007-07-02 14:28 d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-02 14:27 d-------- C:\Program Files\Common Files\Apple
2007-07-02 14:27 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-30 17:27 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-06-30 16:40 d-------- C:\DOCUME~1\Game\APPLIC~1\Logitech
2007-06-30 16:38 69,376 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-06-30 16:38 55,552 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-06-30 16:38 13,440 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-06-30 16:37 90,112 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-06-30 16:37 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-30 16:37 86,016 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-06-30 16:37 65,536 --a------ C:\WINDOWS\system32\KemXML.dll
2007-06-30 16:37 36,608 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2007-06-30 16:37 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-06-30 16:37 27,776 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-06-30 16:37 143,360 --a------ C:\WINDOWS\system32\kemutb.dll
2007-06-30 16:37 d-------- C:\Program Files\Logitech
2007-06-30 16:37 d-------- C:\Program Files\Common Files\Logitech
2007-06-30 02:13 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-06-25 11:01 d-------- C:\Program Files\Jasc Software Inc
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-24 23:55:55 -------- d-----w C:\Program Files\Steam
2007-07-24 02:17:54 -------- d-----w C:\Program Files\Real
2007-07-24 02:17:17 -------- d-----w C:\Program Files\MSN Messenger
2007-07-24 01:12:11 -------- d-----w C:\Program Files\Warcraft III
2007-07-22 04:32:27 -------- d-----w C:\Program Files\Trend Micro
2007-07-19 02:04:35 -------- d-----w C:\Program Files\Lineage II
2007-07-17 22:53:39 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-17 06:07:35 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-17 06:07:32 88 --sha-r C:\WINDOWS\system32\CFE843F59C.sys
2007-07-13 22:36:37 -------- d-----w C:\Program Files\Yahoo!
2007-07-13 22:35:36 -------- d-----w C:\Program Files\FlashGet
2007-07-11 19:53:57 -------- d-----w C:\Program Files\DivX
2007-07-11 02:09:32 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-02 21:29:59 -------- d-----w C:\Program Files\iTunes
2007-07-02 21:29:53 -------- d-----w C:\Program Files\iPod
2007-07-02 21:29:14 -------- d-----w C:\Program Files\QuickTime
2007-07-01 00:26:20 -------- d-----w C:\Program Files\Viewpoint
2007-06-16 00:12:06 -------- d-----w C:\Program Files\Common Files\Corel
2007-06-16 00:11:37 -------- d-----w C:\Program Files\Corel
2007-06-13 02:00:54 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-06-13 02:00:50 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-13 01:52:00 1,126,328 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-06-06 00:50:00 -------- d-----w C:\Program Files\Veoh Networks
2007-06-04 22:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 22:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 22:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-17 03:17:30 1,162 ----a-w C:\DOCUME~1\Game\APPLIC~1\wklnhst.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 16:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-14 14:01]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 17:46 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 09:01]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48]
"NvMediaCenter"="NvMCTray.dll" [2005-07-08 21:57 C:\WINDOWS\system32\nvmctray.dll]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 14:50]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 02:00 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2005-11-08 10:30 C:\WINDOWS\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-17 23:00]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 18:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-30 16:40]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 16:15]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-30 16:37:40]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 23:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Game^Start Menu^Programs^Startup^Axis & Allies Registration.lnk]
path=C:\Documents and Settings\Game\Start Menu\Programs\Startup\Axis & Allies Registration.lnk
backup=C:\WINDOWS\pss\Axis & Allies Registration.lnkStartup
R0 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\WINDOWS\system32\DRIVERS\sbp2port.sys
R1 DLACDBHM;DLACDBHM;C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
R1 DLARTL_N;DLARTL_N;C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
R1 tmtdi;Trend Micro TDI Driver;C:\WINDOWS\system32\DRIVERS\tmtdi.sys
R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4;C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
R2 DLABOIOM;DLABOIOM;C:\WINDOWS\system32\DLA\DLABOIOM.SYS
R2 DLADResN;DLADResN;C:\WINDOWS\system32\DLA\DLADResN.SYS
R2 DLAIFS_M;DLAIFS_M;C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
R2 DLAOPIOM;DLAOPIOM;C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
R2 DLAPoolM;DLAPoolM;C:\WINDOWS\system32\DLA\DLAPoolM.SYS
R2 DLAUDF_M;DLAUDF_M;C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
R2 DLAUDFAM;DLAUDFAM;C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
R2 DRVNDDM;DRVNDDM;C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
R2 tmpreflt;tmpreflt;C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\drivers\TmXPFlt.sys
R2 vsapint;vsapint;C:\WINDOWS\system32\DRIVERS\vsapint.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
R3 npkcusb;npkcusb;\??\C:\Program Files\Lineage II\system\npkcusb.sys
R3 tmcfw;Trend Micro Common Firewall Service;C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
