lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Windows Anti-virus Pro, Cannot Open Applications

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Windows Anti-virus Pro, Cannot Open Applications




Reply
Page 3 of 4 12 3 4
 
Thread Tools
  #21  
Old 21st Aug 2009, 08:48
Moderator Group
  
Open HijackThis and select Do a system scan only

Vista users right click on HijackThis and select Run as Administrator. (you will receive a UAC prompt, please allow it)

Place a check mark next to the following entries: (if there)

O18 - Filter hijack: text/html - {d5f9f115-3932-427c-bf04-bd40ea91dc46} - C:\WINDOWS\mark_32.dll

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

----------

RootRepeal - Rootkit Detector

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.
__________________
  #22  
Old 21st Aug 2009, 16:23
Member Group
  
ComboFix 09-08-20.07 - Jackie 08/21/2009 17:11.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.217 [GMT -5:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jackie\Local Settings\Temporary Internet Files\inedipen.com
c:\documents and settings\Jackie\Local Settings\Temporary Internet Files\mitahepyro.dat
c:\documents and settings\Jackie\Local Settings\Temporary Internet Files\uselufyv.lib
c:\windows\Installer\12b2b6cd.msp
c:\windows\Installer\12b2b6d4.msp
c:\windows\Installer\12d9ce.msp
c:\windows\Installer\12d9d5.msp
c:\windows\Installer\131fef.msp
c:\windows\Installer\13b9c05.msp
c:\windows\Installer\13b9d13.msp
c:\windows\Installer\13b9d1a.msp
c:\windows\Installer\1ab3df6.msp
c:\windows\Installer\1ab3dfd.msp
c:\windows\Installer\1c4aec7.msp
c:\windows\Installer\1c4afd5.msp
c:\windows\Installer\1c4afdc.msp
c:\windows\Installer\240367f.msp
c:\windows\Installer\240378d.msp
c:\windows\Installer\2403794.msp
c:\windows\Installer\4c04367.msp
c:\windows\Installer\4c0436e.msp
c:\windows\Installer\51c5fc9.msp
c:\windows\Installer\51c5fd0.msp
c:\windows\Installer\6d38d2b.msp
c:\windows\Installer\6d38d32.msp
c:\windows\Installer\73bd36.msp
c:\windows\Installer\73be44.msp
c:\windows\Installer\73be4b.msp
c:\windows\Installer\85892b5.msp
c:\windows\Installer\85892bc.msp
c:\windows\Installer\a430cd7.msp
c:\windows\Installer\a430cde.msp
c:\windows\Installer\c0082.msp
c:\windows\Installer\c0089.msp
c:\windows\Installer\f69a63e.msp
c:\windows\Installer\f69a74c.msp
c:\windows\Installer\f69a753.msp
c:\windows\Installer\fbaa83.msp
c:\windows\Installer\fbab91.msp
c:\windows\Installer\fbab98.msp
c:\windows\system32\drivers\UACodofwnukxn.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\logs
c:\windows\system32\logs\{A009463D-2C7A-4B98-A1B6-12EEAE0922EF}.log
c:\windows\system32\UACcbqpvfcxvo.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjsxqqmdsqx.dll
c:\windows\system32\UACrngavindue.dll
c:\windows\system32\UACtkbfkpuyxe.dll
c:\windows\system32\UACubobqonxna.dll
c:\windows\UA000079.DLL
c:\windows\usen.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.
2009-08-20 21:49 . 2009-08-20 21:49 19715 ----a-w- c:\windows\system32\guha.exe
2009-08-20 21:49 . 2009-08-20 21:49 19255 ----a-w- c:\documents and settings\Jackie\Local Settings\Application Data\ujamuvuvy.bin
2009-08-20 21:49 . 2009-08-20 21:49 17196 ----a-w- c:\windows\uvefuc.bin
2009-08-20 21:49 . 2009-08-20 21:49 16686 ----a-w- c:\program files\Common Files\eqyb.vbs
2009-08-20 21:49 . 2009-08-20 21:49 15952 ----a-w- c:\windows\ytobegif.vbs
2009-08-20 21:49 . 2009-08-20 21:49 15946 ----a-w- c:\windows\system32\goniw.sys
2009-08-20 21:49 . 2009-08-20 21:49 13234 ----a-w- c:\documents and settings\Jackie\Application Data\ohoteriqat.sys
2009-08-20 21:49 . 2009-08-20 21:49 12834 ----a-w- c:\windows\efuvaboduf.bat
2009-08-13 01:24 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-13 01:23 . 2009-08-13 01:23 -------- d-----w- c:\program files\Panda Security
2009-08-13 00:07 . 2009-08-13 00:07 -------- d-s---w- C:\Combo-Fix
2009-08-11 19:27 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 13:01 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 13:01 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 21:44 . 2009-08-05 21:44 152576 ----a-w- c:\documents and settings\Frankie\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 00:20 . 2009-08-11 22:55 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-02 04:33 . 2009-08-02 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-02 04:33 . 2009-08-02 17:04 -------- d-----w- c:\program files\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-21 02:02 . 2009-04-17 03:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-21 01:57 . 2009-04-16 23:42 117760 ----a-w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-08-21 01:56 . 2009-04-16 23:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-21 01:54 . 2009-07-21 23:32 -------- d-----w- c:\program files\Shared
2009-08-20 21:49 . 2009-08-20 21:49 11643 ----a-w- c:\program files\Common Files\ijakopeniz.lib
2009-08-12 00:50 . 2006-04-05 02:18 -------- d-----w- c:\program files\Dell
