Computer Hope
Software => Computer viruses and spyware => Topic started by: miolner1 on September 06, 2010, 01:45:23 PM
-
Hello to all,
Hello to all,
I have a niggling little problem with my yahoo msg that will not open : it will basically kick me back each time to the signon screen and leave me there. Now this situation did not arise before and yahoo msg would pretty much open by itself and I had the option to close the programupon auto opening. All was working fine up till a few days ago and now I have no idea what is going on .....I provided a log here to help you guys have a look at the opening events and if there is some issue with a firewall or two as thats what the yahoo msg will show in an error msg box upon retry of opening the program...what gets me is that its possibly something really small but pesky all the same thats causing this problem ....I will let you see if you can see anything wrong and maybe instruct me on how to fix it .....again much appreciation to you all if we can sort this one out
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:47 PM, on 9/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\ISPCOMP\InstallService.exe
C:\Program Files\Common Files\AOL\1217722696\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Netscape Internet Service\NSClient.exe
C:\Program Files\Netscape Internet Service\_NSWatchman.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1217722696\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {b969d37f-881d-44de-b227-c44e633b7c2c} - C:\WINDOWS\default32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
******************************************
I strongly recommend that you remove Ask from your computer because it;
•Promotes its toolbars on sites targeted to kids.
•Promotes its toolbars through ads that appear to be part of other companies' sites.
•Promotes its toolbars through other companies' spyware.
•Installs without any disclosure whatsoever and without any consent whatsoever.
•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See Here (http://www.benedelman.org/spyware/ask-toolbars/) for more info.
If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.
•AskBarDis or anything related to Ask
Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
******************************************
C:\Program Files\alot is a malicious program and should also be un-installed.
****************************************************
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
**************************************
According to your log, your Anti-Virus (AVG) is out-of-date. Please update it before running these next scans.
************************************
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here (http://www.malwarebytes.org/mbam/program/mbam-setup.exe).
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Okay, here is the first log as requested...again thanks for putting in the time to help me resolve this issue.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4558
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/6/2010 9:11:04 PM
mbam-log-2010-09-06 (21-11-04).txt
Scan type: Quick scan
Objects scanned: 142432
Time elapsed: 16 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CONNECT (Trojan.PornDialer) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\User\My Documents\downloads\install_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Favorites\Antivirus Scan.URL (Rogue.Link) -> Quarantined and deleted successfully.
-
and the second log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/06/2010 at 08:18 PM
Application Version : 4.42.1000
Core Rules Database Version : 5461
Trace Rules Database Version: 3273
Scan type : Complete Scan
Total Scan Time : 02:03:50
Memory items scanned : 561
Memory threats detected : 0
Registry items scanned : 6824
Registry threats detected : 9
File items scanned : 72754
File threats detected : 1026
Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][4].txt
C:\Documents and Settings\User\Cookies\[email protected][4].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@123stat[2].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][4].txt
C:\Documents and Settings\User\Cookies\user@insightexpressai[8].txt
C:\Documents and Settings\User\Cookies\user@imrworldwide[1].txt
C:\Documents and Settings\User\Cookies\user@tacoda[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][8].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@media6degrees[3].txt
C:\Documents and Settings\User\Cookies\user@adbrite[2].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\user@specificmedia[3].txt
C:\Documents and Settings\User\Cookies\user@yieldmanager[3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@fastclick[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@gaypornblog[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@discountanabolics[2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@thefind[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@ru4[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][5].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@adecn[4].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@adxpose[1].txt
C:\Documents and Settings\User\Cookies\user@invitemedia[1].txt
C:\Documents and Settings\User\Cookies\user@tribalfusion[2].txt
C:\Documents and Settings\User\Cookies\user@smileycentral[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@clickshift[1].txt
C:\Documents and Settings\User\Cookies\user@atdmt[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@advertising[1].txt
C:\Documents and Settings\User\Cookies\user@azjmp[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@dmtracker[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@doubleclick[3].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@interclick[5].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@adlegend[2].txt
C:\Documents and Settings\User\Cookies\user@asianteenpictureclub[1].txt
C:\Documents and Settings\User\Cookies\user@atwola[8].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@legolas-media[1].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@2o7[1].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@serving-sys[1].txt
C:\Documents and Settings\User\Cookies\[email protected][5].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\user@fastclick[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@checkstat[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@espnmediazone3[1].txt
C:\Documents and Settings\User\Cookies\user@findarticles[1].txt
C:\Documents and Settings\User\Cookies\user@pro-market[1].txt
C:\Documents and Settings\User\Cookies\user@adtech[1].txt
C:\Documents and Settings\User\Cookies\user@trackalyzer[1].txt
C:\Documents and Settings\User\Cookies\user@roiservice[1].txt
C:\Documents and Settings\User\Cookies\user@w3track[2].txt
C:\Documents and Settings\User\Cookies\[email protected][6].txt
C:\Documents and Settings\User\Cookies\user@pornhub[1].txt
C:\Documents and Settings\User\Cookies\user@clickbank[1].txt
C:\Documents and Settings\User\Cookies\[email protected][5].txt
C:\Documents and Settings\User\Cookies\user@tripod[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@burstnet[2].txt
C:\Documents and Settings\User\Cookies\user@sextracker[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@andomedia[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@adult[2].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][4].txt
C:\Documents and Settings\User\Cookies\user@eyewonder[2].txt
C:\Documents and Settings\User\Cookies\user@trafficregenerator[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@discountsupplements[1].txt
C:\Documents and Settings\User\Cookies\user@amex-insights[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@lockedonmedia[3].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@bizrate[3].txt
C:\Documents and Settings\User\Cookies\user@adultadworld[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@asianmedia[2].txt
C:\Documents and Settings\User\Cookies\user@mediav[1].txt
C:\Documents and Settings\User\Cookies\user@bravenet[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@invitemedia[4].txt
C:\Documents and Settings\User\Cookies\user@xiti[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@spylog[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@publicrecordfinder[1].txt
C:\Documents and Settings\User\Cookies\user@adinterax[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][4].txt
C:\Documents and Settings\User\Cookies\user@publicsexjapan[1].txt
C:\Documents and Settings\User\Cookies\user@smartadserver[2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@intermundomedia[2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@tradedoubler[2].txt
C:\Documents and Settings\User\Cookies\[email protected][6].txt
C:\Documents and Settings\User\Cookies\user@mediabum[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@mediaforgews[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\user@qksrv[2].txt
C:\Documents and Settings\User\Cookies\user@myroitracking[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@click2go[2].txt
C:\Documents and Settings\User\Cookies\[email protected][8].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@steelhousemedia[2].txt
C:\Documents and Settings\User\Cookies\user@tubepornvidz[2].txt
C:\Documents and Settings\User\Cookies\user@clickz[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][7].txt
C:\Documents and Settings\User\Cookies\user@porn[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@kanoodle[2].txt
C:\Documents and Settings\User\Cookies\user@trafficmp[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@lfstmedia[2].txt
C:\Documents and Settings\User\Cookies\user@apmebf[6].txt
C:\Documents and Settings\User\Cookies\user@weborama[1].txt
C:\Documents and Settings\User\Cookies\user@qnsr[1].txt
C:\Documents and Settings\User\Cookies\[email protected][6].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@revsci[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@kontera[2].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@accountingblock[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@collective-media[4].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\user@bluestreak[2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@tacoda[2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@sanmateocountyfair[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@lucidmedia[1].txt
C:\Documents and Settings\User\Cookies\user@adecn[6].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\user@specificclick[10].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@toplist[2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@liveperson[2].txt
C:\Documents and Settings\User\Cookies\user@discountfact[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@adultdvdtalk[1].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\user@liveperson[10].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@pointroll[2].txt
C:\Documents and Settings\User\Cookies\user@adxpansion[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@mediaforge[1].txt
C:\Documents and Settings\User\Cookies\user@liveperson[3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@liveperson[9].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@traveladvertising[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@pornadept[1].txt
C:\Documents and Settings\User\Cookies\user@backcountry[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@liveperson[6].txt
C:\Documents and Settings\User\Cookies\user@mediadakine[1].txt
C:\Documents and Settings\User\Cookies\user@byuaccounting[2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@revenue[2].txt
C:\Documents and Settings\User\Cookies\user@kleankanteen[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected]*censored*-mall[1].txt
C:\Documents and Settings\User\Cookies\user@gradimages[2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@sexasian18[2].txt
C:\Documents and Settings\User\Cookies\user@dealtime[1].txt
C:\Documents and Settings\User\Cookies\user@liveperson[7].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@naiadsystems[1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\user@specificmedia[8].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@linksynergy[1].txt
C:\Documents and Settings\User\Cookies\user@shefinds[2].txt
C:\Documents and Settings\User\Cookies\user@pornvidzz[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@edgeadx[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@peoplefinders[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@statcounter[4].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@yadro[1].txt
C:\Documents and Settings\User\Cookies\user@porn234[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@liveperson[5].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@nextag[3].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@wawporn[1].txt
C:\Documents and Settings\User\Cookies\user@2o7[2].txt
