Smitfraud C.Core Service HELP ME
i have run my computer through spybot and my virus protection can't get rid of this trojan and im stuck. a new blank window keeps opening everytime i open a new internet explorer and a few blank black pages open as if i just typed 'run cmd'. i dont know what to do to get rid of this crap. i also have a few others like fastclick, hitbox, zedo, and doubleclick. also, all these role playing computer games keep popping up on their own even though i have pop up blocker on. can anyone help me with any of these. thanks so much in advance!!!
christina
christina
0
This discussion has been closed.
Comments
Please follow the steps listed here and post with the requested logs. Thanks!
http://icrontic.com/forum/showthread.php?t=43902
My original thread question: (Just to remind you of my issue: I can't get rid of smitfraud c.core services. i have run my computer through spybot and my virus protection can't get rid of this trojan and im stuck. a new blank window keeps opening everytime i open a new internet explorer and a few blank black pages open as if i just typed 'run cmd'. i dont know what to do to get rid of this crap. i also have a few others like fastclick, hitbox, zedo, and doubleclick. also, all these role playing computer games keep popping up on their own even though i have pop up blocker on.)
Thanks so much for accepting my issue and helping me. Okay, I went thru all the steps you told me to. The only problem I had was from Step 3, the panda activescan. My avast 4home edition (i already had this) wouldn't allow it to complete or get a final report but kapersky was fine. I already had zone alarm, spybot search & destroy, spyware blaster worked fine, ad-aware 2008 was the only one i could find from your link, 2007 wasn't available, atf cleaner worked well, i use windows defender and windows update as it says in step 6 and here is my kapersky report & HiJack this report. Thanks again for your future help! It is truly appreciated.
Christina
p.s. Just so you know, i purposely installed vnc so that my brother who is a computer geek can help me so if you see any of that in my reports, you can tell me to get rid of it if ya want and ill download it at a later time if i need it again. i think my main problem is smitfraud cuz even after i spybot the computer and fix that problem, it returns seconds later in another scan. spybot doesnt seem to be strong enuf to get rid of it on its own.
Kapersky:
Friday, June 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 27, 2008 05:31:57
Records in database: 887388
Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes
Scan area Critical Areas C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\STINA\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
Scan statistics Files scanned 101061 Threat name 3 Infected objects 3 Suspicious objects 0 Duration of the scan 01:10:39
File name Threat name Threats count C:\Program Files\RealVNC\VNC4\vncviewer.exeInfected: not-a-virus:RemoteAdmin.Win32.WinVNC.41
C:\Program Files\RealVNC\WinVNC\othread2.dllInfected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c1
C:\WINDOWS\Downloaded Program Files\popcaploader.dllInfected: not-a-virus:Downloader.Win32.PopCap.b1
The selected area was scanned.
Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:46, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v8\System\VC8SecS.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Virtual CD v8\System\VC8Play.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Virtual CD v8\System\VC8Tray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Yahoo2!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\GoToAssist\480\G2AProcessFactory.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080108
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080108
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {61844645-FE74-4096-8C73-ADFB71CD8177} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {98349B1E-6AA6-441B-8BE2-B87B63AE5204} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {F82BEAF3-2C5B-473C-9989-CE67B55AB9BF} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VC8Player] C:\Program Files\Virtual CD v8\System\VC8Play.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2305656147-443984162-2604755558-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'FRANK')
O4 - HKUS\S-1-5-21-2305656147-443984162-2604755558-1007\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'FRANK')
O4 - HKUS\S-1-5-21-2305656147-443984162-2604755558-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'FRANK')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-21-2305656147-443984162-2604755558-1007 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'FRANK')
O4 - S-1-5-21-2305656147-443984162-2604755558-1007 Startup: YPOPs.lnk = ? (User 'FRANK')
O4 - S-1-5-21-2305656147-443984162-2604755558-1007 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'FRANK')
O4 - S-1-5-21-2305656147-443984162-2604755558-1007 User Startup: YPOPs.lnk = ? (User 'FRANK')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Do&wnload by ReGet Pro - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Pro - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200127232859
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v8\System\VC8SecS.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 19523 bytes
If you need anything further, please email me back with a detailed request. Thanks again! and good luck
KASPERSKY ONLINE SCANNER 7 REPORT Friday, June 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 27, 2008 05:31:57
Records in database: 887388
Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes
Scan area Folder C:\
Scan statistics Files scanned 197141 Threat name 4 Infected objects 9 Suspicious objects 0 Duration of the scan 02:21:28
File name Threat name Threats count C:\Documents and Settings\STINA\Local Settings\Temp\Temporary Internet Files\Content.IE5\4KKMV1ON\vnc-3.3.7-x86_win32[1].exeInfected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c2
C:\Documents and Settings\STINA\My Documents\My Music\AUDIO SOUNDCLIPS\peewee\home.r00Infected: not-virus:BadJoke.Win32.JepRuss1
C:\Documents and Settings\STINA\My Documents\My Music\AUDIO SOUNDCLIPS\peewee\home.r01Infected: not-virus:BadJoke.Win32.JepRuss1
C:\Documents and Settings\STINA\My Documents\My Music\AUDIO SOUNDCLIPS\peewee\home.r02Infected: not-virus:BadJoke.Win32.JepRuss1
C:\Documents and Settings\STINA\My Documents\My Music\AUDIO SOUNDCLIPS\peewee\home.rarInfected: not-virus:BadJoke.Win32.JepRuss1
C:\Program Files\RealVNC\VNC4\vncviewer.exeInfected: not-a-virus:RemoteAdmin.Win32.WinVNC.41
C:\Program Files\RealVNC\WinVNC\othread2.dllInfected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c1
C:\WINDOWS\Downloaded Program Files\popcaploader.dllInfected: not-a-virus:Downloader.Win32.PopCap.b1
The selected area was scanned.
O2 - BHO: (no name) - {61844645-FE74-4096-8C73-ADFB71CD8177} - (no file)
O2 - BHO: (no name) - {98349B1E-6AA6-441B-8BE2-B87B63AE5204} - (no file)
O2 - BHO: (no name) - {F82BEAF3-2C5B-473C-9989-CE67B55AB9BF} - (no file)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
Close all other windows except HijackThis and press "Fix checked". Then close HijackThis and reboot the computer.
Next download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry... Please visit this webpage for download links, and instructions for running the tool:
A guide and tutorial on using ComboFix
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
A new HijackThis log.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
Hijack this report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:04, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v8\System\VC8SecS.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Virtual CD v8\System\VC8Play.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Virtual CD v8\System\VC8Tray.exe
C:\Program Files\Yahoo2!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080108
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VC8Player] C:\Program Files\Virtual CD v8\System\VC8Play.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Do&wnload by ReGet Pro - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Pro - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200127232859
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v8\System\VC8SecS.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 17667 bytes
ComboFix Report:
ComboFix 08-06-27.1 - STINA 2008-06-27 23:16:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2817 [GMT -4:00]
Running from: C:\Documents and Settings\STINA\My Documents\Downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM77dab1ec.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\ljhqoiwx.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\n3
C:\WINDOWS\system32\njpnvtqh.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tDfLlnpo.ini
C:\WINDOWS\system32\tDfLlnpo.ini2
C:\WINDOWS\system32\vtnfwphr.ini
C:\WINDOWS\system32\x4
C:\WINDOWS\system32\ytpwayof.ini
BITS: Possible infected sites
hxxp://picasaweb.google.com
hxxp://lh6.ggpht.com
hxxp://lh4.ggpht.com
hxxp://lh3.ggpht.com
hxxp://lh5.ggpht.com
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.