2009-08-12 00:50 . 2006-04-05 02:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-11 04:31 . 2006-04-08 00:32 -------- d-----w- c:\program files\Dl_cats
2009-08-08 21:55 . 2008-01-14 07:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 21:44 . 2006-04-05 02:16 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2009-04-17 03:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-04-17 03:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 10:23 . 2009-01-13 23:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 15:44 . 2009-07-18 15:42 -------- d-----w- c:\program files\iTunes
2009-07-18 15:42 . 2009-07-18 15:42 -------- d-----w- c:\program files\iPod
2009-07-18 15:42 . 2008-01-19 05:43 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 15:26 . 2009-07-18 15:26 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 19:43 . 2006-04-05 02:32 -------- d-----w- c:\program files\McAfee
2009-07-12 19:23 . 2009-07-12 19:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 19:23 . 2009-04-16 23:41 -------- d-----w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com
2009-07-12 02:48 . 2009-04-19 04:21 -------- d-----w- c:\program files\Trend Micro
2009-07-11 22:43 . 2006-04-05 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-03 17:09 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 03:04 . 2006-05-07 16:37 -------- d-----w- c:\documents and settings\Jackie\Application Data\LimeWire
2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 12:36 . 2009-06-23 12:36 390664 ----a-w- c:\documents and settings\Jackie\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-21 03:31 . 2009-06-21 03:31 152576 ----a-w- c:\documents and settings\Jackie\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 18:05 . 2006-04-07 01:45 62504 ----a-w- c:\documents and settings\Jackie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-14 17:36 . 2009-06-14 17:36 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-14 17:36 . 2009-06-14 17:36 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-14 17:36 . 2009-06-14 17:36 129784 ------w- c:\windows\system32\pxafs.dll
2009-06-14 17:36 . 2009-06-14 17:36 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-06-14 17:36 . 2009-06-14 17:36 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-06-12 12:31 . 2004-08-10 17:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-10 18:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-10 17:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 17:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-12-19 23:17 . 2008-12-19 23:05 853860607 -c--a-w- c:\program files\ADBEPHSPCS4_LS1.7z
2008-12-19 23:05 . 2008-12-19 23:05 1228240 ----a-w- c:\program files\ADBEPHSPCS4_LS1.exe
2007-12-10 03:04 . 2007-09-16 15:39 88 --sha-r- c:\windows\system32\A4E934F6EB.sys
2006-06-06 03:00 . 2006-04-07 01:45 104 -csh--r- c:\windows\system32\EBF634E9A4.sys
2009-05-08 04:43 . 2006-04-07 01:45 8354 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2004-08-04 10:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\cache\beep.sys
c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2003-05-14 1847296]
"SSRunScript"="c:\program files\Support.com\Charter\bin\SSRunScript.exe" [2003-02-19 40960]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-09 36904]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-25 198160]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\DLCCtime.dll" [2005-06-07 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
c:\documents and settings\Jackie\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-7-31 385024]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-4 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-4 24576]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144900070\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144900070\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google Video\\gupload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\DLA\\DLACTRLW.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:https
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [8/12/2009 8:24 PM 28544]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs 0bbc.sys [11/12/2008 5:02 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.ex e [12/21/2008 2:43 PM 1086840]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-02 15:53]
2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-02 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://cccamera.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/barnyardinvasion/sis/slgwebinstall.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/ghbabeldeluxe/zylomplayer.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://cccamera.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 17:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-08-21 17:45
ComboFix-quarantined-files.txt 2009-08-21 22:45
ComboFix2.txt 2009-08-12 22:47
Pre-Run: 6,093,115,392 bytes free
Post-Run: 6,435,016,704 bytes free
330 --- E O F --- 2009-08-21 08:06



ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/21 18:03
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE543000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8AFD000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xED4AF000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: c:\windows\temp\mcmsc_6tqhclqbvyskfxn
Status: Allocation size mismatch (API: 4096, Raw: 0)
Path: c:\windows\temp\sqlite_ynj2fx0h4zepmol
Status: Allocation size mismatch (API: 4096, Raw: 0)
SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x82f9d330
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x82fb4148
#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x82fe6238
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x82fad600
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x82fe4e90
#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x82faf450
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x82fa8520
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x82f9d3a8
#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x82f9d240
#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x82f64ba8
#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x82f9d498
#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x82fae2a0
#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x82fe5468
#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x82f9d510
#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x82f61150
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x82f8b610
#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x82f9d420
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x82faf388
#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x82f9d588
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x82f9d2b8
Stealth Objects
-------------------
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x82b432b8 Size: 3400
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x82b43240 Size: 3520
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x82b431c8 Size: 3640
Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x82b5b3b0 Size: 421
Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x82b5b338 Size: 541
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82b5b2c0 Size: 661
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82b51470 Size: 2961
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x82b513f8 Size: 3081
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x82b51380 Size: 3201
Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82b3ffa8 Size: 88
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82b3ff30 Size: 208
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82b3feb8 Size: 328
Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82e93668 Size: 1182
Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82e935f0 Size: 1302
Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82e93578 Size: 1422
Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82e94e60 Size: 416
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82e94de8 Size: 536
Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82e94d70 Size: 656
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x82b54b58 Size: 1192
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x82b54ae0 Size: 1312
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82b54a68 Size: 1432
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82b57cf0 Size: 784
Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x82b57c78 Size: 904
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82b57c00 Size: 1024
Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x82b5c4b0 Size: 1213
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x82b5c438 Size: 1333
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x82b5c3c0 Size: 1453
Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x82b5fc00 Size: 493
Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x8278ecb0
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x82bd80d8
#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x827805c0
#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x828d1240
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x82bb8340
#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x8298f480
#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x82b8ab40
#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x82bc1b28
#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x82878c58
==EOF==
  #23  
Old 21st Aug 2009, 16:38
Moderator Group
  
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

File::
c:\windows\system32\guha.exe
c:\documents and settings\Jackie\Local Settings\Application Data\ujamuvuvy.bin
c:\windows\uvefuc.bin
c:\program files\Common Files\eqyb.vbs
c:\windows\ytobegif.vbs
c:\windows\system32\goniw.sys
c:\documents and settings\Jackie\Application Data\ohoteriqat.sys
c:\windows\efuvaboduf.bat

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"=-

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
  #24  
Old 21st Aug 2009, 19:19
Member Group
  