C:\Documents and Settings\User\Cookies\user@superstats[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@mediabrandsww[1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@pornordie[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\user@webstat[2].txt
C:\Documents and Settings\User\Cookies\user@accountancyagejobs[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@liveperson[1].txt
C:\Documents and Settings\User\Cookies\user@realmedia[1].txt
C:\Documents and Settings\User\Cookies\user@discountdance[1].txt
C:\Documents and Settings\User\Cookies\[email protected][10].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\user@insightexpressai[5].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@www.*censored*[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@liveperson[11].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@adxpansion[2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@fortunecity[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@everglowmedia[1].txt
C:\Documents and Settings\User\Cookies\user@petfinder[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@webpower[1].txt
C:\Documents and Settings\User\Cookies\user@liveperson[8].txt
C:\Documents and Settings\User\Cookies\[email protected][11].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\user@homeinsight[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@lynxtrack[1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][5].txt
C:\Documents and Settings\User\Cookies\user@adultdvdpacific[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@mediablvd[1].txt
C:\Documents and Settings\User\Cookies\[email protected][10].txt
C:\Documents and Settings\User\Cookies\[email protected][5].txt
C:\Documents and Settings\User\Cookies\user@adultfriendfinder[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@porndad[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@*censored*[1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@accountonline[1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@liveperson[4].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@elitechoice[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@greentechmedia[1].txt
C:\Documents and Settings\User\Cookies\user@*censored*.122.2o7[1].txt
C:\Documents and Settings\User\Cookies\[email protected][6].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@popularscreensavers[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@chitika[5].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][7].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][9].txt
C:\Documents and Settings\User\Cookies\user@adbrite[1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][6].txt
C:\Documents and Settings\User\Cookies\[email protected][9].txt
C:\Documents and Settings\User\Cookies\user@hornymatches[2].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@accountemps[1].txt
C:\Documents and Settings\User\Cookies\user@casalemedia[2].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\user@accounting-financial-tax[1].txt
C:\Documents and Settings\User\Cookies\user@teenbodybuilding[1].txt
C:\Documents and Settings\User\Cookies\user@dancediscount[2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\user@hitbox[1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user@vcdiscounter[1].txt
C:\Documents and Settings\User\Cookies\[email protected]
C:\Documents and Settings\User\Cookies\user@pornvisit[1].txt
C:\Documents and Settings\User\Cookies\[email protected][4].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
a.ads2.msads.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
adbureau.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
ads1.msn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
ads2.msads.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
ads2.msn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
b.ads2.msads.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
bbca.channelfinder.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
cdn2.invitemedia.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
cdn4.specificclick.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
convoad.technoratimedia.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
core.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
ds.serving-sys.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
ec.atdmt.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
ia.media-imdb.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
insight.randomhouse.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
interclick.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
m1.2mdn.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
macromedia.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media-cdn.pictela.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media-macys2.pictela.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media-mars.pictela.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media.jambocast.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media.mtvnservices.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media.mtvu.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media.nbcsandiego.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media.onsugar.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media.podaddies.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media.resulthost.org [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media.scanscout.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media.tattomedia.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media.thewb.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media01.kyte.tv [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media1.break.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
media10.washingtonpost.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
mediaforgews.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
msnbcmedia.msn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
msntest.serving-sys.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
naiadsystems.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
objects.tremormedia.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
opti.21mediaentertainment.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
richmedia247.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
s0.2mdn.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
sb3nru46o30.members.idols69.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
secure-uk.imrworldwide.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
serving-sys.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
spe.atdmt.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
static.2mdn.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
tour.pornclassics.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
udn.specificclick.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
www.classicpornlinks.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
www.crackle.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
www.media.christian-bale.org [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
www.naiadsystems.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
www.porn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
www.pornhub.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
www.theclassicporn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
www.ziporn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
wwwstatic.megaporn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
yieldmanager.edgesuite.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
.a1.interclick.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.adcentriconline.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.ads.mediamayhemcorp.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.ads.mediamayhemcorp.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.ads.mediamayhemcorp.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.ads.mediamayhemcorp.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.adserv.brandaffinity.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.adserving.cpxinteractive.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.*adult URL* [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.amazonservices.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.asiafriendfinder.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.asiafriendfinder.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.asiafriendfinder.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.bellglobemediapublishing.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.bonniercorp.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.buycom.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.californiastateautomobileassociation.1 12.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.caselaw.lp.findlaw.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.cbs.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.cbsdigitalmedia.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.cengagelearning.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.cgm.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.chicagosuntimes.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.clicks.adengage.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.clickshift.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.dc.tremormedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.dtag.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.eas.apm.emediate.eu [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.eas.apm.emediate.eu [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.edge.ru4.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.electronicarts.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.elitefitness.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.findarticles.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.findarticles.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.findarticles.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.findinternettv.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.gsicace.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.hearstmagazines.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.hornymatches.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.hornystyle.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.iacas-s.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.iacsb1.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.imediac.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.imediac.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.imediaconnection.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.imediaconnection.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.likecrack.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.link.mercent.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.linksynergy.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.linksynergy.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.linksynergy.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.media.legacy.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.media.mtvnservices.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.msnaccountservices.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.msnbc.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.network.realmedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.pornoinside.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.*censored*.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.qnsr.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.rotator.adjuggler.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.rotator.adjuggler.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.rotator.adjuggler.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.s.clickability.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.s.clickability.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.safeway.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.sfadvertiser.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.singletracks.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.singletracks.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.sixapart.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.sixapart.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.sixpackabsexercises.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.sparknetworks.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.thebestporn.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.thefind.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.thefind.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.torontoseeker.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.trinitymirror.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.ussearch.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
.viacom.adbureau.net [
-
and last but not least :
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
Error creating install.txt after 3 tries! Trying alternate method...