2008-06-27 23:22 . 2008-06-27 23:22 <DIR> d
C:\Temp\tn3
2008-06-27 03:13 . 2008-06-27 03:13 <DIR> d
C:\Program Files\Panda Security
2008-06-27 03:07 . 2008-06-27 03:07 <DIR> d
C:\Program Files\SpywareBlaster
2008-06-27 01:19 . 2008-06-27 01:19 <DIR> d
C:\Program Files\Lavasoft
2008-06-27 01:19 . 2008-06-27 01:22 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-20 19:32 . 2007-09-06 00:22 289,144 --a
C:\WINDOWS\system32\VCCLSID.exe
2008-06-20 19:32 . 2006-04-27 17:49 288,417 --a
C:\WINDOWS\system32\SrchSTS.exe
2008-06-20 19:32 . 2008-05-29 09:35 86,528 --a
C:\WINDOWS\system32\VACFix.exe
2008-06-20 19:32 . 2008-05-18 21:40 82,944 --a
C:\WINDOWS\system32\IEDFix.exe
2008-06-20 19:32 . 2008-06-15 15:28 81,920 --a
C:\WINDOWS\system32\IEDFix.C.exe
2008-06-20 19:32 . 2008-05-23 18:21 81,920 --a
C:\WINDOWS\system32\404Fix.exe
2008-06-20 19:32 . 2003-06-05 21:13 53,248 --a
C:\WINDOWS\system32\Process.exe
2008-06-20 19:32 . 2004-07-31 18:50 51,200 --a
C:\WINDOWS\system32\dumphive.exe
2008-06-20 19:32 . 2007-10-04 00:36 25,600 --a
C:\WINDOWS\system32\WS2Fix.exe
2008-06-20 13:46 . 2008-06-20 13:46 <DIR> d
C:\Documents and Settings\M2Minkies\Application Data\Ipswitch
2008-06-20 13:40 . 2008-06-20 13:40 6,130 --a
C:\WINDOWS\system32\tmp.reg
2008-06-20 13:05 . 2008-06-20 13:00 691,545 --a
C:\WINDOWS\unins000.exe
2008-06-20 13:05 . 2008-06-20 13:05 2,546 --a
C:\WINDOWS\unins000.dat
2008-06-20 12:46 . 2008-06-20 12:46 <DIR> d
C:\Documents and Settings\M2Minkies\Application Data\Talkback
2008-06-20 12:46 . 2008-06-20 12:47 <DIR> d
C:\Documents and Settings\M2Minkies\Application Data\StumbleUpon
2008-06-20 12:40 . 2008-01-07 22:00 <DIR> d
C:\Documents and Settings\M2Minkies\Application Data\Roxio
2008-06-20 12:40 . 2008-01-07 21:43 <DIR> d
C:\Documents and Settings\M2Minkies\Application Data\Intel
2008-06-20 12:40 . 2008-01-07 21:42 <DIR> d
C:\Documents and Settings\M2Minkies\Application Data\InstallShield
2008-06-20 12:40 . 2008-06-20 13:49 <DIR> d
C:\Documents and Settings\M2Minkies
2008-06-14 19:35 . 2006-05-20 16:16 1,184,984 --a
C:\WINDOWS\system32\wvc1dmod.dll
2008-06-13 12:00 . 2008-06-13 13:18 84 --a
C:\WINDOWS\cdplayer.ini
2008-06-10 19:39 . 2008-06-13 09:10 272,128
C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 19:39 . 2008-06-13 09:10 272,128
C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 08:57 . 2008-06-08 08:57 <DIR> d
C:\Documents and Settings\FRANK\Application Data\Viewpoint
2008-06-08 08:56 . 2008-06-08 08:56 <DIR> d
C:\Program Files\Viewpoint
2008-06-08 08:56 . 2008-06-08 08:56 <DIR> d
C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-30 07:43 . 2008-05-30 07:43 <DIR> d
C:\Documents and Settings\FRANK\Application Data\Thunderbird
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 03:04
d
w C:\Documents and Settings\FRANK\Application Data\Skype
2008-06-28 03:03
d
w C:\Program Files\YPOPs
2008-06-28 03:00
d
w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 20:01
d
w C:\Documents and Settings\FRANK\Application Data\skypePM
2008-06-27 05:18
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 22:49
d
w C:\Program Files\Mozilla Thunderbird
2008-06-21 00:00
d
w C:\Program Files\RealVNC
2008-06-20 17:11
d
w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 17:09
d
w C:\Program Files\Spybot - Search & Destroy
2008-06-17 00:22
d
w C:\Documents and Settings\FRANK\Application Data\LimeWire
2008-06-15 00:04
d
w C:\Documents and Settings\FRANK\Application Data\Vso
2008-06-14 23:50
d
w C:\Program Files\VSO
2008-06-10 01:21
d
w C:\Program Files\LimeWire
2008-05-25 05:11
d
w C:\Program Files\Google
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-14 14:16
d
w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 23:56
d
w C:\Documents and Settings\Friends & Family\Application Data\StumbleUpon
2008-05-12 17:05
d
w C:\Documents and Settings\Friends & Family\Application Data\Ipswitch
2008-05-11 22:19
d
w C:\Program Files\Cuckoo Clock 3D Screensaver
2008-05-11 21:43
d
w C:\Program Files\NCH Swift Sound
2008-05-11 21:43
d
w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-11 18:48
d
w C:\Program Files\Flag 3D Screensaver
2008-05-11 18:33
d
w C:\Program Files\Fireside Christmas 3D Screensaver
2008-05-11 18:27
d
w C:\Program Files\Fantasy Moon 3D Screensaver
2008-05-11 18:05
d
w C:\Program Files\Galleon 3D Screensaver
2008-05-11 18:01
d
w C:\Program Files\Spirit of Fire 3D Screensaver
2008-05-11 17:56
d
w C:\Program Files\Discovery 3D Screensaver