ComboFix 09-08-21.01 - Jackie 08/21/2009 20:38.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.136 [GMT -5:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jackie\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}
FILE ::
"c:\documents and settings\Jackie\Application Data\ohoteriqat.sys"
"c:\documents and settings\Jackie\Local Settings\Application Data\ujamuvuvy.bin"
"c:\program files\Common Files\eqyb.vbs"
"c:\windows\efuvaboduf.bat"
"c:\windows\system32\goniw.sys"
"c:\windows\system32\guha.exe"
"c:\windows\uvefuc.bin"
"c:\windows\ytobegif.vbs"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jackie\Application Data\ohoteriqat.sys
c:\documents and settings\Jackie\Local Settings\Application Data\ujamuvuvy.bin
c:\program files\Common Files\eqyb.vbs
c:\windows\efuvaboduf.bat
c:\windows\system32\goniw.sys
c:\windows\system32\guha.exe
c:\windows\uvefuc.bin
c:\windows\ytobegif.vbs
.
((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.
2009-08-21 22:58 . 2009-08-21 22:58 -------- d-----w- C:\RootRepeal
2009-08-13 01:24 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-13 01:23 . 2009-08-13 01:23 -------- d-----w- c:\program files\Panda Security
2009-08-13 00:07 . 2009-08-13 00:07 -------- d-s---w- C:\Combo-Fix
2009-08-11 19:27 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 13:01 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 13:01 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 21:44 . 2009-08-05 21:44 152576 ----a-w- c:\documents and settings\Frankie\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 00:20 . 2009-08-11 22:55 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-02 04:33 . 2009-08-02 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-02 04:33 . 2009-08-02 17:04 -------- d-----w- c:\program files\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-21 02:02 . 2009-04-17 03:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-21 01:57 . 2009-04-16 23:42 117760 ----a-w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-08-21 01:56 . 2009-04-16 23:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-21 01:54 . 2009-07-21 23:32 -------- d-----w- c:\program files\Shared
2009-08-20 21:49 . 2009-08-20 21:49 11643 ----a-w- c:\program files\Common Files\ijakopeniz.lib
2009-08-12 00:50 . 2006-04-05 02:18 -------- d-----w- c:\program files\Dell
2009-08-12 00:50 . 2006-04-05 02:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-11 04:31 . 2006-04-08 00:32 -------- d-----w- c:\program files\Dl_cats
2009-08-08 21:55 . 2008-01-14 07:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 21:44 . 2006-04-05 02:16 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2009-04-17 03:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-04-17 03:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 10:23 . 2009-01-13 23:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 15:44 . 2009-07-18 15:42 -------- d-----w- c:\program files\iTunes
2009-07-18 15:42 . 2009-07-18 15:42 -------- d-----w- c:\program files\iPod
2009-07-18 15:42 . 2008-01-19 05:43 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 15:26 . 2009-07-18 15:26 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 19:43 . 2006-04-05 02:32 -------- d-----w- c:\program files\McAfee
2009-07-12 19:23 . 2009-07-12 19:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 19:23 . 2009-04-16 23:41 -------- d-----w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com
2009-07-12 02:48 . 2009-04-19 04:21 -------- d-----w- c:\program files\Trend Micro
2009-07-11 22:43 . 2006-04-05 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-03 17:09 . 2004-08-10 17:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-30 03:04 . 2006-05-07 16:37 -------- d-----w- c:\documents and settings\Jackie\Application Data\LimeWire
2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 12:36 . 2009-06-23 12:36 390664 ----a-w- c:\documents and settings\Jackie\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-21 03:31 . 2009-06-21 03:31 152576 ----a-w- c:\documents and settings\Jackie\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 18:05 . 2006-04-07 01:45 62504 ----a-w- c:\documents and settings\Jackie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-14 17:36 . 2009-06-14 17:36 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-14 17:36 . 2009-06-14 17:36 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-14 17:36 . 2009-06-14 17:36 129784 ------w- c:\windows\system32\pxafs.dll
