Author Topic: Help Please (Read 12536 times)

evilfantasy · « **Reply #15 on:** August 26, 2008, 12:26:11 PM »

Yes if it won't fit in one post then use two or more.

HelpMePlz · « **Reply #16 on:** August 26, 2008, 12:35:07 PM »

Ok here goes...

boFix 08-08-25.01 - Rebecca 2008-08-26 12:55:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.463 [GMT -5:00]
Running from: C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Rebecca\LOCALS~1\Temp\lsass.exe
C:\Documents and Settings\Rebecca\Application Data\macromedia\Flash Player\#SharedObjects\AYHHTWAM\bin.clearspring.com
C:\Documents and Settings\Rebecca\Application Data\macromedia\Flash Player\#SharedObjects\AYHHTWAM\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Rebecca\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Rebecca\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\cdmxtras
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\cache329\B_329_0_1_503300.htm
C:\WINDOWS\system32\cache329\B_329_0_1_503300.swf
C:\WINDOWS\system32\cache329\B_329_0_1_523000.htm
C:\WINDOWS\system32\cache329\B_329_0_1_523000.swf
C:\WINDOWS\system32\cache329\B_329_0_1_529100.htm
C:\WINDOWS\system32\cache329\B_329_0_1_529100.swf
C:\WINDOWS\system32\cache329\B_329_0_1_531800.htm
C:\WINDOWS\system32\cache329\B_329_0_1_531800.swf
C:\WINDOWS\system32\cache329\B_329_0_1_537300.htm
C:\WINDOWS\system32\cache329\B_329_0_1_537300.swf
C:\WINDOWS\system32\cache329\B_329_0_1_621600.htm
C:\WINDOWS\system32\cache329\B_329_0_1_621600.swf
C:\WINDOWS\system32\cache329\B_329_0_1_624900.htm
C:\WINDOWS\system32\cache329\B_329_0_1_624900.swf
C:\WINDOWS\system32\cache329\B_329_0_1_626000.htm
C:\WINDOWS\system32\cache329\B_329_0_1_626000.swf
C:\WINDOWS\system32\cache329\B_329_0_1_630000.htm
C:\WINDOWS\system32\cache329\B_329_0_1_630000.swf
C:\WINDOWS\system32\cache329\B_329_0_1_630600.htm
C:\WINDOWS\system32\cache329\B_329_0_1_630600.swf
C:\WINDOWS\system32\cache329\B_329_0_1_640300.htm
C:\WINDOWS\system32\cache329\B_329_0_1_640300.swf
C:\WINDOWS\system32\cache329\B_329_0_1_669000.gif
C:\WINDOWS\system32\cache329\B_329_0_1_673400.gif
C:\WINDOWS\system32\cache329\B_329_0_1_678600.htm
C:\WINDOWS\system32\cache329\B_329_0_1_678600.swf
C:\WINDOWS\system32\cache329\B_329_0_1_679300.htm
C:\WINDOWS\system32\cache329\B_329_0_1_679300.swf
C:\WINDOWS\system32\cache329\B_329_0_1_682500.htm
C:\WINDOWS\system32\cache329\B_329_0_1_682500.swf
C:\WINDOWS\system32\cache329\B_329_0_1_688200.htm
C:\WINDOWS\system32\cache329\B_329_0_1_688200.swf
C:\WINDOWS\system32\cache329\B_329_0_1_701000.htm
C:\WINDOWS\system32\cache329\B_329_0_1_701000.swf
C:\WINDOWS\system32\cache329\B_329_0_1_701200.htm
C:\WINDOWS\system32\cache329\B_329_0_1_701200.swf
C:\WINDOWS\system32\cache329\B_329_0_1_701600.htm
C:\WINDOWS\system32\cache329\B_329_0_1_701600.swf
C:\WINDOWS\system32\cache329\B_329_0_3_516200.gif
C:\WINDOWS\system32\cache329\B_329_2_1_503300.htm
C:\WINDOWS\system32\cache329\B_329_2_1_503300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_523000.htm
C:\WINDOWS\system32\cache329\B_329_2_1_523000.swf
C:\WINDOWS\system32\cache329\B_329_2_1_529100.htm
C:\WINDOWS\system32\cache329\B_329_2_1_529100.swf
C:\WINDOWS\system32\cache329\B_329_2_1_531800.htm
C:\WINDOWS\system32\cache329\B_329_2_1_531800.swf
C:\WINDOWS\system32\cache329\B_329_2_1_537300.htm
C:\WINDOWS\system32\cache329\B_329_2_1_537300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_621600.htm
C:\WINDOWS\system32\cache329\B_329_2_1_621600.swf
C:\WINDOWS\system32\cache329\B_329_2_1_624900.htm
C:\WINDOWS\system32\cache329\B_329_2_1_624900.swf
C:\WINDOWS\system32\cache329\B_329_2_1_625100.htm
C:\WINDOWS\system32\cache329\B_329_2_1_625100.swf
C:\WINDOWS\system32\cache329\B_329_2_1_626000.htm
C:\WINDOWS\system32\cache329\B_329_2_1_626000.swf
C:\WINDOWS\system32\cache329\B_329_2_1_630000.htm
C:\WINDOWS\system32\cache329\B_329_2_1_630000.swf
C:\WINDOWS\system32\cache329\B_329_2_1_630600.htm
C:\WINDOWS\system32\cache329\B_329_2_1_630600.swf
C:\WINDOWS\system32\cache329\B_329_2_1_640300.htm
C:\WINDOWS\system32\cache329\B_329_2_1_640300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_669000.gif
C:\WINDOWS\system32\cache329\B_329_2_1_673400.gif
C:\WINDOWS\system32\cache329\B_329_2_1_678600.htm
C:\WINDOWS\system32\cache329\B_329_2_1_678600.swf
C:\WINDOWS\system32\cache329\B_329_2_1_679300.htm
C:\WINDOWS\system32\cache329\B_329_2_1_679300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_682500.htm
C:\WINDOWS\system32\cache329\B_329_2_1_682500.swf
C:\WINDOWS\system32\cache329\B_329_2_1_688200.htm
C:\WINDOWS\system32\cache329\B_329_2_1_688200.swf
C:\WINDOWS\system32\cache329\B_329_2_1_701000.htm
C:\WINDOWS\system32\cache329\B_329_2_1_701000.swf
C:\WINDOWS\system32\cache329\B_329_2_1_701200.htm
C:\WINDOWS\system32\cache329\B_329_2_1_701200.swf
C:\WINDOWS\system32\cache329\B_329_2_1_701600.htm
C:\WINDOWS\system32\cache329\B_329_2_1_701600.swf
C:\WINDOWS\system32\cache329\B_329_2_2_554400.htm
C:\WINDOWS\system32\cache329\B_329_2_2_554400.swf
C:\WINDOWS\system32\cache329\B_329_2_2_558800.gif
C:\WINDOWS\system32\cache329\B_329_2_2_586300.htm
C:\WINDOWS\system32\cache329\B_329_2_2_586300.swf
C:\WINDOWS\system32\cache329\B_329_2_2_589300.htm
C:\WINDOWS\system32\cache329\B_329_2_2_589300.swf
C:\WINDOWS\system32\cache329\B_329_2_2_651200.htm
C:\WINDOWS\system32\cache329\B_329_2_2_651200.swf
C:\WINDOWS\system32\cache329\B_329_2_2_668500.htm
C:\WINDOWS\system32\cache329\B_329_2_2_668500.swf
C:\WINDOWS\system32\cache329\B_329_2_2_674300.htm
C:\WINDOWS\system32\cache329\B_329_2_2_674300.swf