2008-05-11 17:52
d
w C:\Program Files\Deep Space 3D Screensaver
2008-05-11 17:52
d
w C:\Program Files\3Planesoft Screensaver Manager
2008-05-11 17:47
d
w C:\Program Files\Earth 3D Screensaver
2008-05-11 17:45
d
w C:\Program Files\Tropical Fish 3D Screensaver
2008-05-11 17:42
d
w C:\Program Files\Mayan Waterfall 3D Screensaver
2008-05-11 17:38
d
w C:\Program Files\Ancient Castle 3D Screensaver
2008-05-11 17:28
d
w C:\Program Files\Voyage of Columbus 3D Screensaver
2008-05-11 17:26
d
w C:\Program Files\Halloween 3D Screensaver
2008-05-11 17:21
d
w C:\Program Files\Nature 3D Screensaver
2008-05-11 17:20
d
w C:\Program Files\The One Ring 3D Screensaver
2008-05-11 17:14
d
w C:\Program Files\Lagoon 3D Screensaver
2008-05-11 16:32
d
w C:\Program Files\Koi Fish 3D Screensaver
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 08:10
d
w C:\Documents and Settings\STINA\Application Data\Skype
2008-05-04 07:25
d
w C:\Documents and Settings\STINA\Application Data\skypePM
2008-05-03 12:51
d
w C:\Documents and Settings\STINA\Application Data\Creative
2008-05-03 12:51
d
w C:\Documents and Settings\All Users\Application Data\Creative
2008-05-02 12:40
d
w C:\Program Files\PokerStars
2008-04-30 22:36
d
w C:\Program Files\Windows Defender
2008-04-30 15:03
d
w C:\Program Files\Common Files\Symantec Shared
2008-04-30 04:59
d
w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-30 02:46
d
w C:\Program Files\Trend Micro
2008-04-30 02:41 30,240 ----a-w C:\WINDOWS\system32\VRVD302.dll
2008-04-30 02:41 11,296 ----a-w C:\WINDOWS\system32\drivers\VRVD302.sys
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 05:21
d
w C:\Program Files\ReGetPro
2008-04-29 05:21
d
w C:\Program Files\EasyBiorhythmCalculator
2008-04-29 05:21
d
w C:\Program Files\Common Files\ReGet Shared
2008-04-29 05:14
d
w C:\Program Files\AquariaDemo
2008-04-29 05:11
d
w C:\Documents and Settings\FRANK\Application Data\Symantec
2008-04-29 02:06
d
w C:\Documents and Settings\STINA\Application Data\Symantec
2008-04-29 00:11
d
w C:\Documents and Settings\STINA\Application Data\StumbleUpon
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 23:46 87,608 ----a-w C:\Documents and Settings\FRANK\Application Data\inst.exe
2008-03-25 23:46 47,360 ----a-w C:\Documents and Settings\FRANK\Application Data\pcouffin.sys
2008-02-23 23:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-28 22:39 92,064 ----a-w C:\Documents and Settings\STINA\mqdmmdm.sys
2008-01-28 22:39 9,232 ----a-w C:\Documents and Settings\STINA\mqdmmdfl.sys
2008-01-28 22:39 79,328 ----a-w C:\Documents and Settings\STINA\mqdmserd.sys
2008-01-28 22:39 66,656 ----a-w C:\Documents and Settings\STINA\mqdmbus.sys
2008-01-28 22:39 6,208 ----a-w C:\Documents and Settings\STINA\mqdmcmnt.sys
2008-01-28 22:39 5,936 ----a-w C:\Documents and Settings\STINA\mqdmwhnt.sys
2008-01-28 22:39 4,048 ----a-w C:\Documents and Settings\STINA\mqdmcr.sys
2008-01-28 22:39 25,600 ----a-w C:\Documents and Settings\STINA\usbsermptxp.sys
2008-01-28 22:39 22,768 ----a-w C:\Documents and Settings\STINA\usbsermpt.sys
2008-01-16 17:30 60,968 ----a-w C:\Documents and Settings\STINA\GoToAssistDownloadHelper.exe
2008-01-12 10:10 5,761 ----a-w C:\Program Files\install.log
2007-03-17 20:12 303,104 ----a-w C:\Program Files\lame_enc.dll
2006-12-05 15:42 192,768 ----a-w C:\WINDOWS\inf\MA521_patch\MA521nd5.sys
2006-04-25 22:30 35,232 ----a-w C:\WINDOWS\inf\MA521_patch\ME_INST.EXE
2006-04-25 22:30 212,992 ----a-w C:\WINDOWS\inf\MA521_patch\CopyWHQLDriver.exe
2006-04-25 22:30 14,848 ----a-w C:\WINDOWS\inf\MA521_patch\INST2000.DLL
2008-01-08 01:44 76 --sh--r C:\WINDOWS\CT4CET.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 20:56 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 17:00 143360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 00:21 851968]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 04:03 8495104]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 04:03 81920]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-08-28 16:54 36864]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-03 15:57 1228800]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 18:32 823296]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 18:30 974848]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 18:43 118784]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 16:05 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-05-16 11:58 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 11:58 86960]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 11:00 1116920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 18:10 184320]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 09:03 17920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 20:57 16384]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-04-07 19:29 1106297]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-04-07 19:37 1827640]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-04-07 19:30 126976]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 12:06 11776]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-12 04:47 185632]