2009-06-14 17:36 . 2009-06-14 17:36 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-06-14 17:36 . 2009-06-14 17:36 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-06-12 12:31 . 2004-08-10 17:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-10 18:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-10 17:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 17:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-12-19 23:17 . 2008-12-19 23:05 853860607 -c--a-w- c:\program files\ADBEPHSPCS4_LS1.7z
2008-12-19 23:05 . 2008-12-19 23:05 1228240 ----a-w- c:\program files\ADBEPHSPCS4_LS1.exe
2007-12-10 03:04 . 2007-09-16 15:39 88 --sha-r- c:\windows\system32\A4E934F6EB.sys
2006-06-06 03:00 . 2006-04-07 01:45 104 -csh--r- c:\windows\system32\EBF634E9A4.sys
2009-05-08 04:43 . 2006-04-07 01:45 8354 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2004-08-04 10:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\cache\beep.sys
c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-21_22.37.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-04-06 22:04 . 2009-08-22 00:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-04-06 22:04 . 2009-08-21 19:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-04-06 22:04 . 2009-08-22 00:13 32768 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
- 2006-04-06 22:04 . 2009-08-21 19:20 32768 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2009-08-22 01:59 . 2009-08-22 01:59 4550 c:\windows\Temp\wrstemp\S-1-5-21-3095785160-4041922383-2734342379-501.dat
+ 2009-08-22 01:59 . 2009-08-22 01:59 4762 c:\windows\Temp\wrstemp\S-1-5-21-3095785160-4041922383-2734342379-500.dat
+ 2009-08-22 01:59 . 2009-08-22 01:59 5096 c:\windows\Temp\wrstemp\S-1-5-21-3095785160-4041922383-2734342379-1008.dat
+ 2009-08-22 01:59 . 2009-08-22 01:59 4634 c:\windows\Temp\wrstemp\S-1-5-21-3095785160-4041922383-2734342379-1007.dat
+ 2009-08-22 01:59 . 2009-08-22 01:59 4250 c:\windows\Temp\wrstemp\S-1-5-20.dat
+ 2009-08-22 01:59 . 2009-08-22 01:59 4182 c:\windows\Temp\wrstemp\S-1-5-19.dat
+ 2009-08-22 01:59 . 2009-08-22 01:59 3740 c:\windows\Temp\wrstemp\S-1-5-18.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2003-05-14 1847296]
"SSRunScript"="c:\program files\Support.com\Charter\bin\SSRunScript.exe" [2003-02-19 40960]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-09 36904]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-25 198160]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\DLCCtime.dll" [2005-06-07 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
c:\documents and settings\Jackie\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-7-31 385024]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-4 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-4 24576]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144900070\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144900070\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google Video\\gupload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\DLA\\DLACTRLW.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [8/12/2009 8:24 PM 28544]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs 0bbc.sys [11/12/2008 5:02 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-02 15:53]
2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-02 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://cccamera.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/barnyardinvasion/sis/slgwebinstall.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/ghbabeldeluxe/zylomplayer.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://cccamera.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 21:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2448)
c:\windows\system32\WININET.dll
c:\program files\SiteAdvisor\6172\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Webroot\WebrootSecurity\WRConsumerService.ex e
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
************************************************** ************************
.
Completion time: 2009-08-22 21:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-22 02:16
ComboFix2.txt 2009-08-21 22:45
ComboFix3.txt 2009-08-12 22:47
Pre-Run: 6,501,851,136 bytes free
Post-Run: 6,468,509,696 bytes free
307 --- E O F --- 2009-08-21 08:06
  #25  
Old 21st Aug 2009, 19:42
Moderator Group
  