C:\WINDOWS\system32\cache329\B_329_2_2_676300.htm
C:\WINDOWS\system32\cache329\B_329_2_2_676300.swf
C:\WINDOWS\system32\cache329\B_329_2_2_699800.htm
C:\WINDOWS\system32\cache329\B_329_2_2_699800.swf
C:\WINDOWS\system32\cache329\B_329_2_2_775900.htm
C:\WINDOWS\system32\cache329\B_329_2_2_775900.swf
C:\WINDOWS\system32\cache329\B_329_2_3_516200.gif
C:\WINDOWS\system32\cache329\B_329_2_3_568300.htm
C:\WINDOWS\system32\cache329\B_329_2_3_568300.swf
C:\WINDOWS\system32\cache329\B_329_2_3_634300.htm
C:\WINDOWS\system32\cache329\B_329_2_3_634300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_503300.htm
C:\WINDOWS\system32\cache329\B_329_3_1_503300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_523000.htm
C:\WINDOWS\system32\cache329\B_329_3_1_523000.swf
C:\WINDOWS\system32\cache329\B_329_3_1_529100.htm
C:\WINDOWS\system32\cache329\B_329_3_1_529100.swf
C:\WINDOWS\system32\cache329\B_329_3_1_531800.htm
C:\WINDOWS\system32\cache329\B_329_3_1_531800.swf
C:\WINDOWS\system32\cache329\B_329_3_1_537300.htm
C:\WINDOWS\system32\cache329\B_329_3_1_537300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_621600.htm
C:\WINDOWS\system32\cache329\B_329_3_1_621600.swf
C:\WINDOWS\system32\cache329\B_329_3_1_625100.htm
C:\WINDOWS\system32\cache329\B_329_3_1_625100.swf
C:\WINDOWS\system32\cache329\B_329_3_1_626000.htm
C:\WINDOWS\system32\cache329\B_329_3_1_626000.swf
C:\WINDOWS\system32\cache329\B_329_3_1_630000.htm
C:\WINDOWS\system32\cache329\B_329_3_1_630000.swf
C:\WINDOWS\system32\cache329\B_329_3_1_630600.htm
C:\WINDOWS\system32\cache329\B_329_3_1_630600.swf
C:\WINDOWS\system32\cache329\B_329_3_1_640300.htm
C:\WINDOWS\system32\cache329\B_329_3_1_640300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_669000.gif
C:\WINDOWS\system32\cache329\B_329_3_1_673400.gif
C:\WINDOWS\system32\cache329\B_329_3_1_678600.htm
C:\WINDOWS\system32\cache329\B_329_3_1_678600.swf
C:\WINDOWS\system32\cache329\B_329_3_1_679300.htm
C:\WINDOWS\system32\cache329\B_329_3_1_679300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_682500.htm
C:\WINDOWS\system32\cache329\B_329_3_1_682500.swf
C:\WINDOWS\system32\cache329\B_329_3_1_688200.htm
C:\WINDOWS\system32\cache329\B_329_3_1_688200.swf
C:\WINDOWS\system32\cache329\B_329_3_1_701000.htm
C:\WINDOWS\system32\cache329\B_329_3_1_701000.swf
C:\WINDOWS\system32\cache329\B_329_3_1_701200.htm
C:\WINDOWS\system32\cache329\B_329_3_1_701200.swf
C:\WINDOWS\system32\cache329\B_329_3_1_701600.htm
C:\WINDOWS\system32\cache329\B_329_3_1_701600.swf
C:\WINDOWS\system32\cache329\B_329_3_2_554400.htm
C:\WINDOWS\system32\cache329\B_329_3_2_554400.swf
C:\WINDOWS\system32\cache329\B_329_3_2_558800.gif
C:\WINDOWS\system32\cache329\B_329_3_2_586300.htm
C:\WINDOWS\system32\cache329\B_329_3_2_586300.swf
C:\WINDOWS\system32\cache329\B_329_3_2_589300.htm
C:\WINDOWS\system32\cache329\B_329_3_2_589300.swf
C:\WINDOWS\system32\cache329\B_329_3_2_651200.htm
C:\WINDOWS\system32\cache329\B_329_3_2_651200.swf
C:\WINDOWS\system32\cache329\B_329_3_2_668500.htm
C:\WINDOWS\system32\cache329\B_329_3_2_668500.swf
C:\WINDOWS\system32\cache329\B_329_3_2_674300.htm
C:\WINDOWS\system32\cache329\B_329_3_2_674300.swf
C:\WINDOWS\system32\cache329\B_329_3_2_676300.htm
C:\WINDOWS\system32\cache329\B_329_3_2_676300.swf
C:\WINDOWS\system32\cache329\B_329_3_2_699800.htm
C:\WINDOWS\system32\cache329\B_329_3_2_699800.swf
C:\WINDOWS\system32\cache329\B_329_3_2_775900.htm
C:\WINDOWS\system32\cache329\B_329_3_2_775900.swf
C:\WINDOWS\system32\cache329\B_329_3_3_516200.gif
C:\WINDOWS\system32\cache329\B_329_3_3_537400.htm
C:\WINDOWS\system32\cache329\B_329_3_3_537400.swf
C:\WINDOWS\system32\cache329\B_329_3_3_567700.htm
C:\WINDOWS\system32\cache329\B_329_3_3_567700.swf
C:\WINDOWS\system32\cache329\B_329_3_3_568300.htm
C:\WINDOWS\system32\cache329\B_329_3_3_568300.swf
C:\WINDOWS\system32\cache329\B_329_3_3_634300.htm
C:\WINDOWS\system32\cache329\B_329_3_3_634300.swf
C:\WINDOWS\system32\cache329\B_329_3_3_693100.htm
C:\WINDOWS\system32\cache329\B_329_3_3_693100.swf
C:\WINDOWS\system32\cache329\B_329_3_3_737700.gif
C:\WINDOWS\system32\cache329\B_329_3_3_737800.gif
C:\WINDOWS\system32\cache329\B_329_3_3_737900.gif
C:\WINDOWS\system32\cache329\B_329_3_3_738000.gif
C:\WINDOWS\system32\cache329\B_329_3_4_545600.htm
C:\WINDOWS\system32\cache329\B_329_3_4_545600.swf
C:\WINDOWS\system32\cache329\B_329_3_4_588000.htm
C:\WINDOWS\system32\cache329\B_329_3_4_588000.swf
C:\WINDOWS\system32\cache329\B_329_3_4_591600.htm
C:\WINDOWS\system32\cache329\B_329_3_4_591600.swf
C:\WINDOWS\system32\cache329\B_329_3_4_693600.gif
C:\WINDOWS\system32\cache329\B_329_4_1_609900.htm
C:\WINDOWS\system32\cache329\B_329_4_1_609900.swf
C:\WINDOWS\system32\cache329\B_329_4_1_611800.htm
C:\WINDOWS\system32\cache329\B_329_4_1_642300.htm
C:\WINDOWS\system32\cache329\B_329_4_1_674200.gif
C:\WINDOWS\system32\cache329\B_329_4_1_674200.htm
C:\WINDOWS\system32\cache329\B_329_4_1_675600.htm
C:\WINDOWS\system32\cache329\B_329_4_1_675700.htm
C:\WINDOWS\system32\cache329\B_329_4_1_683100.gif
C:\WINDOWS\system32\cache329\B_329_4_1_683100.htm
C:\WINDOWS\system32\cache329\B_329_4_2_576700.gif
C:\WINDOWS\system32\cache329\B_329_4_2_576700.htm
C:\WINDOWS\system32\cache329\B_329_4_2_591900.gif
C:\WINDOWS\system32\cache329\B_329_4_2_591900.htm
C:\WINDOWS\system32\cache329\B_329_4_2_648700.htm
C:\WINDOWS\system32\cache329\B_329_4_2_656100.htm
C:\WINDOWS\system32\cache329\B_329_4_2_656100.jpg
C:\WINDOWS\system32\cache329\B_329_4_2_656500.gif
C:\WINDOWS\system32\cache329\B_329_4_2_656500.htm