Error creating Process List-- tell your Helper
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
-
Did you update your AV program as instructed?
Download ComboFix by sUBs from one of the below links.
Important! You MUST save ComboFix to your desktop
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click on ComboFix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
When the scan completes it will open a text window.
Post the contents of that log in your next reply.
Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.
-
SuperD, I went ahead and updated my virus protection for AVG....also this is the log from combofix......how does it look now?
ComboFix 10-09-07.03 - User 09/08/2010 11:16:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.241 [GMT -7:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\Recent\Thumbs.db
C:\LOG190.tmp
C:\LOG611.tmp
C:\LOGDA.tmp
C:\LOGDF.tmp
C:\LOGE1.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\jestertb.dll
.
((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.
2010-09-07 23:48 . 2010-09-07 23:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-09-07 03:49 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 03:49 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 03:49 . 2010-09-07 03:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 01:10 . 2010-09-07 01:10 63488 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 01:10 . 2010-09-07 01:10 52224 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 01:10 . 2010-09-07 01:10 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-25 04:31 . 2010-08-25 04:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-25 04:30 . 2010-08-25 04:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-25 04:30 . 2010-09-07 23:14 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-08-25 04:26 . 2010-09-08 06:47 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-08-25 04:26 . 2010-09-08 00:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-25 04:26 . 2010-08-25 04:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Temp
2010-08-25 04:25 . 2010-08-25 04:25 -------- d-----w- c:\program files\Common Files\Skype
2010-08-25 04:25 . 2010-08-25 04:26 -------- d-----r- c:\program files\Skype
2010-08-25 04:25 . 2010-08-25 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-12 07:04 . 2010-08-12 07:07 -------- d-----w- C:\2c2772b9e2d7dcf05a4252b8ab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 23:26 . 2001-01-31 21:18 -------- d-----w- c:\program files\McAfee Security Scan
2010-09-07 03:28 . 2008-08-03 02:22 -------- d-----w- c:\documents and settings\User\Application Data\Comodo
2010-09-07 03:28 . 2008-08-03 02:22 -------- d-----w- c:\program files\COMODO
2010-08-25 04:31 . 2004-11-21 02:35 -------- d-----w- c:\program files\Google
2010-08-23 05:46 . 2008-08-03 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-21 01:11 . 2008-08-02 20:40 42816 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 05:47 . 2010-07-31 05:47 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-30 12:31 . 2004-11-21 00:04 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-11-21 00:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-11-21 00:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-11-21 00:04 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-11-21 01:19 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-11-21 00:04 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2001-02-18 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Netscape"="c:\program files\Common Files\ISPCOMP\InstallService.exe" [2005-09-07 173568]
"HostManager"="c:\program files\Common Files\AOL\1217722696\ee\AOLSoftware.exe" [2007-05-25 42032]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2001-01-02 16:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00 57344 -c--a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21 114688 -c--a-w- c:\program files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
2008-08-03 02:23 278264 -c--a-w- c:\program files\COMODO\SafeSurf\cssurf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17 53248 -c--a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 19:32 19456 -c--a-w- c:\windows\system32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 19:32 19968 -c--a-w- c:\windows\system32\Ctxfihlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\AOL\1217722696\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27 126976 -c--a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31 155648 -c--a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12 32768 -c--a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-06 05:05 5406720 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 21:52 54576 -c--a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-08-02 20:50 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2007-04-09 19:19 28672 -c--a-w- c:\windows\system32\MIDIDEF.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2004-10-22 03:12 184320 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2004-10-26 06:20 167936 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 -c--a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-31 01:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217722696\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2008 7:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2008 7:13 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/2/2008 7:13 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2008 7:13 PM 297752]
S2 dkohxnk;Update Universal;c:\windows\system32\svchost.exe -k netsvcs [11/20/2004 5:04 PM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 9:26 PM 136176]
S2 rvjuka;System Windows;c:\windows\system32\svchost.exe -k netsvcs [11/20/2004 5:04 PM 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dkohxnk
rvjuka
.
Contents of the 'Scheduled Tasks' folder
2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = home.netscape.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-NetscapeClient - (no file)
MSConfigStartUp-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe
MSConfigStartUp-Mouse Suite 98 Daemon - ICO.EXE
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_20030003
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 11:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dkohxnk]
"ServiceDll"="c:\windows\system32\zkfibbc.dll"
--
-
You have Viewpoint installed.
Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
More information:
* ViewMgr.exe - Useless (http://www.greatis.com/appdata/u/v/viewmgr.exe.htm)
* Viewpoint to Plunge Into Adware (http://www.clickz.com/news/article.php/3561546/)
It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.
* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
*********************************
This does not appear to be the full log for ComboFix. Could you please run it again and post the log.
-
This is the most recent combofix log :
ComboFix 10-09-08.01 - User 09/08/2010 17:14:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.417 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.
2010-09-07 23:48 . 2010-09-07 23:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-09-07 03:49 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 03:49 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 03:49 . 2010-09-07 03:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 01:10 . 2010-09-07 01:10 63488 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 01:10 . 2010-09-07 01:10 52224 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 01:10 . 2010-09-07 01:10 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-25 04:31 . 2010-08-25 04:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-25 04:30 . 2010-08-25 04:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-25 04:30 . 2010-09-07 23:14 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-08-25 04:26 . 2010-09-08 06:47 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-08-25 04:26 . 2010-09-08 00:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-25 04:26 . 2010-08-25 04:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Temp
2010-08-25 04:25 . 2010-08-25 04:25 -------- d-----w- c:\program files\Common Files\Skype
2010-08-25 04:25 . 2010-08-25 04:26 -------- d-----r- c:\program files\Skype
2010-08-25 04:25 . 2010-08-25 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-12 07:04 . 2010-08-12 07:07 -------- d-----w- C:\2c2772b9e2d7dcf05a4252b8ab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 00:12 . 2010-09-09 00:12 -------- d-----w- c:\program files\MetaStream
2010-09-07 23:26 . 2001-01-31 21:18 -------- d-----w- c:\program files\McAfee Security Scan
2010-09-07 03:28 . 2008-08-03 02:22 -------- d-----w- c:\documents and settings\User\Application Data\Comodo
2010-09-07 03:28 . 2008-08-03 02:22 -------- d-----w- c:\program files\COMODO
2010-08-25 04:31 . 2004-11-21 02:35 -------- d-----w- c:\program files\Google
2010-08-23 05:46 . 2008-08-03 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-21 01:11 . 2008-08-02 20:40 42816 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 05:47 . 2010-07-31 05:47 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-30 12:31 . 2004-11-21 00:04 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-11-21 00:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-11-21 00:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-11-21 00:04 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-11-21 01:19 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-11-21 00:04 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2001-02-18 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Netscape"="c:\program files\Common Files\ISPCOMP\InstallService.exe" [2005-09-07 173568]
"HostManager"="c:\program files\Common Files\AOL\1217722696\ee\AOLSoftware.exe" [2007-05-25 42032]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2001-01-02 16:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00 57344 -c--a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21 114688 -c--a-w- c:\program files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
2008-08-03 02:23 278264 -c--a-w- c:\program files\COMODO\SafeSurf\cssurf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17 53248 -c--a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 19:32 19456 -c--a-w- c:\windows\system32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 19:32 19968 -c--a-w- c:\windows\system32\Ctxfihlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\AOL\1217722696\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27 126976 -c--a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31 155648 -c--a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12 32768 -c--a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-06 05:05 5406720 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 21:52 54576 -c--a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-08-02 20:50 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2007-04-09 19:19 28672 -c--a-w- c:\windows\system32\MIDIDEF.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2004-10-22 03:12 184320 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2004-10-26 06:20 167936 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 -c--a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-31 01:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217722696\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2008 7:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2008 7:13 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/2/2008 7:13 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2008 7:13 PM 297752]
S2 dkohxnk;Update Universal;c:\windows\system32\svchost.exe -k netsvcs [11/20/2004 5:04 PM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 9:26 PM 136176]
S2 rvjuka;System Windows;c:\windows\system32\svchost.exe -k netsvcs [11/20/2004 5:04 PM 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dkohxnk
rvjuka
.
Contents of the 'Scheduled Tasks' folder
2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = home.netscape.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
------- File Associations -------
.
.scr=REG_SZ
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 17:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dkohxnk]
"ServiceDll"="c:\windows\system32\zkfibbc.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rvjuka]
"ServiceDll"="c:\windows\system32\zkfibbc.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
- - - - - - - > 'explorer.exe'(2800)
c:\windows\system32\WININET.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-09-08 17:22:56
ComboFix-quarantined-files.txt 2010-09-09 00:22
ComboFix2.txt 2010-09-08 18:27
Pre-Run: 43,316,379,648 bytes free
Post-Run: 43,323,912,192 bytes free
- - End Of File - - 0B216D6F8340B641DA9DBAE06C76C18B
-
* Download the following tool: RootRepeal - Rootkit Detector (http://rootrepeal.googlepages.com/)
* Direct download link is here: RootRepeal.zip (http://rootrepeal.googlepages.com/RootRepeal.zip)
* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of such programs and how to disable them.
* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.
-
Dave, here is the Rootrepeal log as requested:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/10 12:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys
Address: 0xF7A24000 Size: 31744 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9BFE000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BCC000 Size: 8192 File Visible: No Signed: -
Status: -
Name: mbr.sys
Image Path: C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys
Address: 0xF7924000 Size: 20864 File Visible: No Signed: -
Status: -
Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF7BF4000 Size: 7872 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9C87000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: c:\vetlog.txt
Status: Size mismatch (API: 3459032, Raw: 3456235)
Path: c:\windows\temp\11521233-e01b-42e5-b421-00dfffd94be2.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)
Path: c:\documents and settings\all users\application data\aol\c_aol 9.1\shellmon.ph
Status: Size mismatch (API: 5220, Raw: 3023)
Hidden Services
-------------------
Service Name: dkohxnk
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs
Service Name: rvjuka
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs
==EOF==
-
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
File::
c:\windows\temp\11521233-e01b-42e5-b421-00dfffd94be2.tmp
NetSvc::
dkohxnk
rvjuka
Driver::
dkohxnk
rvjuka
File::
c:\windows\system32\zkfibbc.dll
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dkohxnk]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rvjuka]
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://img19.imageshack.us/img19/5660/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
-
The latest combofix log for you Dave:
ComboFix 10-09-08.01 - User 09/10/2010 22:05:34.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.507 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\system32\zkfibbc.dll"
"c:\windows\temp\11521233-e01b-42e5-b421-00dfffd94be2.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DKOHXNK
-------\Legacy_RVJUKA
-------\Service_dkohxnk
-------\Service_rvjuka
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.