Download, update and run a-squared Free edition

At the main menu, click Scan Now, there will be 4 options, choose Deep Scan and then click Scan

* If malware is found, click the button Remove Selected Malware
* If malware is found, select all found and click Quarantine selected objects
* Click Save Report. Save the report to somewhere convenient, such as your desktop
* Add the report as an attachment in your next post.
__________________
  #26  
Old 22nd Aug 2009, 11:23
Member Group
  
a-squared Free - Version 4.5
Last update: 8/22/2009 8:28:06 AM
Scan settings:
Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: Off
ADS Scan: On
Scan start: 8/22/2009 8:29:11 AM
c:\program files\viewpoint\viewpoint toolbar detected: Trace.Directory.Viewpoint Media Toolbar!A2
c:\program files\egames detected: Trace.Directory.Bling-O!A2
c:\documents and settings\jackie\start menu\programs\egames detected: Trace.Directory.Bling-O!A2
Value: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\zylom\Games\29\zgw --> dgfilename detected: Trace.Registry.GameFiesta Babel Deluxe!A2
c:\windows\downloaded program files\default.inf detected: Trace.File.iePlugin!A2
c:\program files\support.com\charter\bin\disablecaps.exe detected: Trace.File.Suspicious!A2
c:\program files\support.com\charter\bin\sdckill.exe detected: Trace.File.Suspicious!A2
c:\program files\support.com\charter\bin\shutdown.exe detected: Trace.File.Suspicious!A2
c:\program files\support.com\charter\bin\silentapp.exe detected: Trace.File.Suspicious!A2
c:\program files\support.com\charter\bin\ssrunscript.exe detected: Trace.File.Suspicious!A2
Key: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\software\kazaa detected: Trace.Registry.KaZaA!A2
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run --> ssrunscript detected: Trace.Registry.Suspicious!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> SearchBar detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Viewpoint\Content Debugger --> SearchBar detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> SearchBar detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> Viewbar Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Viewpoint\Content Debugger --> Viewbar Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> Viewbar Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> Viewpoint Manager detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> Viewpoint Manager detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Viewpoint\Content Debugger --> Viewpoint Photos Device Detect detected: Trace.Registry.Viewpoint Media Toolbar!A2
C:\Documents and Settings\Jackie\Cookies\jackie@2o7[2].txt detected: Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\Jackie\Cookies\jackie@7search[2].txt detected: Trace.TrackingCookie.7search!A2
C:\Documents and Settings\Jackie\Cookies\jackie@about[2].txt detected: Trace.TrackingCookie.about!A2
C:\Documents and Settings\Jackie\Cookies\jackie@advertising[2].txt detected: Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\Jackie\Cookies\jackie@atdmt[1].txt detected: Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Jackie\Cookies\jackie@bs.serving-sys[1].txt detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Jackie\Cookies\jackie@cms.springboard.gor illanation[1].txt detected: Trace.TrackingCookie.cms!A2
C:\Documents and Settings\Jackie\Cookies\jackie@comingsoon[2].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@community.babycente r[1].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@community.babycente r[2].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@community.babycente r[3].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@community.babycente r[5].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@computer-juice[1].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@computer-juice[2].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@computer-juice[4].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@data.coremetrics[1].txt detected: Trace.TrackingCookie.data.coremetrics!A2
C:\Documents and Settings\Jackie\Cookies\jackie@doubleclick[1].txt detected: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Jackie\Cookies\jackie@fastclick[2].txt detected: Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\Jackie\Cookies\jackie@mediaplex[2].txt detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Jackie\Cookies\jackie@questionmarket[1].txt detected: Trace.TrackingCookie.questionmarket!A2
C:\Documents and Settings\Jackie\Cookies\jackie@rubiconproject[1].txt detected: Trace.TrackingCookie.rub!A2
C:\Documents and Settings\Jackie\Cookies\jackie@serving-sys[1].txt detected: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Jackie\Cookies\jackie@specificclick[1].txt detected: Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\Jackie\Cookies\jackie@tribalfusion[2].txt detected: Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\Jackie\Cookies\jackie@webtrends.chase[1].txt detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Jackie\Cookies\jackie@www.comingsoon[1].txt detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@www.computer-juice[1].txt detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@www.computer-juice[3].txt detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524000 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524001 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524003 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524005 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524006 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524007 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321093921001 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321093921002 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321097671000 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321098171001 detected: Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321100593000 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321100593001 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321513312000 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247366721875000 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247366721875001 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247366721875002 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247366721875003 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247366758984000 detected: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247367936281002 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247367936281003 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\All Users\Documents\My Music\04 Track 4 (wedding).wma detected: Trojan.Wimad.A!IK