C:\WINDOWS\system32\cache329\B_329_4_2_657000.htm
C:\WINDOWS\system32\cache329\B_329_4_2_657000.jpg
C:\WINDOWS\system32\cache329\B_329_4_2_668400.gif
C:\WINDOWS\system32\cache329\B_329_4_2_668400.htm
C:\WINDOWS\system32\cache329\B_329_4_2_672000.htm
C:\WINDOWS\system32\cache329\B_329_4_2_674600.htm
C:\WINDOWS\system32\cache329\B_329_4_2_686600.htm
C:\WINDOWS\system32\cache329\B_329_4_3_503700.htm
C:\WINDOWS\system32\cache329\B_329_4_3_577200.htm
C:\WINDOWS\system32\cache329\B_329_4_3_583000.htm
C:\WINDOWS\system32\cache329\B_329_4_3_583000.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_583500.htm
C:\WINDOWS\system32\cache329\B_329_4_3_583500.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_608200.htm
C:\WINDOWS\system32\cache329\B_329_4_3_694300.htm
C:\WINDOWS\system32\cache329\B_329_4_3_694300.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_694600.htm
C:\WINDOWS\system32\cache329\B_329_4_3_694600.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_694700.htm
C:\WINDOWS\system32\cache329\B_329_4_3_694700.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_694800.gif
C:\WINDOWS\system32\cache329\B_329_4_3_694800.htm
C:\WINDOWS\system32\cache329\B_329_4_3_694900.gif
C:\WINDOWS\system32\cache329\B_329_4_3_694900.htm
C:\WINDOWS\system32\cache329\B_329_4_3_695000.htm
C:\WINDOWS\system32\cache329\B_329_4_3_695000.jpg
C:\WINDOWS\system32\cache329\B_329_4_4_508400.htm
C:\WINDOWS\system32\cache329\B_329_4_4_520100.gif
C:\WINDOWS\system32\cache329\B_329_4_4_520100.htm
C:\WINDOWS\system32\cache329\B_329_4_4_547500.htm
C:\WINDOWS\system32\cache329\B_329_4_4_547500.jpg
C:\WINDOWS\system32\cache329\B_329_4_4_553600.htm
C:\WINDOWS\system32\cache329\B_329_4_4_553600.jpg
C:\WINDOWS\system32\cache329\B_329_4_4_554100.htm
C:\WINDOWS\system32\cache329\B_329_4_4_554100.jpg
C:\WINDOWS\system32\cache329\B_329_4_4_607000.htm
C:\WINDOWS\system32\cache329\B_329_4_4_673900.htm
C:\WINDOWS\system32\cache329\B_329_4_4_673900.swf
C:\WINDOWS\system32\cache329\B_329_4_4_685500.gif
C:\WINDOWS\system32\cache329\B_329_4_4_685500.htm
C:\WINDOWS\system32\cache329\B_329_4_4_685600.gif
C:\WINDOWS\system32\cache329\B_329_4_4_685600.htm
C:\WINDOWS\system32\cache329\B_329_4_4_693800.gif
C:\WINDOWS\system32\cache329\B_329_4_4_693800.htm
C:\WINDOWS\system32\cache329\B_524800.htm
C:\WINDOWS\system32\cache329\B_525100.htm
C:\WINDOWS\system32\cache329\B_527100.htm
C:\WINDOWS\system32\cache329\B_528500.htm
C:\WINDOWS\system32\cache329\B_530800.htm
C:\WINDOWS\system32\cache329\B_560700.htm
C:\WINDOWS\system32\cache329\B_561000.htm
C:\WINDOWS\system32\cache329\B_575200.htm
C:\WINDOWS\system32\cache329\B_576800.htm
C:\WINDOWS\system32\cache329\B_591300.htm
C:\WINDOWS\system32\cache329\B_604700.htm
C:\WINDOWS\system32\cache329\B_618800.htm
C:\WINDOWS\system32\cache329\B_631900.htm
C:\WINDOWS\system32\cache329\B_633300.htm
C:\WINDOWS\system32\cache329\B_634700.htm
C:\WINDOWS\system32\cache329\B_637600.htm
C:\WINDOWS\system32\cache329\B_642100.htm
C:\WINDOWS\system32\cache329\B_644500.htm
C:\WINDOWS\system32\cache329\B_665300.htm
C:\WINDOWS\system32\cache329\B_665500.htm
C:\WINDOWS\system32\cache329\B_677100.htm
C:\WINDOWS\system32\cache329\B_677300.htm
C:\WINDOWS\system32\cache329\B_677500.htm
C:\WINDOWS\system32\cache329\B_677700.htm
C:\WINDOWS\system32\cache329\B_677900.htm
C:\WINDOWS\system32\cache329\B_685300.htm
C:\WINDOWS\system32\cache329\B_704300.htm
C:\WINDOWS\system32\cache329\B_704600.htm
C:\WINDOWS\system32\cache329\B_704700.htm
C:\WINDOWS\system32\cache329\B_704800.htm
C:\WINDOWS\system32\cache329\B_704900.htm
C:\WINDOWS\system32\cache329\B_705000.htm
C:\WINDOWS\system32\cache329\B_705100.htm
C:\WINDOWS\system32\cache329\B_707700.htm
C:\WINDOWS\system32\cache329\B_707800.htm
C:\WINDOWS\system32\cache329\B_707900.htm
C:\WINDOWS\system32\cache329\B_708000.htm
C:\WINDOWS\system32\cache329\B_791300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_1_611800.htm
C:\WINDOWS\system32\cache329\t_B_329_4_1_642300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_1_675600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_1_675700.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_648700.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_672000.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_674600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_686600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_503700.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_577200.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_608200.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_508400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_607000.htm
C:\WINDOWS\system32\cache329\t_B_524800.htm
C:\WINDOWS\system32\cache329\t_B_525100.htm
C:\WINDOWS\system32\cache329\t_B_527100.htm
C:\WINDOWS\system32\cache329\t_B_528500.htm
C:\WINDOWS\system32\cache329\t_B_530800.htm
C:\WINDOWS\system32\cache329\t_B_560700.htm
C:\WINDOWS\system32\cache329\t_B_561000.htm
C:\WINDOWS\system32\cache329\t_B_575200.htm
C:\WINDOWS\system32\cache329\t_B_576800.htm
C:\WINDOWS\system32\cache329\t_B_591300.htm
C:\WINDOWS\system32\cache329\t_B_604700.htm
C:\WINDOWS\system32\cache329\t_B_618800.htm
C:\WINDOWS\system32\cache329\t_B_631900.htm
C:\WINDOWS\system32\cache329\t_B_633300.htm
C:\WINDOWS\system32\cache329\t_B_634700.htm
C:\WINDOWS\system32\cache329\t_B_637600.htm
C:\WINDOWS\system32\cache329\t_B_642100.htm
C:\WINDOWS\system32\cache329\t_B_644500.htm
C:\WINDOWS\system32\cache329\t_B_648900.htm
C:\WINDOWS\system32\cache329\t_B_650300.htm