R3 usbaudio;USB Audio Driver (WDM);C:\WINDOWS\system32\drivers\usbaudio.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\C:\WINDOWS\system32\drivers\NSDriver.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 jgameenp;jgameenp;\??\C:\DOCUME~1\Game\LOCALS~1\Temp\jgameenp.sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1);C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7500fbf5-ce76-11da-8a4a-806d6172696f}]
AutoRun\command- D:\Setup.exe
Contents of the 'Scheduled Tasks' folder
2007-07-18 20:27:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-25 00:01:01 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 18:00:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-24 18:01:07
C:\ComboFix-quarantined-files.txt ... 2007-07-24 18:00
--- E O F ---
username455
28 Posts
0
July 25th, 2007 00:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:18 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Logitech\WebColct\WebColct.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.7.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 9116 bytes
bamajim
10.4K Posts
0
July 25th, 2007 00:00
MRU Graduate
"The world is what you make of it"
username455
28 Posts
0
July 25th, 2007 00:00
"Game" - 2007-07-24 18:45:10 [GMT -7:00] - ComboFix 07-07-24.5 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Game\Desktop\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini2
((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))
2007-07-24 17:58 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 16:48 d-------- C:\WINDOWS\ERUNT
2007-07-24 08:52 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-24 08:52 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-23 19:22 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-07-23 19:22 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-07-23 19:22 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-07-23 19:22 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-07-23 19:22 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-07-23 19:22 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-07-23 19:21 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-07-23 19:21 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-07-23 19:21 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-23 19:21 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-07-23 19:20 707,360 --a------ C:\WINDOWS\vVX3000.exe
2007-07-23 19:20 473,888 --a------ C:\WINDOWS\vVX3000.dll
2007-07-23 19:20 199,456 --a------ C:\WINDOWS\system32\LCCoin13.dll
2007-07-23 19:20 183,072 --a------ C:\WINDOWS\system32\cVX3000.dll
2007-07-23 19:20 109,344 --a------ C:\WINDOWS\VX3000.dll
2007-07-23 19:20 1,964,064 --a------ C:\WINDOWS\system32\drivers\VX3000.sys
2007-07-23 19:18 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-23 19:18 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-23 19:18 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-23 19:18 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-23 19:18 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-23 19:18 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-23 19:18 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-23 19:18 d-------- C:\Program Files\Microsoft LifeCam
2007-07-23 19:17 d-------- C:\Program Files\Windows Live Toolbar
2007-07-23 19:17 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-07-21 21:29 73,288 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-07-21 21:29 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-07-21 21:18 d-------- C:\DOCUME~1\Game\APPLIC~1\Download Manager
2007-07-18 14:30 d-------- C:\eL2Walker10.8.6-FULL
2007-07-18 14:29 d-------- C:\eL2Walker1.78
2007-07-18 13:18 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-17 17:23 d-------- C:\Program Files\Common Files\AOL
2007-07-17 17:10 d-------- C:\Program Files\AIM6
2007-07-17 15:53 d-------- C:\Program Files\Lavasoft
2007-07-17 15:53 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-17 15:41 d-------- C:\VundoFix Backups
2007-07-11 12:51 d-------- C:\Temp\brr
2007-07-11 12:51 d-------- C:\Temp\0c2
2007-07-11 12:51 d-------- C:\Temp
2007-07-02 14:28 d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-02 14:27 d-------- C:\Program Files\Common Files\Apple
2007-07-02 14:27 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-30 17:27 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-06-30 16:40 d-------- C:\DOCUME~1\Game\APPLIC~1\Logitech
2007-06-30 16:38 69,376 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-06-30 16:38 55,552 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-06-30 16:38 13,440 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-06-30 16:37 90,112 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-06-30 16:37 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-30 16:37 86,016 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-06-30 16:37 65,536 --a------ C:\WINDOWS\system32\KemXML.dll
2007-06-30 16:37 36,608 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2007-06-30 16:37 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-06-30 16:37 27,776 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-06-30 16:37 143,360 --a------ C:\WINDOWS\system32\kemutb.dll
2007-06-30 16:37 d-------- C:\Program Files\Logitech
2007-06-30 16:37 d-------- C:\Program Files\Common Files\Logitech
2007-06-30 02:13 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-06-25 11:01 d-------- C:\Program Files\Jasc Software Inc
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-24 23:55:55 -------- d-----w C:\Program Files\Steam
2007-07-24 02:17:54 -------- d-----w C:\Program Files\Real
2007-07-24 02:17:17 -------- d-----w C:\Program Files\MSN Messenger
2007-07-24 01:12:11 -------- d-----w C:\Program Files\Warcraft III
2007-07-22 04:32:27 -------- d-----w C:\Program Files\Trend Micro
2007-07-19 02:04:35 -------- d-----w C:\Program Files\Lineage II
2007-07-17 22:53:39 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-17 06:07:35 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-17 06:07:32 88 --sha-r C:\WINDOWS\system32\CFE843F59C.sys