C:\Documents and Settings\All Users\Documents\My Music\05 Track 5 (wedding).wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\bells church may you made me love you al jolsen willows ring.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\groove friend my beach wedding march armada.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\pavlos suses babey bobby vee.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\porno when i feel the sea taj mahal.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\rondeau in c minor danielle derek.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\youre beautiful instrumental 睳皇.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\04 Track 4 (wedding).wma detected: Trojan.Wimad.A!IK
C:\Documents and Settings\Jackie\My Documents\My Music\05 Track 5 (wedding).wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\bells church may you made me love you al jolsen willows ring.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\groove friend my beach wedding march armada.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\pavlos suses babey bobby vee.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\porno when i feel the sea taj mahal.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\rondeau in c minor danielle derek.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\Step Brothers.2008.DVDRip.XviD.avi detected: Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\My Documents\My Music\youre beautiful instrumental 睳皇.wma detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\Shared\bruce lee song.mp3 detected: Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\bruce lee.mp3 detected: Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\Shared\danger on tracks - greatest hits.mp3 detected: Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\django.mp3 detected: Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\Froglegs - Ice Hockey Star.mp3 detected: Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\Murder By Death - You Are The Last Dragon (You Possess The Power Of The Glow).mp3 detected: Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\no retreat surrender.mp3 detected: Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\pirate jenny.wma detected: Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\Step Brothers.2008.DVDRip.XviD.avi detected: Trojan-Downloader.WMA.GetCodec!IK
C:\Qoobox\Quarantine\C\Documents and Settings\Jackie\Application Data\ohoteriqat.sys.vir detected: Trojan.Trash!IK
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UA Codofwnukxn.sys.vir detected: Trojan.Trash!IK
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_U ACodofwnukxn_.sys.zip/UACodofwnukxn.sys detected: Rootkit!IK
C:\Qoobox\Quarantine\C\WINDOWS\system32\goniw.sys. vir detected: Trojan.Trash!IK
C:\Qoobox\Quarantine\C\WINDOWS\system32\guha.exe.v ir detected: Trojan.Trash!IK
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0012133.sys detected: Trojan.Trash!IK
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0012380.sys detected: Trojan.Trash!IK
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0012383.sys detected: Trojan.Trash!IK
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0012384.exe detected: Trojan.Trash!IK
Scanned
Files: 225611
Traces: 677076
Cookies: 702
Processes: 51
Found
Files: 35
Traces: 24
Cookies: 50
Processes: 0
Registry keys: 0
Scan end: 8/22/2009 11:53:17 AM
Scan time: 3:24:06
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_U ACodofwnukxn_.sys.zip/UACodofwnukxn.sys Quarantined Rootkit!IK
C:\Qoobox\Quarantine\C\Documents and Settings\Jackie\Application Data\ohoteriqat.sys.vir Quarantined Trojan.Trash!IK
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UA Codofwnukxn.sys.vir Quarantined Trojan.Trash!IK
C:\Qoobox\Quarantine\C\WINDOWS\system32\goniw.sys. vir Quarantined Trojan.Trash!IK
C:\Qoobox\Quarantine\C\WINDOWS\system32\guha.exe.v ir Quarantined Trojan.Trash!IK
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0012133.sys Quarantined Trojan.Trash!IK
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0012380.sys Quarantined Trojan.Trash!IK
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0012383.sys Quarantined Trojan.Trash!IK
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0012384.exe Quarantined Trojan.Trash!IK
C:\Documents and Settings\Jackie\My Documents\My Music\Step Brothers.2008.DVDRip.XviD.avi Quarantined Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\bruce lee song.mp3 Quarantined Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\danger on tracks - greatest hits.mp3 Quarantined Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\django.mp3 Quarantined Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\Froglegs - Ice Hockey Star.mp3 Quarantined Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\Murder By Death - You Are The Last Dragon (You Possess The Power Of The Glow).mp3 Quarantined Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\no retreat surrender.mp3 Quarantined Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\pirate jenny.wma Quarantined Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\Jackie\Shared\Step Brothers.2008.DVDRip.XviD.avi Quarantined Trojan-Downloader.WMA.GetCodec!IK
C:\Documents and Settings\All Users\Documents\My Music\05 Track 5 (wedding).wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\bells church may you made me love you al jolsen willows ring.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\groove friend my beach wedding march armada.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\pavlos suses babey bobby vee.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\porno when i feel the sea taj mahal.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\rondeau in c minor danielle derek.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\youre beautiful instrumental 睳皇.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\05 Track 5 (wedding).wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\bells church may you made me love you al jolsen willows ring.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\groove friend my beach wedding march armada.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\pavlos suses babey bobby vee.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\porno when i feel the sea taj mahal.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\rondeau in c minor danielle derek.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\My Documents\My Music\youre beautiful instrumental 睳皇.wma Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\Jackie\Shared\bruce lee.mp3 Quarantined Trojan-Downloader.WMA.Wimad!IK
C:\Documents and Settings\All Users\Documents\My Music\04 Track 4 (wedding).wma Quarantined Trojan.Wimad.A!IK
C:\Documents and Settings\Jackie\My Documents\My Music\04 Track 4 (wedding).wma Quarantined Trojan.Wimad.A!IK