2010-09-10 19:58 . 2010-09-10 19:58 0 ----a-w- c:\documents and settings\User\settings.dat
2010-09-09 21:55 . 2009-10-07 08:47 266008 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-09-09 21:55 . 2009-10-07 08:24 34068 ----a-r- c:\windows\system32\Repository.reg
2010-09-09 21:55 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-09-09 21:55 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-09-09 21:55 . 2009-10-07 08:43 199192 ----a-r- c:\windows\system32\lvci12101110.dll
2010-09-09 21:55 . 2009-10-07 08:43 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-09-09 21:55 . 2009-10-07 08:49 6756632 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-09-09 21:41 . 2010-09-09 21:41 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\LogiShrd
2010-09-09 21:39 . 2009-10-07 08:49 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-09-09 21:39 . 2010-09-09 21:40 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-09 21:37 . 2010-09-09 21:55 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-09-09 21:37 . 2010-09-10 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-09-09 21:37 . 2010-09-09 21:41 -------- d-----w- c:\program files\Logitech
2010-09-09 21:37 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-09-09 21:37 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-09-09 21:37 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-09-09 21:37 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-09-09 21:36 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-09-09 21:36 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-09-09 21:36 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-09-09 21:36 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-09-09 21:36 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-09-09 21:36 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-09-09 21:36 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-09-09 21:36 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-09-09 21:36 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-09-09 21:36 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-09-09 21:36 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-09-09 21:36 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-09-09 21:35 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-09-09 21:35 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-09-09 00:12 . 2010-09-09 00:12 -------- d-----w- c:\program files\MetaStream
2010-09-07 23:48 . 2010-09-07 23:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-09-07 03:49 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 03:49 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 03:49 . 2010-09-07 03:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-25 04:31 . 2010-08-25 04:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-25 04:30 . 2010-08-25 04:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-25 04:30 . 2010-09-11 01:43 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-08-25 04:26 . 2010-09-11 05:20 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-08-25 04:26 . 2010-09-08 00:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-25 04:26 . 2010-08-25 04:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Temp
2010-08-25 04:25 . 2010-08-25 04:25 -------- d-----w- c:\program files\Common Files\Skype
2010-08-25 04:25 . 2010-08-25 04:26 -------- d-----r- c:\program files\Skype
2010-08-25 04:25 . 2010-08-25 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-12 07:04 . 2010-08-12 07:07 -------- d-----w- C:\2c2772b9e2d7dcf05a4252b8ab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 21:55 . 2010-09-09 21:55 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-09 21:55 . 2010-09-09 21:39 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-09-07 23:26 . 2001-01-31 21:18 -------- d-----w- c:\program files\McAfee Security Scan
2010-09-07 03:28 . 2008-08-03 02:22 -------- d-----w- c:\documents and settings\User\Application Data\Comodo
2010-09-07 03:28 . 2008-08-03 02:22 -------- d-----w- c:\program files\COMODO
2010-09-07 01:10 . 2010-09-07 01:10 63488 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 01:10 . 2010-09-07 01:10 52224 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 01:10 . 2010-09-07 01:10 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-25 04:31 . 2004-11-21 02:35 -------- d-----w- c:\program files\Google
2010-08-23 05:46 . 2008-08-03 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-21 01:11 . 2008-08-02 20:40 42816 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 05:47 . 2010-07-31 05:47 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-30 12:31 . 2004-11-21 00:04 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-11-21 00:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-11-21 00:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-11-21 00:04 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 00:23 . 2010-09-09 14:28 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-06-14 14:31 . 2004-11-21 01:19 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-11-21 00:04 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2001-02-18 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Netscape"="c:\program files\Common Files\ISPCOMP\InstallService.exe" [2005-09-07 173568]
"HostManager"="c:\program files\Common Files\AOL\1217722696\ee\AOLSoftware.exe" [2007-05-25 42032]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
c:\documents and settings\User\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2001-01-02 16:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00 57344 -c--a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21 114688 -c--a-w- c:\program files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
2008-08-03 02:23 278264 -c--a-w- c:\program files\COMODO\SafeSurf\cssurf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17 53248 -c--a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 19:32 19456 -c--a-w- c:\windows\system32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 19:32 19968 -c--a-w- c:\windows\system32\Ctxfihlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\AOL\1217722696\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27 126976 -c--a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31 155648 -c--a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12 32768 -c--a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-06 05:05 5406720 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 21:52 54576 -c--a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-08-02 20:50 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2007-04-09 19:19 28672 -c--a-w- c:\windows\system32\MIDIDEF.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2004-10-22 03:12 184320 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2004-10-26 06:20 167936 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 -c--a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-31 01:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217722696\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2008 7:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2008 7:13 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/2/2008 7:13 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2008 7:13 PM 297752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 9:26 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = home.netscape.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 22:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
- - - - - - - > 'explorer.exe'(1956)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-09-10 22:26:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 05:26
ComboFix2.txt 2010-09-09 00:22
ComboFix3.txt 2010-09-08 18:27
Pre-Run: 42,967,670,784 bytes free
Post-Run: 43,021,565,952 bytes free
- - End Of File - - D10BE20726567B1507D3F672D9967944
-
How's your computer working now? Do you still have problems with Yahoo Msg?
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Steve and helpers, Yahoo Msg is now working like a charm. Kudos for the time spent in helping me resolve this issue. I have provided the eset log below :
C:\Desktop\Flash_Disinfector.exe probably a variant of Win32/Agent.BWFKHA trojan
C:\Documents and Settings\User\My Documents\setupxv.exe.vir probably a variant of Win32/TrojanDownloader.Banload.KDRCNRT trojan
C:\Program Files\RegistryFix7\UninstlDll.dll Win32/Adware.ErrorClean application
C:\Program Files\Sony\Welcome to VAIO life\Internet Services.exe probably a variant of Win32/TrojanDropper.Agent.BLQHZVO trojan
C:\Program Files\Sony\Welcome to VAIO life\VAIO zone.exe probably a variant of Win32/TrojanDropper.Agent.FYKSNPZ trojan
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP15\A0006085.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP16\A0006125.DLL Win32/Toolbar.AskSBar application
-
The ESET log doesn't show that the infections were removed. Please run it again. There should be a box just above the "Scan archives" box alread checked. Please ensure that this box remains checked and run the scan.