HelpMePlz · « **Reply #17 on:** August 26, 2008, 12:37:11 PM »

C:\WINDOWS\system32\cache329\t_B_652000.htm
C:\WINDOWS\system32\cache329\t_B_653100.htm
C:\WINDOWS\system32\cache329\t_B_654600.htm
C:\WINDOWS\system32\cache329\t_B_665300.htm
C:\WINDOWS\system32\cache329\t_B_665500.htm
C:\WINDOWS\system32\cache329\t_B_677100.htm
C:\WINDOWS\system32\cache329\t_B_677300.htm
C:\WINDOWS\system32\cache329\t_B_677500.htm
C:\WINDOWS\system32\cache329\t_B_677700.htm
C:\WINDOWS\system32\cache329\t_B_677900.htm
C:\WINDOWS\system32\cache329\t_B_685300.htm
C:\WINDOWS\system32\cache329\t_B_704300.htm
C:\WINDOWS\system32\cache329\t_B_704600.htm
C:\WINDOWS\system32\cache329\t_B_704700.htm
C:\WINDOWS\system32\cache329\t_B_704800.htm
C:\WINDOWS\system32\cache329\t_B_704900.htm
C:\WINDOWS\system32\cache329\t_B_705000.htm
C:\WINDOWS\system32\cache329\t_B_705100.htm
C:\WINDOWS\system32\cache329\t_B_707700.htm
C:\WINDOWS\system32\cache329\t_B_707800.htm
C:\WINDOWS\system32\cache329\t_B_707900.htm
C:\WINDOWS\system32\cache329\t_B_708000.htm
C:\WINDOWS\system32\cache329\t_B_791300.htm
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\herluivs.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rhnhmhgu.ini
C:\WINDOWS\system32\url(2).dll
C:\WINDOWS\system32\url(4)(2).dll