"VC8Player"="C:\Program Files\Virtual CD v8\System\VC8Play.exe" [2006-07-14 11:52 289912]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:34 3739648]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 11:58 213936]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 20:56 202544]
"nwiz"="nwiz.exe" [2007-11-17 04:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-11-17 04:03 86016 C:\WINDOWS\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-10 00:03 405504 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 20:48 434528]
C:\Documents and Settings\FRANK\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
YPOPs.lnk - C:\Program Files\YPOPs\YPOPs.exe [2008-03-10 14:14:28 1331200]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2008-02-29 17:57:11 118784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-07 21:42:30 50688]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 05:00:46 972064]
ymetray.lnk - C:\Program Files\Yahoo2!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 14:29:20 54512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-16 13:30 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Codemasters\\DiRT Demo\\DiRTDemo.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"=
"C:\\Program Files\\Steam\\steamapps\\sienadingo\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"C:\\Program Files\\Yahoo2!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Skype\\Plugins\\Plugins\\289650C9E52C40FE91D947C6D0EB72DA\\remotex.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ABP480N55;ABP480N55;C:\WINDOWS\system32\drivers\ABP480N55.sys [2008-04-27 19:00]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 12:35]
R1 vdrv8000;vdrv8000;C:\WINDOWS\system32\DRIVERS\vdrv8000.sys [2006-06-20 17:53]
R1 VRVD302;VRVD302;C:\WINDOWS\system32\DRIVERS\VRVD302.sys [2008-04-29 22:41]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 20:56]
R2 Viewpoint Service;Viewpoint Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2008-04-04 13:10]
R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 14:31]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 16:54]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 16:55]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []
S3 HHCDHelp.sys;HHCDHelp.sys;C:\WINDOWS\system32\drivers\HHCDHelp.sys [2006-04-25 18:20]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 18:06]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 03:25:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 23:23:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Other Running Processes
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Virtual CD v8\System\VC8SecS.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Virtual CD v8\System\vc8tray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-06-27 23:32:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-28 03:32:55
Pre-Run: 36,335,595,520 bytes free
Post-Run: 39,604,899,840 bytes free
324 --- E O F --- 2008-06-26 19:50:06
THANKS AGAIN CHIAZ!
Im kinda freaked out here cuz one of the profiles on this computer doesnt seem to be loading and it has all of my quickbook information for my company on it including emails, personal info, pictures etc. Is there something I can do to restore that invaluable information? Thanks
http://www.superantispyware.com/download.html
Install and update the scanner.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
Start the scanner, click "Scan your computer", mark the drives that you want to scan (in the left window). Select "Perform Complete Scan" (in the right window). Click "next"
The scanner will now start to scan. As soon as it has finished, you should mark everything that is found, and let the scanner fix it.