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247366758984000 Quarantined Trace.TrackingCookie.statse.webtrendslive!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321100593000 Quarantined Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321100593001 Quarantined Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321098171001 Quarantined Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321097671000 Quarantined Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247366721875000 Quarantined Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247366721875001 Quarantined Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247366721875002 Quarantined Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247366721875003 Quarantined Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524000 Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524001 Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524003 Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524005 Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524006 Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247095175524007 Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@www.comingsoon[1].txt Quarantined Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@www.computer-juice[1].txt Quarantined Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@www.computer-juice[3].txt Quarantined Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321093921001 Quarantined Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321093921002 Quarantined Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247321513312000 Quarantined Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247367936281002 Quarantined Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kc05umqb.default\coo kies.sqlite:1247367936281003 Quarantined Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@webtrends.chase[1].txt Quarantined Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Jackie\Cookies\jackie@tribalfusion[2].txt Quarantined Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\Jackie\Cookies\jackie@specificclick[1].txt Quarantined Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\Jackie\Cookies\jackie@serving-sys[1].txt Quarantined Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Jackie\Cookies\jackie@rubiconproject[1].txt Quarantined Trace.TrackingCookie.rub!A2
C:\Documents and Settings\Jackie\Cookies\jackie@questionmarket[1].txt Quarantined Trace.TrackingCookie.questionmarket!A2
C:\Documents and Settings\Jackie\Cookies\jackie@mediaplex[2].txt Quarantined Trace.TrackingCookie.media!A2
C:\Documents and Settings\Jackie\Cookies\jackie@fastclick[2].txt Quarantined Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\Jackie\Cookies\jackie@doubleclick[1].txt Quarantined Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Jackie\Cookies\jackie@data.coremetrics[1].txt Quarantined Trace.TrackingCookie.data.coremetrics!A2
C:\Documents and Settings\Jackie\Cookies\jackie@comingsoon[2].txt Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@community.babycente r[1].txt Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@community.babycente r[2].txt Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@community.babycente r[3].txt Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@community.babycente r[5].txt Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@computer-juice[1].txt Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@computer-juice[2].txt Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@computer-juice[4].txt Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Jackie\Cookies\jackie@cms.springboard.gor illanation[1].txt Quarantined Trace.TrackingCookie.cms!A2
C:\Documents and Settings\Jackie\Cookies\jackie@bs.serving-sys[1].txt Quarantined Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Jackie\Cookies\jackie@atdmt[1].txt Quarantined Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Jackie\Cookies\jackie@advertising[2].txt Quarantined Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\Jackie\Cookies\jackie@about[2].txt Quarantined Trace.TrackingCookie.about!A2
C:\Documents and Settings\Jackie\Cookies\jackie@7search[2].txt Quarantined Trace.TrackingCookie.7search!A2
C:\Documents and Settings\Jackie\Cookies\jackie@2o7[2].txt Quarantined Trace.TrackingCookie.2o7!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> SearchBar Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Viewpoint\Content Debugger --> SearchBar Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> SearchBar Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> Viewbar Installer Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Viewpoint\Content Debugger --> Viewbar Installer Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> Viewbar Installer Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> Viewpoint Manager Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> Viewpoint Manager Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Viewpoint\Content Debugger --> Viewpoint Photos Device Detect Quarantined Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run --> ssrunscript Quarantined Trace.Registry.Suspicious!A2
Key: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\software\kazaa Quarantined Trace.Registry.KaZaA!A2
c:\program files\support.com\charter\bin\disablecaps.exe Quarantined Trace.File.Suspicious!A2
c:\program files\support.com\charter\bin\sdckill.exe Quarantined Trace.File.Suspicious!A2
c:\program files\support.com\charter\bin\shutdown.exe Quarantined Trace.File.Suspicious!A2
c:\program files\support.com\charter\bin\silentapp.exe Quarantined Trace.File.Suspicious!A2
c:\program files\support.com\charter\bin\ssrunscript.exe Quarantined Trace.File.Suspicious!A2
c:\windows\downloaded program files\default.inf Quarantined Trace.File.iePlugin!A2
Value: HKEY_USERS\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\zylom\Games\29\zgw --> dgfilename Quarantined Trace.Registry.GameFiesta Babel Deluxe!A2
c:\program files\egames Quarantined Trace.Directory.Bling-O!A2
c:\documents and settings\jackie\start menu\programs\egames Quarantined Trace.Directory.Bling-O!A2
c:\program files\viewpoint\viewpoint toolbar Quarantined Trace.Directory.Viewpoint Media Toolbar!A2
Quarantined
Files: 35
Traces: 24
Cookies: 48
  #27  
Old 22nd Aug 2009, 13:26
Moderator Group
  
How is the computer running now?
__________________
  #28  
Old 22nd Aug 2009, 21:12
Member Group
  
Seems to be working just fine.
  #29  
Old 22nd Aug 2009, 22:39
Moderator Group
  
Let's try finishing up again.

  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.

.
  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.


----------

Make sure all of your security programs are up to date and run scans with them regularly.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
  #30  
Old 22nd Aug 2009, 23:07
Member Group
  
Great! I can't thank you enough for all your help - you really do provide a great service here. Thanks again!
Reply
Page 3 of 4 12 3 4

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.