.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-26 04:28 . 2008-08-26 04:28   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-26 04:07 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-08-26 03:35 . 2008-08-26 03:35   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 03:35 . 2008-08-17 15:01   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 03:35 . 2008-08-17 15:01   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SUPERAntiSpyware.com
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\WINDOWS\Speeditup Free
2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\Program Files\Speeditup Free
2008-08-25 13:19 . 2008-08-25 13:19   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-25 11:58 . 2008-08-25 11:58   2,335,270   --a------   C:\WINDOWS\system32\36434.mht
2008-08-25 11:58 . 2004-08-04 02:56   708,096   --a------   C:\WINDOWS\system32\44d36.tmp
2008-08-25 11:58 . 2008-08-25 11:58   54,624   --a------   C:\WINDOWS\system32\d0335.sys
2008-08-25 11:42 . 2008-08-25 12:53   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
2008-08-24 00:52 . 2008-08-24 00:55   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SecondLife
2008-08-21 01:55 . 2008-08-21 01:55   <DIR>   d----c---   C:\VundoFix Backups
2008-08-21 00:35 . 2008-08-25 22:25   <DIR>   d--------   C:\Program Files\Enigma Software Group
2008-08-21 00:16 . 2008-08-21 00:16   61,440   --a------   C:\WINDOWS\system32\drivers\wbkcgnqb.sys
2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\Malwarebytes
2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-20 18:30 . 2008-08-20 18:30   0   --a------   C:\WINDOWS\system32\ddcYqOhE.dll.vir
2008-08-20 12:20 . 2008-08-20 12:21   <DIR>   d--------   C:\Program Files\Windows Live Safety Center
2008-08-20 11:49 . 2008-08-20 11:49   <DIR>   d--------   C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-20 11:27 . 2000-12-08 21:59   122,880   --a------   C:\WINDOWS\UnGins.exe
2008-08-20 00:19 . 2008-08-20 00:54   <DIR>   d----c---   C:\1Cleanup
2008-08-19 01:58 . 2008-08-19 01:58   <DIR>   d----c---   C:\2eb227843e394d64ce79fdad320ef0
2008-08-19 01:35 . 2008-08-19 01:35   2,335,270   --a------   C:\WINDOWS\system32\73d25A.mht
2008-08-18 23:10 . 2008-08-20 00:11   <DIR>   d--------   C:\Program Files\Panda Security
2008-08-18 13:23 . 2008-08-18 13:23   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\McAfee
2008-08-18 11:54 . 2008-08-18 13:13   <DIR>   d--------   C:\Program Files\a-squared Anti-Malware
2008-08-18 02:10 . 2008-08-18 02:10   <DIR>   d--------   C:\Temp\epr1
2008-08-18 02:10 . 2008-08-18 02:10   355   --a--c---   C:\933.bat
2008-08-13 11:07 . 2008-08-13 11:07   <DIR>   d--------   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-12 14:01 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-08-12 14:01 . 2007-07-30 19:19   207,736   --a------   C:\WINDOWS\system32\muweb.dll
2008-08-12 14:01 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-08-11 20:25 . 2008-08-11 20:25   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-08-11 20:25 . 2008-08-12 16:59   <DIR>   d--------   C:\Documents and Settings\Rebecca\Contacts
2008-08-11 20:17 . 2008-08-24 18:54   <DIR>   d--------   C:\Program Files\Windows Live
2008-08-11 20:17 . 2008-08-11 20:24   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-11 20:16 . 2008-08-11 20:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-08 12:35 . 2008-08-22 00:44   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-08-08 12:35 . 2008-08-08 12:35   1,409   --a------   C:\WINDOWS\QTFont.for
2008-08-06 21:37 . 2008-08-06 21:37   <DIR>   d--------   C:\Program Files\LucasArts
2008-08-06 21:21 . 2008-06-23 11:57   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-06 21:21 . 2007-04-17 04:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-06 21:21 . 2007-03-08 00:10   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-06 21:21 . 2008-06-23 11:57   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-06 21:21 . 2008-06-23 11:57   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-06 21:21 . 2008-06-23 11:57   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-06 21:21 . 2008-06-23 11:57   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-06 21:21 . 2008-06-23 11:57   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-06 21:21 . 2008-06-23 04:20   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 09:21   ---------   d-----w   C:\Program Files\Java
2008-08-26 04:04   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 03:53   ---------   d-----w   C:\Program Files\CCleaner
2008-08-26 03:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-26 03:20   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Lavasoft
2008-08-26 03:14   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-08-26 03:14   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 18:15   ---------   d--h--w   C:\Documents and Settings\All Users\Application Data\yahoo!
2008-08-25 18:15   ---------   d-----w   C:\Program Files\Yahoo!
2008-08-25 16:52   ---------   d--h--w   C:\Documents and Settings\Rebecca\Application Data\yahoo!
2008-08-20 18:01   ---------   d-----w   C:\Program Files\RegistryFix
2008-08-18 21:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Ahead
2008-08-18 18:38   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-18 18:36   ---------   d-----w   C:\Program Files\Canon
2008-08-18 18:25   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-18 01:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\SiteAdvisor
2008-08-11 00:24   ---------   d-----w   C:\Program Files\McAfee
2008-08-10 05:58   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-07 00:29   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 20:32   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-06-24 16:23   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41   245,248   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41   245,248   ----a-w   C:\WINDOWS\system32\mswsock(2)(2).dll
2008-06-20 17:41   148,992   ----a-w   C:\WINDOWS\system32\dnsapi(2)(2).dll
2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2004-06-25 02:25   2,094   -c--a-w   C:\Program Files\V4Hardware_1.xml
2003-10-28 01:54   169   -c-ha-w   C:\Documents and Settings\Cliff\hpothb07.dat
2002-03-16 01:09   24   -c--a-w   C:\Documents and Settings\Cliff\18DF93B7.BIN
2004-10-22 01:19   56   -csh--r   C:\WINDOWS\system32\E2850458D2.sys
2005-04-07 01:34   1,786   -csha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [2008-06-09 04:34 2275328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 03:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50 204800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-03 15:16 180269]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 23:42 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 18:12 777424]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-10-02 14:09 35928]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-18 20:44 286720]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

HelpMePlz · « **Reply #18 on:** August 26, 2008, 12:38:04 PM »

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-09-19 13:16:30 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-10-16 16:26:16 118784]
Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [2007-10-08 19:39:11 368640]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00 815104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.XVID"= xvid.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnss pc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
--a------ 2002-12-06 17:07 617984 C:\Program Files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a--c--- 2004-02-24 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
--a--c--- 2005-01-10 10:35 73728 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-05-04 19:51 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2001-08-23 07:00 44032 C:\WINDOWS\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 00:31 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra--c--- 2001-07-09 04:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
--a--c--- 2004-11-15 12:49 98304 C:\PROGRA~1\PESTPA~1\PPControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
-----c--- 2003-04-19 07:53 148480 C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-18 20:44 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResModify]
-r---c--- 2003-12-29 04:16 65536 C:\Program Files\USBToolbox\Res.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a--c--- 2003-07-30 11:08 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-02-03 15:16 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a--c--- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a--c--- 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a--c--- 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=

R0 gxc122b;gxc122b;C:\WINDOWS\system32\DRIVERS\gxc122b.sys [2004-03-12 23:41]
R0 gxc122p;gxc122p;C:\WINDOWS\system32\Drivers\gxc122p.sys [2004-03-12 23:41]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 00:59]
R3 rdsdrv;rdsdrv;C:\WINDOWS\system32\DRIVERS\rdsdrv.sys [2003-10-21 10:19]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
S0 syvn;syvn;C:\WINDOWS\system32\drivers\wbkcgnqb.sys [2008-08-21 00:16]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\System32\drivers\ASUSHWIO.sys []
S3 d0335;d0335;C:\WINDOWS\system32\d0335.sys [2008-08-25 11:58]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\Cliff\LOCALS~1\Temp\DMSKSSRh.sys []
S3 GearAspiWDM_BackUp;GEAR CDRom Filter;C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2003-08-25 10:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\dvdcheck.exe
\Shell\directx\command - DirectX9\dxsetup.exe
\Shell\setup\command - D:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-26 C:\WINDOWS\Tasks\AF2C5CCA9B8BCF3E.job
- c:\docume~1\rebecca\applic~1\plansi~1\winholdless.exe []

2008-08-24 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CLIFF-HA8LIBYJX-Cliff).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2004-08-04 02:56]