-
I ran the scanner again and selected both boxes this time:
C:\Desktop\Flash_Disinfector.exe probably a variant of Win32/Agent.BWFKHA trojan cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\setupxv.exe.vir probably a variant of Win32/TrojanDownloader.Banload.KDRCNRT trojan cleaned by deleting - quarantined
C:\Program Files\RegistryFix7\UninstlDll.dll Win32/Adware.ErrorClean application cleaned by deleting - quarantined
C:\Program Files\Sony\Welcome to VAIO life\Internet Services.exe probably a variant of Win32/TrojanDropper.Agent.BLQHZVO trojan cleaned by deleting - quarantined
C:\Program Files\Sony\Welcome to VAIO life\VAIO zone.exe probably a variant of Win32/TrojanDropper.Agent.FYKSNPZ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP15\A0006085.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP16\A0006125.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007280.exe probably a variant of Win32/Agent.BWFKHA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007281.dll Win32/Adware.ErrorClean application cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007282.exe probably a variant of Win32/TrojanDropper.Agent.BLQHZVO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007283.exe probably a variant of Win32/TrojanDropper.Agent.FYKSNPZ trojan cleaned by deleting - quarantined
-
Dave, okay so progress update at the ready. Yahoo msg now opens fine....but there are some serious time delays now from the time I startup till my browser opens .....and with closing one webpage and opening another , the closing webpage takes longer to dissappear than before and also the activity light on my pc seems to be working really hard at something all the time....I mean all the time ......what do you think?
-
Download the Fix IE Utility (http://www.majorgeeks.com/Fix_IE_Utility_d6256.html) to your desktop.
Before running the utility, make sure that all your Internet Explorer windows are closed!
* Extract the contents of the .zip file to your desktop.
* Double click the Fix IE Utility button to run the tool.
* Click Run Utility
* Click OK when you see 'Re-registered all files'
* Open Internet Explorer and see how it works.
******************************************
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
-
The Procexp log as requested:
Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 98.46 0 K 28 K
Interrupts n/a 0 K 0 K Hardware Interrupts
DPCs n/a 0 K 0 K Deferred Procedure Calls
System 4 0 K 57,188 K
smss.exe 764 172 K 276 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 836 2,368 K 5,928 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 860 6,760 K 4,048 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 904 1.54 1,956 K 2,824 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
svchost.exe 1080 3,288 K 3,568 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k DcomLaunch
igfxext.exe 668 1,508 K 2,396 K igfxext Module Intel Corporation C:\WINDOWS\system32\igfxext.exe -Embedding
COCIManager.exe 300 2,848 K 2,712 K Camera Control Interface Logitech Inc. "C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
wmiprvse.exe 5968 3,092 K 8,140 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
SkypeNames2.exe 1500 888 K 3,408 K SkypeNames Skype Technologies S.A. "C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe" -Embedding
svchost.exe 1132 2,144 K 3,088 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k rpcss
svchost.exe 1280 26,324 K 34,664 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe 1348 1,868 K 3,208 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe 1596 1,580 K 2,692 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe 1892 3,320 K 3,268 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 720 1,456 K 2,400 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
AOLacsd.exe 756 5,644 K 4,308 K AOL Connectivity Service AOL LLC C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
avgwdsvc.exe 788 4,824 K 2,544 K AVG Watchdog Service AVG Technologies CZ, s.r.o. C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
avgrsx.exe 1528 15,672 K 14,068 K AVG Resident Shield Service AVG Technologies CZ, s.r.o. avgrsx.exe
avgnsx.exe 316 11,276 K 792 K AVG Network scanner Service AVG Technologies CZ, s.r.o. avgnsx.exe
LVPrcSrv.exe 1044 1,080 K 1,864 K Logitech LVPrcSrv Module. Logitech Inc. "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
McciCMService.exe 1492 2,140 K 2,084 K mcci+McciCMService Motive Communications, Inc. "C:\Program Files\Common Files\Motive\McciCMService.exe"
RegSrvc.exe 1688 824 K 1,456 K RegSrvc Module Intel Corporation "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe"
svchost.exe 1608 2,588 K 3,316 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
wdfmgr.exe 168 1,656 K 1,100 K Windows User Mode Driver Manager Microsoft Corporation C:\WINDOWS\system32\wdfmgr.exe
VESMgr.exe 204 3,540 K 2,668 K VAIO Event Service (Service Module) Sony Corporation "C:\Program Files\Sony\VAIO Event Service\VESMgr.exe"
VCSW.exe 248 3,096 K 3,280 K VAIO Entertainment UPnP Client Adapter Sony Corporation "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe" -RunBySCM
wanmpsvc.exe 352 916 K 340 K Wan Miniport (ATW) Service America Online, Inc. "C:\WINDOWS\wanmpsvc.exe"
YahooAUService.exe 456 6,420 K 6,712 K AutoUpater Service Module Yahoo! Inc. "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
avgemc.exe 536 4,252 K 868 K AVG E-Mail Scanner AVG Technologies CZ, s.r.o. C:\PROGRA~1\AVG\AVG8\avgemc.exe
avgcsrvx.exe 2260 8,912 K 3,292 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. /pipeName=83687938-965e-4ed7-9ddd-566c19f0c761 /coreSdkOptions=0 /binaryPath="C:\Program Files\AVG\AVG8\"
VzCdbSvc.exe 624 5,752 K 4,256 K VAIO Entertainment Database Service Sony Corporation "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe"
VzFw.exe 824 4,524 K 4,408 K VAIO Entertainment File Import Service Sony Corporation "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe"
alg.exe 2556 1,292 K 1,980 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
lsass.exe 916 4,112 K 1,456 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
explorer.exe 2680 22,192 K 19,532 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
avgtray.exe 2960 3,688 K 796 K AVG Tray Monitor AVG Technologies CZ, s.r.o. "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
SearchProtection.exe 2988 3,792 K 1,524 K Yahoo! Application Yahoo! Inc "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
InstallService.exe 3008 1,524 K 432 K Netscape Communications Corporation "C:\Program Files\Common Files\ISPCOMP\InstallService.exe"
aolsoftware.exe 3024 8,732 K 7,392 K AOL AOL LLC "C:\Program Files\Common Files\AOL\1217722696\ee\AOLSoftware.exe"
LWS.exe 3048 18,972 K 2,532 K Camera Software Logitech Inc. "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
Skype.exe 1380 28,152 K 16,292 K Skype Skype Technologies S.A. "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
skypePM.exe 1328 16,188 K 3,804 K Skype Extras Manager Skype Technologies "C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT
ctfmon.exe 3336 1,152 K 2,228 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
SSScheduler.exe 3360 808 K 80 K McAfee Security Scanner Scheduler McAfee, Inc. "C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe"
firefox.exe 2216 85,124 K 97,740 K Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
procexp.exe 5016 10,828 K 16,528 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\DOCUME~1\User\LOCALS~1\Temp\Temporary Directory 1 for ProcessExplorer.zip\procexp.exe"
Vid.exe 2804 619,868 K 14,132 K Logitech Vid HD Logitech Inc. "C:\Program Files\Logitech\Vid HD\Vid.exe" -installmode
YahooMessenger.exe 4264 109,724 K 48,556 K Yahoo! Messenger Yahoo! Inc. "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE"
iexplore.exe 1296 6,048 K 1,004 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe 4668 22,604 K 912 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:1296 CREDAT:14337
iexplore.exe 3300 5,584 K 884 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe 5916 13,372 K 700 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3300 CREDAT:14337
iexplore.exe 1832 5,636 K 896 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe 5808 13,336 K 548 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:14337
iexplore.exe 5188 5,580 K 888 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe 4904 13,512 K 544 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:5188 CREDAT:14337