Reboot your computer. After reboot, open the scanner again. Click "preferences"-> "statistics/logs". Mark the log. Click "View log", and copy the content of this log into your next reply. Let's see how this goes then.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/30/2008 at 02:41 PM
Application Version : 4.15.1000
Core Rules Database Version : 3469
Trace Rules Database Version: 1460
Scan type : Quick Scan
Total Scan Time : 00:00:00
Memory items scanned : 0
Memory threats detected : 0
Registry items scanned : 0
Registry threats detected : 0
File items scanned : 1
File threats detected : 0
It was strange cuz the scan only took 1 second in safe mode and i dont want to do it in regular mode unless instructed. Please tell me what else I can do. Thanks again.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/30/2008 at 05:55 PM
Application Version : 4.15.1000
Core Rules Database Version : 3469
Trace Rules Database Version: 1460
Scan type : Complete Scan
Total Scan Time : 01:46:33
Memory items scanned : 162
Memory threats detected : 0
Registry items scanned : 8174
Registry threats detected : 6
File items scanned : 37270
File threats detected : 59
Rootkit.TNCore-Variant/A
HKLM\System\ControlSet001\Services\ABP480N55
C:\WINDOWS\SYSTEM32\DRIVERS\ABP480N55.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_ABP480N55
HKLM\System\ControlSet003\Services\ABP480N55
HKLM\System\ControlSet003\Enum\Root\LEGACY_ABP480N55
HKLM\System\CurrentControlSet\Services\ABP480N55
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ABP480N55
Adware.Tracking Cookie
C:\Documents and Settings\STINA\Cookies\stina@specificclick[1].txt
C:\Documents and Settings\STINA\Cookies\stina@atdmt[1].txt
C:\Documents and Settings\STINA\Cookies\stina@adopt.specificclick[1].txt
C:\Documents and Settings\STINA\Cookies\stina@ads2.blastro[1].txt
C:\Documents and Settings\STINA\Cookies\stina@ads.pointroll[1].txt
C:\Documents and Settings\STINA\Cookies\stina@ads4.blastro[2].txt
.adbrite.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.stats.paypal.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\FRANK\Application Data\Mozilla\Firefox\Profiles\da25plu5.default\cookies.txt ]
C:\Documents and Settings\FRANK\Cookies\frank@ads.addynamix[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@apmebf[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@www.ticketsnow[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@adopt.euroclick[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@ads.pointroll[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@realmedia[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@richmedia.yahoo[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@tracking.vindicosuite[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@bs.serving-sys[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@dmtracker[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@fastclick[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@media.adrevolver[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@thunderbolt.adjuggler[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@findarticles[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@adrevolver[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@ads.revsci[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@collective-media[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@adopt.specificclick[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@2o7[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@www.ticketsnow2[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@advertising[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@questionmarket[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@qnsr[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@tremor.adbureau[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@publishers.clickbooth[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@specificclick[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@adlegend[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@112.2o7[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@atdmt[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@www.findstuff[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@serving-sys[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@ads.restaurantica[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@anad.tacoda[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@cache.trafficmp[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