2008-07-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-PrinTray - C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
ShellExecuteHooks-{1D516154-6AC0-426C-92A1-FDC0073E8A1B} - C:\DOCUME~1\Cliff\LOCALS~1\Temp\ntwzhook.dll
MSConfigStartUp-27JANBS3QDRHPP - C:\WINDOWS\System32\Sqnge1Me.exe
MSConfigStartUp-AdwareAlert - C:\Program Files\AdwareAlert\AdwareAlert.Exe
MSConfigStartUp-Awtr - C:\Documents and Settings\Cliff\Application Data\ldeo.exe
MSConfigStartUp-BearShare - C:\Program Files\BearShare\BearShare.exe
MSConfigStartUp-eBayToolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-Jet Detection - C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
MSConfigStartUp-Ko4U6So1 - C:\documents and settings\rebecca\local settings\temp\Ko4U6So1.exe
MSConfigStartUp-MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-SpyHunter - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
MSConfigStartUp-ViewMgr - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
MSConfigStartUp-Weather - C:\Program Files\AWS\WeatherBug\Weather.exe
MSConfigStartUp-Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Default_Page_URL = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {09C6CAC0-936E-40A0-BC26-707480103DC3} - hxxp://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
C:\WINDOWS\Downloaded Program Files\flipside_webmoo.inf

O16 -: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
C:\WINDOWS\Downloaded Program Files\DragDropUploader.inf
C:\WINDOWS\Downloaded Program Files\Pixami Upload Control.ocx
C:\WINDOWS\Downloaded Program Files\DragDropUploadUI.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 13:06:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-08-26 13:16:17
ComboFix-quarantined-files.txt 2008-08-26 18:16:05

Pre-Run: 14,293,508,096 bytes free
Post-Run: 14,480,089,088 bytes free

652 --- E O F --- 2008-08-26 16:02:31

evilfantasy · « **Reply #19 on:** August 26, 2008, 12:52:35 PM »

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
C:\VundoFix Backups

File::
C:\WINDOWS\system32\36434.mht
C:\WINDOWS\system32\44d36.tmp
C:\WINDOWS\system32\d0335.sys
C:\WINDOWS\system32\drivers\wbkcgnqb.sys
C:\WINDOWS\system32\ddcYqOhE.dll.vir
C:\Temp\epr1
C:\933.bat

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

HelpMePlz · « **Reply #20 on:** August 26, 2008, 01:25:53 PM »

Wow, this is really starting to work, my computer is speeding up

K here is the next one ...

ComboFix 08-08-25.01 - Rebecca 2008-08-26 13:57:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.592 [GMT -5:00]
Running from: C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rebecca\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\933.bat
C:\Temp\epr1
C:\WINDOWS\system32\36434.mht
C:\WINDOWS\system32\44d36.tmp
C:\WINDOWS\system32\d0335.sys
C:\WINDOWS\system32\ddcYqOhE.dll.vir
C:\WINDOWS\system32\drivers\wbkcgnqb.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\933.bat
C:\VundoFix Backups
C:\WINDOWS\system32\36434.mht
C:\WINDOWS\system32\44d36.tmp
C:\WINDOWS\system32\d0335.sys
C:\WINDOWS\system32\ddcYqOhE.dll.vir
C:\WINDOWS\system32\drivers\wbkcgnqb.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_d0335
-------\Service_d0335
-------\Service_syvn

((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-26 04:28 . 2008-08-26 04:28   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-26 04:07 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-08-26 03:35 . 2008-08-26 03:35   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 03:35 . 2008-08-17 15:01   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 03:35 . 2008-08-17 15:01   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SUPERAntiSpyware.com
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\WINDOWS\Speeditup Free
2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\Program Files\Speeditup Free
2008-08-25 13:19 . 2008-08-25 13:19   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-25 11:42 . 2008-08-25 12:53   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
2008-08-24 00:52 . 2008-08-24 00:55   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SecondLife
2008-08-21 00:35 . 2008-08-25 22:25   <DIR>   d--------   C:\Program Files\Enigma Software Group
2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\Malwarebytes
2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-20 12:20 . 2008-08-20 12:21   <DIR>   d--------   C:\Program Files\Windows Live Safety Center
2008-08-20 11:49 . 2008-08-20 11:49   <DIR>   d--------   C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-20 11:27 . 2000-12-08 21:59   122,880   --a------   C:\WINDOWS\UnGins.exe
2008-08-20 00:19 . 2008-08-20 00:54   <DIR>   d----c---   C:\1Cleanup
2008-08-19 01:58 . 2008-08-19 01:58   <DIR>   d----c---   C:\2eb227843e394d64ce79fdad320ef0
2008-08-19 01:35 . 2008-08-19 01:35   2,335,270   --a------   C:\WINDOWS\system32\73d25A.mht
2008-08-18 23:10 . 2008-08-20 00:11   <DIR>   d--------   C:\Program Files\Panda Security
2008-08-18 13:23 . 2008-08-18 13:23   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\McAfee
2008-08-18 11:54 . 2008-08-18 13:13   <DIR>   d--------   C:\Program Files\a-squared Anti-Malware
2008-08-18 02:10 . 2008-08-18 02:10   <DIR>   d--------   C:\Temp\epr1
2008-08-13 11:07 . 2008-08-13 11:07   <DIR>   d--------   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-12 14:01 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-08-12 14:01 . 2007-07-30 19:19   207,736   --a------   C:\WINDOWS\system32\muweb.dll
2008-08-12 14:01 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-08-11 20:25 . 2008-08-11 20:25   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-08-11 20:25 . 2008-08-12 16:59   <DIR>   d--------   C:\Documents and Settings\Rebecca\Contacts
2008-08-11 20:17 . 2008-08-24 18:54   <DIR>   d--------   C:\Program Files\Windows Live
2008-08-11 20:17 . 2008-08-11 20:24   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-11 20:16 . 2008-08-11 20:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-08 12:35 . 2008-08-22 00:44   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-08-08 12:35 . 2008-08-08 12:35   1,409   --a------   C:\WINDOWS\QTFont.for
2008-08-06 21:37 . 2008-08-06 21:37   <DIR>   d--------   C:\Program Files\LucasArts
2008-08-06 21:21 . 2008-06-23 11:57   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-06 21:21 . 2007-04-17 04:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-06 21:21 . 2007-03-08 00:10   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-06 21:21 . 2008-06-23 11:57   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-06 21:21 . 2008-06-23 11:57   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-06 21:21 . 2008-06-23 11:57   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-06 21:21 . 2008-06-23 11:57   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-06 21:21 . 2008-06-23 11:57   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-06 21:21 . 2008-06-23 04:20   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe

.