2007-07-13 22:36:37 -------- d-----w C:\Program Files\Yahoo!
2007-07-13 22:35:36 -------- d-----w C:\Program Files\FlashGet
2007-07-11 19:53:57 -------- d-----w C:\Program Files\DivX
2007-07-11 02:09:32 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-02 21:29:59 -------- d-----w C:\Program Files\iTunes
2007-07-02 21:29:53 -------- d-----w C:\Program Files\iPod
2007-07-02 21:29:14 -------- d-----w C:\Program Files\QuickTime
2007-07-01 00:26:20 -------- d-----w C:\Program Files\Viewpoint
2007-06-16 00:12:06 -------- d-----w C:\Program Files\Common Files\Corel
2007-06-16 00:11:37 -------- d-----w C:\Program Files\Corel
2007-06-13 02:00:54 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-06-13 02:00:50 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-13 01:52:00 1,126,328 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-06-06 00:50:00 -------- d-----w C:\Program Files\Veoh Networks
2007-06-04 22:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 22:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 22:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-17 03:17:30 1,162 ----a-w C:\DOCUME~1\Game\APPLIC~1\wklnhst.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 16:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-14 14:01]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 17:46 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 09:01]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48]
"NvMediaCenter"="NvMCTray.dll" [2005-07-08 21:57 C:\WINDOWS\system32\nvmctray.dll]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 14:50]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 02:00 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2005-11-08 10:30 C:\WINDOWS\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-17 23:00]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 18:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-30 16:40]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 16:15]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-30 16:37:40]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 23:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Game^Start Menu^Programs^Startup^Axis & Allies Registration.lnk]
path=C:\Documents and Settings\Game\Start Menu\Programs\Startup\Axis & Allies Registration.lnk
backup=C:\WINDOWS\pss\Axis & Allies Registration.lnkStartup
R0 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\WINDOWS\system32\DRIVERS\sbp2port.sys
R1 DLACDBHM;DLACDBHM;C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
R1 DLARTL_N;DLARTL_N;C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
R1 tmtdi;Trend Micro TDI Driver;C:\WINDOWS\system32\DRIVERS\tmtdi.sys
R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4;C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
R2 DLABOIOM;DLABOIOM;C:\WINDOWS\system32\DLA\DLABOIOM.SYS
R2 DLADResN;DLADResN;C:\WINDOWS\system32\DLA\DLADResN.SYS
R2 DLAIFS_M;DLAIFS_M;C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
R2 DLAOPIOM;DLAOPIOM;C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
R2 DLAPoolM;DLAPoolM;C:\WINDOWS\system32\DLA\DLAPoolM.SYS
R2 DLAUDF_M;DLAUDF_M;C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
R2 DLAUDFAM;DLAUDFAM;C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
R2 DRVNDDM;DRVNDDM;C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
R2 tmpreflt;tmpreflt;C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\drivers\TmXPFlt.sys
R2 vsapint;vsapint;C:\WINDOWS\system32\DRIVERS\vsapint.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
R3 npkcusb;npkcusb;\??\C:\Program Files\Lineage II\system\npkcusb.sys
R3 tmcfw;Trend Micro Common Firewall Service;C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
R3 usbaudio;USB Audio Driver (WDM);C:\WINDOWS\system32\drivers\usbaudio.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\C:\WINDOWS\system32\drivers\NSDriver.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 jgameenp;jgameenp;\??\C:\DOCUME~1\Game\LOCALS~1\Temp\jgameenp.sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1);C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
*Newly Created Service* - CATCHME
Contents of the 'Scheduled Tasks' folder
2007-07-18 20:27:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-25 01:01:02 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 18:45:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-24 18:46:30
C:\ComboFix-quarantined-files.txt ... 2007-07-24 18:45
C:\ComboFix2.txt ... 2007-07-24 18:01
--- E O F ---
and thank you for all your help so far.
bamajim
10.4K Posts
0
July 25th, 2007 01:00
Almost there
1. Rerun Hijackthis (scan only) and place a check beside the following entry
Close all other open windows except Hijackthis and Select " Fix checked"
Close Hijackthis ->> Reboot your PC
2. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
If you use Firefox browserUnder Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
If you use Opera browserClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
3. Please perform an Ewido Online Malware Scan
CastleCops Instructor
MRU Graduate
"The world is what you make of it"
username455
28 Posts
0
July 25th, 2007 02:00
Name: TrackingCookie.Revsci
Path: :mozilla.97:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: :mozilla.98:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: :mozilla.99:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Paypal