@doubleclick[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@findwhat[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@homestore.122.2o7[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@insightexpressai[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@interclick[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@login.revenueloop[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@login.tracking101[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@revsci[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@roiservice[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@service.tremormedia[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@ticketsnow[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@trafficmp[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@tribalfusion[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@tripod[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@zedo[2].txt
.atwola.com [ C:\Documents and Settings\M2Minkies\Application Data\Mozilla\Firefox\Profiles\wjrgwylj.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\M2Minkies\Application Data\Mozilla\Firefox\Profiles\wjrgwylj.default\cookies.txt ]
ar.atwola.com [ C:\Documents and Settings\M2Minkies\Application Data\Mozilla\Firefox\Profiles\wjrgwylj.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.bizrate.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.bizrate.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.bravenet.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.discountmugs.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.discountmugs.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.divx.112.2o7.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.glb.adtechus.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.hearstmagazines.112.2o7.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.perf.overture.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.sharewellgroup.112.2o7.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.web-stat.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.webstat.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.webstat.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.webstat.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.web-stat.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
.web-stat.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
ar.atwola.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
link.mercent.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
www.mynortonaccount.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
www.mynortonaccount.com [ C:\Documents and Settings\STINA\Application Data\Mozilla\Firefox\Profiles\v9t4yuc9.default\cookies.txt ]
Rootkit.TNCore-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0039645.EXE
http://www.superantispyware.com
Generated 07/02/2008 at 09:39 PM
Application Version : 4.15.1000
Core Rules Database Version : 3469
Trace Rules Database Version: 1460
Scan type : Quick Scan
Total Scan Time : 00:18:45
Memory items scanned : 688
Memory threats detected : 0
Registry items scanned : 563
Registry threats detected : 1
File items scanned : 18779
File threats detected : 17
Rogue.AntiSpywareMaster
HKU\S-1-5-21-2305656147-443984162-2604755558-1007\Software\AntiSpywareMaster
Adware.Tracking Cookie
C:\Documents and Settings\FRANK\Cookies\frank@atwola[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@ads.pointroll[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@edge.ru4[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@bs.serving-sys[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@kontera[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@adopt.specificclick[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@advertising[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@glb.adtechus[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@247realmedia[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@atdmt[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@anat.tacoda[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@serving-sys[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@ar.atwola[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@interclick[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@revsci[2].txt
C:\Documents and Settings\FRANK\Cookies\frank@tacoda[1].txt
C:\Documents and Settings\FRANK\Cookies\frank@trafficmp[1].txt