iexplore.exe 3232 5,592 K 896 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe 4068 13,580 K 544 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3232 CREDAT:14337
iexplore.exe 4916 5,632 K 904 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe 436 13,516 K 540 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4916 CREDAT:14337
iexplore.exe 4000 5,536 K 1,824 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe 3304 16,040 K 2,008 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4000 CREDAT:14337
iexplore.exe 4208 5,600 K 1,756 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe 5100 13,488 K 1,704 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4208 CREDAT:14337
waol.exe 1444 118,588 K 11,248 K AOL Software AOL, LLC. -Brestart
shellmon.exe 5716 656 K 2,632 K waolmon AOL, LLC. "C:\Program Files\AOL 9.1\shellmon.exe"
aoltpsd3.exe 4408 2,456 K 5,680 K AOL TopSpeed AOL LLC -p11535 -q"11536,11537,11538,11539,11540,11541,11542,11543" -S256 -G"C:\Documents and Settings\All Users\Application Data\AOL\Topspeed\3.0\vph.ph" -g"{9C6D947A-D1B5-4271-A40A-7EFA70080F11}" -e1
-
A quick update for you . I booted up my pc this morning and some little gremlin must have got into my system last night. My yahoo msg will not open now and it was working perfectly yesterday. I did gather this info from the error msg box in yahoo :
Checking virtual IP servers...
[VIP Raw] Connecting to Virtual IP server 98.136.48.32...
[VIP Raw] Connecting to Virtual IP server 67.195.186.241...
[VIP Raw] Connecting to Virtual IP server 68.180.217.15...
[VIP Raw] Connecting to Virtual IP server 76.13.15.38...
[VIP Raw] FAILED
*** 'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionTimeout' ***
Checking HTTP virtual IP servers...
[VIP Http] Connecting to HTTP Virtual IP server 216.155.194.34...
[VIP Http] Connecting to HTTP Virtual IP server 98.136.112.56...
[VIP Http] Connecting to HTTP Virtual IP server 216.155.194.137...
[VIP Http] Connecting to HTTP Virtual IP server 98.136.112.142...
[VIP Http] FAILED
*** 'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionTimeout' ***
What could have happened to the connection as my firefox is working fine . However, my aol hompage is static and as for now just shows a white screen upon sign on . The status bar at the top of the aol screen shows connected and signed on.. I wonder if the rereg of files performed yesterday had anything to do with it ?
-
Please re-run RootRepeal again and post the log as instructed in Reply # 9
-
Rootrepeal log just run:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/17 11:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9BFE000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BD0000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8AA7000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: c:\documents and settings\user\application data\skype\etilqs_qfyjmfnvxg56fsf6sbxi
Status: Allocation size mismatch (API: 65536, Raw: 0)
Path: c:\documents and settings\user\application data\skype\etilqs_ywj25zmdo50r3v004jnd
Status: Allocation size mismatch (API: 8192, Raw: 0)
==EOF==
-
Your copy of ComboFix has passed it's shelf life. Please delete it, download a new one and run another scan.
Download ComboFix by sUBs from one of the below links.
Important! You MUST save ComboFix to your desktop
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click on ComboFix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
When the scan completes it will open a text window.
Post the contents of that log in your next reply.
Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.
-
ComboFix 10-09-17.04 - User 09/18/2010 16:09:28.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.402 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix1.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
.
2010-09-18 23:05 . 2010-09-18 23:05 -------- d-----r- C:\32788R22FWJFW
2010-09-17 18:06 . 2010-09-17 18:06 42816 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-17 04:25 . 2010-09-17 04:25 -------- d-----w- c:\documents and settings\User\Application Data\Registry Mechanic
2010-09-17 04:21 . 2010-08-05 15:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-09-17 04:21 . 2010-09-17 04:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-15 21:28 . 2010-09-16 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-15 21:25 . 2010-09-16 03:11 -------- d-----w- c:\windows\SxsCaPendDel
2010-09-12 00:29 . 2010-09-12 00:29 -------- d-----w- c:\program files\ESET
2010-09-10 19:58 . 2010-09-10 19:58 0 ----a-w- c:\documents and settings\User\settings.dat
2010-09-09 21:55 . 2009-10-07 08:47 266008 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-09-09 21:55 . 2009-10-07 08:24 34068 ----a-r- c:\windows\system32\Repository.reg
2010-09-09 21:55 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-09-09 21:55 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-09-09 21:55 . 2009-10-07 08:43 199192 ----a-r- c:\windows\system32\lvci12101110.dll
2010-09-09 21:55 . 2009-10-07 08:43 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-09-09 21:55 . 2009-10-07 08:49 6756632 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-09-09 21:41 . 2010-09-09 21:41 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\LogiShrd
2010-09-09 21:39 . 2009-10-07 08:49 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-09-09 21:39 . 2010-09-09 21:40 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-09 21:37 . 2010-09-09 21:55 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-09-09 21:37 . 2010-09-10 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-09-09 21:37 . 2010-09-16 03:11 -------- d-----w- c:\program files\Logitech
2010-09-09 21:37 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-09-09 21:37 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-09-09 21:37 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-09-09 21:37 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-09-09 21:36 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-09-09 21:36 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-09-09 21:36 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-09-09 21:36 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-09-09 21:36 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-09-09 21:36 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-09-09 21:36 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-09-09 21:36 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-09-09 21:36 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-09-09 21:36 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-09-09 21:36 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-09-09 21:36 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-09-09 21:35 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-09-09 21:35 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-09-09 00:12 . 2010-09-09 00:12 -------- d-----w- c:\program files\MetaStream
2010-09-07 23:48 . 2010-09-07 23:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-09-07 03:49 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 03:49 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 03:49 . 2010-09-07 03:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-25 04:31 . 2010-08-25 04:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-25 04:30 . 2010-08-25 04:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-25 04:30 . 2010-09-18 23:04 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-08-25 04:26 . 2010-09-18 23:14 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-08-25 04:26 . 2010-09-18 22:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Temp
2010-08-25 04:26 . 2010-09-08 00:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-25 04:25 . 2010-08-25 04:25 -------- d-----w- c:\program files\Common Files\Skype
2010-08-25 04:25 . 2010-08-25 04:26 -------- d-----r- c:\program files\Skype
2010-08-25 04:25 . 2010-08-25 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 04:25 . 2008-08-03 02:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-16 00:18 . 2010-09-09 21:55 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-16 00:17 . 2010-09-09 21:39 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-09-15 21:32 . 2009-06-06 21:24 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2010-09-15 21:28 . 2008-08-30 21:40 -------- d-----w- c:\program files\Yahoo!