HelpMePlz · « **Reply #21 on:** August 26, 2008, 01:26:16 PM »

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 09:21   ---------   d-----w   C:\Program Files\Java
2008-08-26 04:04   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 03:53   ---------   d-----w   C:\Program Files\CCleaner
2008-08-26 03:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-26 03:20   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Lavasoft
2008-08-26 03:14   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-08-26 03:14   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 18:15   ---------   d--h--w   C:\Documents and Settings\All Users\Application Data\yahoo!
2008-08-25 18:15   ---------   d-----w   C:\Program Files\Yahoo!
2008-08-25 16:52   ---------   d--h--w   C:\Documents and Settings\Rebecca\Application Data\yahoo!
2008-08-20 18:01   ---------   d-----w   C:\Program Files\RegistryFix
2008-08-18 21:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Ahead
2008-08-18 18:38   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-18 18:36   ---------   d-----w   C:\Program Files\Canon
2008-08-18 18:25   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-18 01:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\SiteAdvisor
2008-08-11 00:24   ---------   d-----w   C:\Program Files\McAfee
2008-08-10 05:58   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-07 00:29   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2004-06-25 02:25   2,094   -c--a-w   C:\Program Files\V4Hardware_1.xml
2003-10-28 01:54   169   -c-ha-w   C:\Documents and Settings\Cliff\hpothb07.dat
2002-03-16 01:09   24   -c--a-w   C:\Documents and Settings\Cliff\18DF93B7.BIN
2004-10-22 01:19   56   -csh--r   C:\WINDOWS\system32\E2850458D2.sys
2005-04-07 01:34   1,786   -csha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-26_13.14.52.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [2008-06-09 04:34 2275328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 03:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50 204800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-03 15:16 180269]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 23:42 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-10-02 14:09 35928]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-18 20:44 286720]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-09-19 13:16:30 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-10-16 16:26:16 118784]
Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [2007-10-08 19:39:11 368640]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00 815104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.XVID"= xvid.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dllschannel.dlldigest.dllmsnss pc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
--a------ 2002-12-06 17:07 617984 C:\Program Files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a--c--- 2004-02-24 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
--a--c--- 2005-01-10 10:35 73728 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-05-04 19:51 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2001-08-23 07:00 44032 C:\WINDOWS\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 00:31 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra--c--- 2001-07-09 04:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
--a--c--- 2004-11-15 12:49 98304 C:\PROGRA~1\PESTPA~1\PPControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
-----c--- 2003-04-19 07:53 148480 C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-18 20:44 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResModify]
-r---c--- 2003-12-29 04:16 65536 C:\Program Files\USBToolbox\Res.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a--c--- 2003-07-30 11:08 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-02-03 15:16 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a--c--- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a--c--- 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a--c--- 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=

R0 gxc122b;gxc122b;C:\WINDOWS\system32\DRIVERS\gxc122b.sys [2004-03-12 23:41]
R0 gxc122p;gxc122p;C:\WINDOWS\system32\Drivers\gxc122p.sys [2004-03-12 23:41]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 00:59]
R3 rdsdrv;rdsdrv;C:\WINDOWS\system32\DRIVERS\rdsdrv.sys [2003-10-21 10:19]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\System32\drivers\ASUSHWIO.sys []
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\Cliff\LOCALS~1\Temp\DMSKSSRh.sys []
S3 GearAspiWDM_BackUp;GEAR CDRom Filter;C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2003-08-25 10:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\dvdcheck.exe
\Shell\directx\command - DirectX9\dxsetup.exe
\Shell\setup\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-26 C:\WINDOWS\Tasks\AF2C5CCA9B8BCF3E.job
- c:\docume~1\rebecca\applic~1\plansi~1\winholdless.exe []

2008-08-24 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CLIFF-HA8LIBYJX-Cliff).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2004-08-04 02:56]

2008-07-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 14:06:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6172\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Program Files\Speeditup Free\Data\CheckUp.dat
.
**************************************************************************
.
Completion time: 2008-08-26 14:21:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 19:20:27
ComboFix2.txt 2008-08-26 18:16:19

Pre-Run: 14,430,019,584 bytes free
Post-Run: 14,349,611,008 bytes free

285   --- E O F ---   2008-08-26 16:02:31

evilfantasy · « **Reply #22 on:** August 26, 2008, 02:36:31 PM »

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

-
----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

Important: Restart the computer before continuing.

----------

Scan with Panda ActiveScan

Once you are on the Panda site click the Scan your PC now button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Select the appropriate Yes or No to receiving marketing information
Click the Free Online Scan button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

.Post the contents of the ActiveScan report in your next reply.[/list]

HelpMePlz · « **Reply #23 on:** August 26, 2008, 03:33:42 PM »

Hello, I am up to the Kaspersky part but when I try to run that scan it says that I must have Java 1.5 or better installed for it to run, I click on the java website and that says that I have the latest version. Not sure what to do?
Becca

evilfantasy · « **Reply #24 on:** August 26, 2008, 03:45:13 PM »

I edited the above post. Try the Panda ActiveScan instead.

HelpMePlz · « **Reply #25 on:** August 26, 2008, 05:40:15 PM »

Ok the Panda kept giving me Errors but it did finally work.. Here are the results..
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-26 18:33:38
PROTECTIONS: 3
MALWARE: 57
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.1904.0 No Yes
McAfee Internet Security Suite 2007 8.1 No No
McAfee VirusScan Plus 12.1 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00041904 adware/sidesearch Adware No 0 Yes No c:\documents and settings\rebecca\application data\lycos
00055522 Eicar.Mod Virus No 0 No No C:\Program Files\PestPatrol\Help.chm[/HowCanITestDetection.html]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@trafficmp[2].txt.bak
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@trafficmp[2].txt.bak
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@casalemedia[1].txt.bak
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@doubleclick[2].txt.bak
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@doubleclick[1].txt.bak
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@doubleclick[1].txt.bak
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@atdmt[1].txt.bak
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@atdmt[2].txt.bak
00145386 Cookie/XXXtoolbar TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@xxxtoolbar[1].txt.bak
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@targetnet[1].txt.bak
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@bfast[2].txt.bak
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@bfast[1].txt.bak
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@bfast[1].txt.bak
00145454 Cookie/Centralmedia TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@centralmedia[1].txt.bak
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@fastclick[2].txt.bak
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@fastclick[1].txt.bak
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@fastclick[1].txt.bak
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@mediaplex[1].txt.bak
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@mediaplex[2].txt.bak
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@mediaplex[1].txt.bak
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@centrport[2].txt.bak
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@centrport[1].txt.bak
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@centrport[1].txt.bak
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@sexlist[1].txt.bak
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@sexlist[2].txt.bak
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@linksynergy[2].txt.bak
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@linksynergy[1].txt.bak
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@linksynergy[2].txt.bak
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@spylog[2].txt.bak
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@spylog[1].txt.bak
00147403 application/iwon HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA0B9B71-C2AF-11D3-B376-0800460222F0}
00147403 application/iwon HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F}
00147403 application/iwon HackTools No 0 Yes No hkey_classes_root\clsid\{58384780-211c-11d4-aeb7-0050dac24e8f}
00147403 application/iwon HackTools No 0 Yes No hkey_classes_root\iwontoolbar.settingsplugin
00147403 application/iwon HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{58384780-211C-11d4-AEB7-0050DAC24E8F}
00147403 application/iwon HackTools No 0 Yes No hkey_classes_root\iwontoolbar.settingsplugin.1
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@7search[2].txt.bak
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@revenue[2].txt.bak
00167706 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167706 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak

HelpMePlz · « **Reply #26 on:** August 26, 2008, 05:41:03 PM »

00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167759 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167759 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167761 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167761 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167762 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167765 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167765 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167765 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167778 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167784 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@advertising[2].txt.bak
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@advertising[1].txt.bak
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@advertising[1].txt.bak
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@sextracker[2].txt.bak
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@sextracker[1].txt.bak
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@realmedia[1].txt.bak
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@realmedia[2].txt.bak
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@bluestreak[2].txt.bak
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@bluestreak[2].txt.bak
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@bluestreak[1].txt.bak
00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00180154 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00180154 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@xxxcounter[2].txt.bak
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@xxxcounter[1].txt.bak
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\cliff@valueclick[1].txt.bak
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\rebecca@valueclick[1].txt.bak
00206571 Application/Altnet HackTools No 0 Yes No C:\Program Files\Microsoft AntiSpyware\Quarantine\2F50ECB7-0972-4F5F-8117-DC41A7\4A679ACF-71B2-48FE-A2CF-A1B2AC
00206953 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00206953 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00242066 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\SpyHunter\Backup\F3POPSWT.DLL.bak
00251542 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00251542 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Rebecca\Desktop\VIRUS stuff\VirtumundoBeGone.exe
00527204 Application/PRScheduler HackTools No 0 Yes No C:\Program Files\PestPatrol\Quarantine\20041121124024781.zip[Documents and Settings/Cliff/Start Menu/Programs/Startup/PowerReg Scheduler V3.exe]
00816208 Adware/eZula Adware No 0 Yes No C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32
00959011 Adware/AzeSearch Adware No 0 No No C:\Program Files\Microsoft AntiSpyware\Quarantine\2F50ECB7-0972-4F5F-8117-DC41A7\4A679ACF-71B2-48FE-A2CF-A1B2AC[mySetp.exe]
02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
02402148 Application/Playmp3z HackTools No 0 Yes No C:\Documents and Settings\Rebecca\My Documents\My Music\Setup\Setup.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location Y
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description Y
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 Y
184379 MEDIUM MS08-001 Y
108744 MEDIUM MS06-008 Y
108742 MEDIUM MS06-006 Y
;===================================================================================================================================================================================

evilfantasy · « **Reply #27 on:** August 26, 2008, 05:52:39 PM »

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Now download The Avenger by Swandog46 and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your Desktop
Run avenger.exe by double-clicking on it.
Do not change any check box options!!
Copy everything in the Code box below, and paste it into the Input script here window:

Code: [Select]

Comment:

Files to delete:
C:\Documents and Settings\Rebecca\Desktop\VIRUS stuff\VirtumundoBeGone.exe
C:\Program Files\PestPatrol\Quarantine\20041121124024781.zip[Documents and Settings/Cliff/Start Menu/Programs/Startup/PowerReg Scheduler V3.exe]
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32
C:\Program Files\Microsoft AntiSpyware\Quarantine\2F50ECB7-0972-4F5F-8117-DC41A7\4A679ACF-71B2-48FE-A2CF-A1B2AC[mySetp.exe]
C:\Documents and Settings\Rebecca\My Documents\My Music\Setup\Setup.exe

Registry keys to delete:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA0B9B71-C2AF-11D3-B376-0800460222F0}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F}
hkey_classes_root\clsid\{58384780-211c-11d4-aeb7-0050dac24e8f}
hkey_classes_root\iwontoolbar.settingsplugin
HKEY_LOCAL_MACHINE\software\classes\CLSID\{58384780-211C-11d4-AEB7-0050DAC24E8F}
hkey_classes_root\iwontoolbar.settingsplugin.1

Now click the Execute button.
Click Yes to the prompt to confirm you want to execute.
Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
Your PC should reboot, if not, reboot it yourself.
A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

Add the Avenger log in your next post.

HelpMePlz · « **Reply #28 on:** August 26, 2008, 06:16:18 PM »

Hi, I am getting an Error.. here is what it says...
Error: Invalid registry syntex in command
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CA0B9B71-C2AF-11D3-B376-0800460222FO}
only registry keys under the HKEY-LOCAL-MACHINE hive are accessible to this program. Skiping line (registry key deletion mode)

evilfantasy · « **Reply #29 on:** August 26, 2008, 06:22:23 PM »

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
C:\Documents and Settings\Rebecca\Desktop\VIRUS stuff\VirtumundoBeGone.exe
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32
C:\Documents and Settings\Rebecca\My Documents\My Music\Setup\Setup.exe

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA0B9B71-C2AF-11D3-B376-0800460222F0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F}]
[-hkey_classes_root\clsid\{58384780-211c-11d4-aeb7-0050dac24e8f}]
[-hkey_classes_root\iwontoolbar.settingsplugin]
[-HKEY_LOCAL_MACHINE\software\classes\CLSID\{58384780-211C-11d4-AEB7-0050DAC24E8F}]
[-hkey_classes_root\iwontoolbar.settingsplugin.1]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Computer Hope Forum

News:

Author Topic: Help Please (Read 12536 times)

evilfantasy

Re: Help Please

HelpMePlz

Re: Help Please

HelpMePlz

Re: Help Please

HelpMePlz

Re: Help Please

evilfantasy

Re: Help Please

HelpMePlz

Re: Help Please

HelpMePlz

Re: Help Please

evilfantasy

Re: Help Please

HelpMePlz

Re: Help Please

evilfantasy

Re: Help Please

HelpMePlz

Re: Help Please

HelpMePlz

Re: Help Please

evilfantasy

Re: Help Please

HelpMePlz

Re: Help Please

evilfantasy

Re: Help Please