Path: :mozilla.109:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.121:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: :mozilla.122:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.129:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.133:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.134:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.136:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.137:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.138:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: :mozilla.143:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.153:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.154:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.155:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.156:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.157:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.161:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.162:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.163:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.164:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: :mozilla.170:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.173:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.174:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.175:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: :mozilla.178:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: :mozilla.179:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.196:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.197:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.198:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.199:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.200:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.201:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.202:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: :mozilla.204:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Cqcounter
Path: :mozilla.209:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.210:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.211:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.212:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.213:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.214:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.215:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.238:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.240:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.241:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.243:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: :mozilla.246:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: :mozilla.249:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: :mozilla.250:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: :mozilla.251:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: :mozilla.254:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: :mozilla.255:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Msn
Path: :mozilla.258:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Msn
Path: :mozilla.259:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Msn
Path: :mozilla.260:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Imrworldwide
Path: :mozilla.273:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Imrworldwide
Path: :mozilla.274:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Burstnet
Path: :mozilla.358:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Com
Path: :mozilla.371:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yadro
Path: :mozilla.681:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yadro
Path: :mozilla.682:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Cqcounter
Path: :mozilla.690:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Clickhype
Path: :mozilla.693:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Webtrends
Path: :mozilla.725:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Live
Path: :mozilla.741:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Live
Path: :mozilla.742:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Live
Path: :mozilla.743:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Burstbeacon
Path: :mozilla.766:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: Adware.PurityScan
Path: C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
Risk: Medium
Name: Hijacker.StartPage
Path: C:\QooBox\Quarantine\C\Program Files\Windows Media Player\qufaqyc.dll.vir
Risk: High
Name: Hijacker.StartPage
Path: C:\QooBox\Quarantine\C\Program Files\Windows Media Player\qufaqyc267.dll.vir
Risk: High
Name: Hijacker.StartPage
Path: C:\QooBox\Quarantine\C\Program Files\Windows Media Player\qufaqyc375.dll.vir
Risk: High
Name: Hijacker.StartPage
Path: C:\QooBox\Quarantine\C\Program Files\Windows Media Player\qufaqyc931.dll.vir
Risk: High
Name: Adware.TTC
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\B0\mwspasrt83122.exe.vir
Risk: Medium
Name: Downloader.Small.eqn
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\B1\wr730.exe.vir
Risk: High
Name: Downloader.VB.awj
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\b10FdUe\b10FdUe1099.exe.vir
Risk: High
Name: Adware.PurityScan
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\ICROSO~1\jаvaw.exe.vir
Risk: Medium
Name: Adware.PurityScan
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\isks.dll.vir
Risk: Medium
Name: Trojan.Small
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\wapisvit.exe.vir
Risk: High
Name: Adware.ZQuest
Path: C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir
Risk: Medium
Name: Rootkit.Agent.eq
Path: C:\SDFix\backups\backups.zip/backups/core.sys
Risk: High
username455
28 Posts
0
July 25th, 2007 02:00
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Game\Cookies\game@ssl-hints.netflame[1].txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: :mozilla.27:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Fastclick