2010-09-14 02:30 . 2001-01-02 07:46 -------- d-----w- c:\program files\RegistryFix7
2010-09-13 00:34 . 2010-09-17 19:18 58368 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\FFExternalAlert.dll
2010-09-13 00:34 . 2010-09-17 19:18 101376 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\RadioWMPCore.dll
2010-09-11 14:46 . 2001-02-23 06:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-07 23:26 . 2001-01-31 21:18 -------- d-----w- c:\program files\McAfee Security Scan
2010-09-07 03:28 . 2008-08-03 02:22 -------- d-----w- c:\documents and settings\User\Application Data\Comodo
2010-09-07 03:28 . 2008-08-03 02:22 -------- d-----w- c:\program files\COMODO
2010-09-07 01:10 . 2010-09-07 01:10 63488 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 01:10 . 2010-09-07 01:10 52224 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 01:10 . 2010-09-07 01:10 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-05 23:42 . 2010-09-17 19:18 58368 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\FFExternalAlert.dll
2010-09-05 23:42 . 2010-09-17 19:18 101376 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\RadioWMPCore.dll
2010-08-25 04:31 . 2004-11-21 02:35 -------- d-----w- c:\program files\Google
2010-08-23 05:46 . 2008-08-03 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-17 13:17 . 2004-11-21 00:04 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-31 05:47 . 2010-07-31 05:47 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-22 15:49 . 2004-11-21 00:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-14 20:08 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2004-11-21 00:04 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-11-21 00:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-11-21 00:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04 354304 ----a-w- c:\windows\system32\drivers\srv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2001-02-18 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Netscape"="c:\program files\Common Files\ISPCOMP\InstallService.exe" [2005-09-07 173568]
"HostManager"="c:\program files\Common Files\AOL\1217722696\ee\AOLSoftware.exe" [2007-05-25 42032]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
c:\documents and settings\User\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2001-01-02 16:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00 57344 -c--a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21 114688 -c--a-w- c:\program files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
2008-08-03 02:23 278264 -c--a-w- c:\program files\COMODO\SafeSurf\cssurf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17 53248 -c--a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 19:32 19456 -c--a-w- c:\windows\system32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 19:32 19968 -c--a-w- c:\windows\system32\Ctxfihlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\AOL\1217722696\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27 126976 -c--a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31 155648 -c--a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12 32768 -c--a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-06 05:05 5406720 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 21:52 54576 -c--a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-08-02 20:50 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2007-04-09 19:19 28672 -c--a-w- c:\windows\system32\MIDIDEF.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2004-10-22 03:12 184320 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2004-10-26 06:20 167936 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 -c--a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-06-01 17:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217722696\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2008 7:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2008 7:13 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/2/2008 7:13 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2008 7:13 PM 297752]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [9/16/2010 9:21 PM 583640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 9:26 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder
2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642707&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - TranslatorBar 5.2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2642707&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 16:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
- - - - - - - > 'explorer.exe'(5696)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-09-18 16:31:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-18 23:31
ComboFix2.txt 2010-09-11 05:26
ComboFix3.txt 2010-09-09 00:22
ComboFix4.txt 2010-09-08 18:27
Pre-Run: 41,830,486,016 bytes free
Post-Run: 42,044,772,352 bytes free
- - End Of File - - 3E5B0F3FE448F4C9FD26029C9B93F9C4
-
What could have happened to the connection as my firefox is working fine . However, my aol hompage is static and as for now just shows a white screen upon sign on . The status bar at the top of the aol screen shows connected and signed on
You said Firefox is working well but what browser is your AOL homepage on? Can you please give me a screenprint.
How to post screenshots or images (http://www.computerhope.com/forum/index.php/topic,61232.0.html)
Have you tried uninstalling AOL and downloading a new version?
-
Dave, I have resolved the issue with logging onto AOL by uninstalling and then installing the updated version. Now, the only issue left over isto do with the much increased wait time from the time I logon to windows till I can actually run any programs. Also, and more surprisingly is the time taken to open new browser windows in Firefox etc....I notice that the time taken for such processes is approx twice as much as before...
-
We should do some cleanup and then I will give you a couple of links to try to speed up your computer while booting. You should investigate how much RAM you're running and what programs start when you boot. Also check to see how much free space you have on your C: drive. You should have at least 15/% in order for your computer to run correctly. If all these fail to speed up your computer, perhaps, you should start a new thread in the appropriate software forum.
Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
**********************************
StartupLite
Download StartupLite by MalwareBytes (http://www.malwarebytes.org/StartUpLite.exe) to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
*****************************
Clean-up
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter
* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
*********************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**********************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Safe Surfing!
-
Super D, I have completed the steps outlined in the last post. However, it seems that there is a very long system lag issue from the time of logging on to windows to getting something to appear on screen takes close to 8 minutes. I know we have completed alot of processes to get yahoo msg up and running but this system lag is a bummer. Take for instance my AOL , at times it will just freeze on screen and requires a close down of program and reopen. What do you think can be done to rid the system of the lag?
Btw I did a system check and it seems I have adequate ram resources and no other issues were evident on the system performance diagnosis.
-
You could try this tool. If it doesn't improve I would suggest that you start a new thread in the proper Windows software forum.
StartupLite
Download StartupLite by MalwareBytes (http://www.malwarebytes.org/StartUpLite.exe) to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
-
Dave, I ran the Startuplite progam again and restarted the pc but did not notice any difference in the system lag issue. I will go to the browser section of this site to see what needs to be done to remove this little glitch affecting the startup process. So all in all my yahoo is now working great now and and am well armed against any malware or spyware in the future. On a further note the link you provided to cleanup the registry as well as improve peformance is really comprehensive and well written. There are some great tips on there . Thanks again Dave for all the help.