Path: :mozilla.29:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.30:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.31:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.32:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.33:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.34:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.35:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.36:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.37:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.38:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: :mozilla.40:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: :mozilla.49:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: :mozilla.50:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Overture
Path: :mozilla.55:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: :mozilla.56:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: :mozilla.57:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.58:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.59:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.60:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.61:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.62:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.65:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.66:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.67:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.68:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.69:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Trafficmp
Path: :mozilla.74:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Trafficmp
Path: :mozilla.75:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.76:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.77:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.78:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.79:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.80:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: :mozilla.81:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.86:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.87:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.106:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.107:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.124:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.125:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.126:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.127:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.128:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.129:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: :mozilla.131:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: :mozilla.132:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.151:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.152:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.153:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: :mozilla.154:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: :mozilla.155:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: :mozilla.156:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Euroclick
Path: :mozilla.157:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.158:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.159:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.160:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.161:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Overture
Path: :mozilla.162:C:\Documents and Settings\Desiree\Application Data\Mozilla\Firefox\Profiles\1u8zvkh1.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Netflame
Path: :mozilla.7:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Netflame
Path: :mozilla.8:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: :mozilla.58:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.68:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.69:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.70:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.71:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.72:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.73:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.74:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.75:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.83:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.84:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.85:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.86:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.87:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.92:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.93:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.94:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: :mozilla.95:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: :mozilla.96:C:\Documents and Settings\Game\Application Data\Mozilla\Firefox\Profiles\ufoidd0e.default\cookies.txt
Risk: Medium
bamajim
10.4K Posts
0
July 25th, 2007 11:00
MRU Graduate
"The world is what you make of it"
username455
28 Posts
0
July 26th, 2007 22:00
here is the hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:56 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.7.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 8830 bytes
bamajim
10.4K Posts
0
July 27th, 2007 00:00
Glad to hear it. There are some things we can do to speed up start up. But first, we need to update 2 things
1. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Java Runtime Environment (JRE) 6.u2.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the " Download" button to the right.
Check the box that says: " Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u2-windowsi586-p.exe to install the newest version.
2. Visit Microsoft's Windows Update Site and download the latest operating system updates
Once done, let me see one more Hijackthis log and we will tweek it for speed
MRU Graduate
"The world is what you make of it"
username455
28 Posts
0
July 27th, 2007 21:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:27 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.7.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe