Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Im Being HIJACKED!!!


Recommended Posts

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 15:38:43, on 2010-8-14

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\Program Files\mcafee.com\agent\mctskshd.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

C:\Program Files\MonsterCommerce\DataBase\MSSQL$DATAPORT\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\alg.exe

C:\UPS\WSTD\UPSNA1Msgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\UPS\WSTD\WSTDMessaging.exe

C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\SPYBOT~1\SDHelper.dll

O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll

O3 - Toolbar: PrivacyProtect - {CB7DC2DA-D8C9-4004-8548-1E24AA7D46DE} - C:\Program Files\SFT\GuardedID\GIDTB.dll

O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Real.com Explorer Bar - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}SdcUser.TgConfCtl.2 - http://ra.intuit.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}Office.awsdc.1 - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}LegitCheckControl.LegitCheck.1 - http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}YInstHelper.YInstStarter.1 - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7}OneCC.OneCCCtl.1 - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=35174227666ca442784f6ed08d21cdf6&url=http%3A%2F%2Fd.64.69.14.62.downloads.estara.com.%2Fas%2FOneCCDM.php&template=489693&sessionid=630999502_64.69.14.69_42843&=&req=1244846352171OneCC.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}npdivx.DivXBrowserPlugin.1 - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003}Persits.XUpload.2 - https://2687352132.monstercommercesites.com/admin/FileManager/XUpload.ocx

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\Program Files\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: PrismXL (PrismXL) - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Link to comment
Share on other sites

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

What exactly are the problems you're having with your computer?

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

******************************************

 

Please download Malwarebytes Anti-Malware from here.

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*******************************************

 

Please download: HiJackThis to your Desktop.

  • Double Click the HijackThis icon, located on your Desktop.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
  • Accept the license agreement.
  • Click the Open the Misc Tools section button.
  • Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
  • Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
  • Please post the log in your next reply.

Link to comment
Share on other sites

Hi americangamingsupply,

 

One thread is enough, please do not post multiple threads and posts about the same subject.

I have deleted your other thread and other post.

 

A Malware Fighter will deal with you when he is available.

 

Cheers.

 

EDIT:

Sorry Superdave I didn't know that you have posted.

BTW, have you seen A note for Malware Fighters. thread in Private for Malware Fighters section?

Link to comment
Share on other sites

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 18:46:10, on 2010-8-14

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\Program Files\mcafee.com\agent\mctskshd.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

C:\Program Files\MonsterCommerce\DataBase\MSSQL$DATAPORT\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\alg.exe

C:\UPS\WSTD\UPSNA1Msgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\UPS\WSTD\WSTDMessaging.exe

C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

 

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\SPYBOT~1\SDHelper.dll

O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll

O3 - Toolbar: PrivacyProtect - {CB7DC2DA-D8C9-4004-8548-1E24AA7D46DE} - C:\Program Files\SFT\GuardedID\GIDTB.dll

O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Real.com Explorer Bar - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}SdcUser.TgConfCtl.2 - http://ra.intuit.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}Office.awsdc.1 - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}LegitCheckControl.LegitCheck.1 - http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}YInstHelper.YInstStarter.1 - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7}OneCC.OneCCCtl.1 - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=35174227666ca442784f6ed08d21cdf6&url=http%3A%2F%2Fd.64.69.14.62.downloads.estara.com.%2Fas%2FOneCCDM.php&template=489693&sessionid=630999502_64.69.14.69_42843&=&req=1244846352171OneCC.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}npdivx.DivXBrowserPlugin.1 - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003}Persits.XUpload.2 - https://2687352132.monstercommercesites.com/admin/FileManager/XUpload.ocx

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\Program Files\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: PrismXL (PrismXL) - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Link to comment
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:14:43 AM, on 8/16/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

C:\Program Files\MonsterCommerce\DataBase\MSSQL$DATAPORT\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\UPS\WSTD\UPSNA1Msgr.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\UPS\WSTD\WSTDMessaging.exe

C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\WINDOWS\system32\svchost.exe

C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (filesize 1172280 bytes, MD5 9EF3596AC4C98552C07A61D1BC3709B7)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (filesize 75200 bytes, MD5 6D9042F1443A601DA8DC24D991EDDD0A)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (filesize 1879896 bytes, MD5 022C2F6DCCDFA0AD73024D254E62AFAC)

O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (filesize 591216 bytes, MD5 273FFDC2F4D5AB2504DDADDD8DC946A7)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 278192 bytes, MD5 389947CAD1A9C504DF6285AA1E7BE6F1)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (filesize 814648 bytes, MD5 42CB4EE0B0FC259C8AD20B460FA7D72A)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (filesize 41760 bytes, MD5 385BD69743EA92E76CDF07B3345A25D5)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 79648 bytes, MD5 4E2BB6D2677B42AD04BE18A6E9817B68)

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (filesize 158008 bytes, MD5 0F97F69D3CABBFFCFBAB193D77F62150)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (filesize 1172280 bytes, MD5 9EF3596AC4C98552C07A61D1BC3709B7)

O3 - Toolbar: PrivacyProtect - {CB7DC2DA-D8C9-4004-8548-1E24AA7D46DE} - C:\Program Files\SFT\GuardedID\GIDTB.dll (filesize 524288 bytes, MD5 D1C6771E87BD1F840C7F4CEC7BE0C3C8)

O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (filesize 591216 bytes, MD5 273FFDC2F4D5AB2504DDADDD8DC946A7)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 278192 bytes, MD5 389947CAD1A9C504DF6285AA1E7BE6F1)

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (filesize 1038728 bytes, MD5 B157A1FA39F98B997E5D030E74F6499B)

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeC:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exeC:\UPS\WSTD\UPSNA1Msgr.exe

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart (filesize 1280344 bytes, MD5 4126904E21735EF4C7FFFE01ED795872)

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (filesize 68856 bytes, MD5 E616A6A6E91B0A86F2F6217CDE835FFE)

O4 - Startup: LIVECHAT Operator.lnk = C:\Program Files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe (filesize 13628752 bytes, MD5 3561367B66DC920A4FC22151FA00AFA3)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (filesize 83360 bytes, MD5 5BC65464354A9FD3BEAA28E18839734A)

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (filesize 81920 bytes, MD5 F45BFC03A06C9DCFA6731E551029B474)

O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe (filesize 61440 bytes, MD5 C9D20BED48F5209CFC83B98B87F658E1)

O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe (filesize 40960 bytes, MD5 7903087FEF4AD51C2AB27E5A137E9122)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll (filesize 1499136 bytes, MD5 26CB10FA893F940AB09713FF46DCDADE)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://ra.intuit.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=35174227666ca442784f6ed08d21cdf6&url=http%3A%2F%2Fd.64.69.14.62.downloads.estara.com.%2Fas%2FOneCCDM.php&template=489693&sessionid=630999502_64.69.14.69_42843&=&req=1244846352171OneCC.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://2687352132.monstercommercesites.com/admin/FileManager/XUpload.ocx

O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (filesize 2135336 bytes, MD5 028FF74DAFDC7BB45C956A5EC8926CEE)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exeC:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exec:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeC:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeC:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 11394 bytes

Link to comment
Share on other sites

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

 

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

 

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

 

Exit out of MessengerDisable then delete the two files that were put on the desktop.

 

***************************************

 

Open HijackThis and select Do a system scan only

 

Place a check mark next to the following entries: (if there)

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)

 

Important: Close all open windows except for HijackThis and then click Fix checked.

 

Once completed, exit HijackThis.

 

*******************************************

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*****************************************

Please download Malwarebytes Anti-Malware from here.

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

******************************************

 

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Link to comment
Share on other sites

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/16/2010 at 06:35 PM

 

Application Version : 4.41.1000

 

Core Rules Database Version : 5364

Trace Rules Database Version: 3176

 

Scan type : Complete Scan

Total Scan Time : 03:49:03

 

Memory items scanned : 507

Memory threats detected : 0

Registry items scanned : 8192

Registry threats detected : 1

File items scanned : 85887

File threats detected : 344

 

System.BrokenFileAssociation

HKCR\.exe

 

Adware.Tracking Cookie

C:\Documents and Settings\Owner\Cookies\owner@discountcasinogear[2].txt

C:\Documents and Settings\LocalService\Cookies\system@findwhat[2].txt

2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

adknowledge.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

ads1.msn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

alotporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

bannerfarm.ace.advertising.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

bc.youporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

cdn4.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

core.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

ds.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

ec.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

files.streamsex.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

files.youporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

googleads.g.doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

hs.interpolls.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

interclick.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

keywordelite.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

m1.2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

media.cnbc.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

media.domainpromocodes.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

media.entertonement.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

media.nbclosangeles.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

media.scanscout.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

media.sparkart.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

media.tattomedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

media1.break.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

media10.washingtonpost.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

msnbcmedia.msn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

naiadsystems.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

objects.tremormedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

oddcast.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

porn.gonzo-movies.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

pornotube.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

s0.2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

sas-origin.onstreammedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

secure-us.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

service.twistage.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

static.2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

static.sexsearch.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

static.youporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

track.cirtex.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

udn.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

web.adknowledge.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

http://www.crackle.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

http://www.freshteen.biz [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

http://www.naiadsystems.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

http://www.pornhub.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

http://www.pornotube.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

http://www.pornrabbit.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

wwwstatic.megaporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

zedo.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]

C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt

C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[2].txt

C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[2].txt

C:\Documents and Settings\Owner\Cookies\owner@accountonline[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.m5prod[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[3].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[10].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[11].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[3].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[4].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[6].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[7].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[8].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[9].txt

C:\Documents and Settings\Owner\Cookies\owner@ad2.doublepimp[1].txt

C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt

C:\Documents and Settings\Owner\Cookies\owner@adbrite[3].txt

C:\Documents and Settings\Owner\Cookies\owner@adcentriconline[1].txt

C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt

C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt

C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt

C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt

C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt

C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads-dev.youporn[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.associatedcontent[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.audxch[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.bluelithium[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.contactmusic[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.financialcontent[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.foodbuzz[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.itoot[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.kinetiq[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.lasvegas[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.lucidmedia[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.namx[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.nba[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.panamainfo[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.pokeracademy.co[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.r0.d2roi[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.shutterfly[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.whaleads[2].txt

C:\Documents and Settings\Owner\Cookies\owner@adserver.adreactor[1].txt

C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt

C:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt

C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[1].txt

C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt

C:\Documents and Settings\Owner\Cookies\owner@advertising[3].txt

C:\Documents and Settings\Owner\Cookies\owner@advertising[4].txt

C:\Documents and Settings\Owner\Cookies\owner@advertising[5].txt

C:\Documents and Settings\Owner\Cookies\owner@affiliateelite[1].txt

C:\Documents and Settings\Owner\Cookies\owner@amazonmerchants.122.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt

C:\Documents and Settings\Owner\Cookies\owner@at.atwola[2].txt

C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt

C:\Documents and Settings\Owner\Cookies\owner@atdmt[3].txt

C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt

C:\Documents and Settings\Owner\Cookies\owner@b5media[1].txt

C:\Documents and Settings\Owner\Cookies\owner@banner.playunited[1].txt

C:\Documents and Settings\Owner\Cookies\owner@bannerads.zwire[1].txt

C:\Documents and Settings\Owner\Cookies\owner@bannerads.zwire[2].txt

C:\Documents and Settings\Owner\Cookies\owner@bannerbrause.photocase[1].txt

C:\Documents and Settings\Owner\Cookies\owner@bizrate.co[1].txt

C:\Documents and Settings\Owner\Cookies\owner@bizrate[2].txt

C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt

C:\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt

C:\Documents and Settings\Owner\Cookies\owner@bridge2.admarketplace[1].txt

C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt

C:\Documents and Settings\Owner\Cookies\owner@burstbeacon[2].txt

C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt

C:\Documents and Settings\Owner\Cookies\owner@c1.istats[2].txt

C:\Documents and Settings\Owner\Cookies\owner@c5.zedo[1].txt

C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt

C:\Documents and Settings\Owner\Cookies\owner@casinodiscountsupplies[1].txt

C:\Documents and Settings\Owner\Cookies\owner@cdn4.specificclick[2].txt

C:\Documents and Settings\Owner\Cookies\owner@chitika[1].txt

C:\Documents and Settings\Owner\Cookies\owner@click.optimaltrade3m[1].txt

C:\Documents and Settings\Owner\Cookies\owner@clickaider[1].txt

C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt

C:\Documents and Settings\Owner\Cookies\owner@clickbank[3].txt

C:\Documents and Settings\Owner\Cookies\owner@clicktorrent[1].txt

C:\Documents and Settings\Owner\Cookies\owner@cms.trafficmp[1].txt

C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt

C:\Documents and Settings\Owner\Cookies\owner@commission-junction[2].txt

C:\Documents and Settings\Owner\Cookies\owner@content.clickbank[1].txt

C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[1].txt

C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[2].txt

C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[3].txt

C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[4].txt

C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[5].txt

C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[7].txt

C:\Documents and Settings\Owner\Cookies\owner@count.winner24[1].txt

C:\Documents and Settings\Owner\Cookies\owner@counter.hitslink[1].txt

C:\Documents and Settings\Owner\Cookies\owner@criticalmass.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt

C:\Documents and Settings\Owner\Cookies\owner@dc.tremormedia[2].txt

C:\Documents and Settings\Owner\Cookies\owner@dealtime[1].txt

C:\Documents and Settings\Owner\Cookies\owner@discountpokershop[2].txt

C:\Documents and Settings\Owner\Cookies\owner@dmtracker[1].txt

C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt

C:\Documents and Settings\Owner\Cookies\owner@dynamic.media.adrevolver[1].txt

C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wdkoolcjwlp.stats.esomniture[2].txt

C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkyahazgdp.stats.esomniture[2].txt

C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliojdjaap.stats.esomniture[2].txt

C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkocod5ico.stats.esomniture[2].txt

C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkycmczsdo.stats.esomniture[1].txt

C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4wid5skp.stats.esomniture[2].txt

C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlycjc5kkq.stats.esomniture[2].txt

C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlycmdzsgq.stats.esomniture[2].txt

C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyeod5kap.stats.esomniture[2].txt

C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygjdjkep.stats.esomniture[2].txt

C:\Documents and Settings\Owner\Cookies\owner@eb.adbureau[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ecnext.advertserve[1].txt

C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ehg-codecomputerlove.hitbox[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ehg-dearborn.hitbox[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ehg-deerbornakaplan.hitbox[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ehg-mgmmirageoperations.hitbox[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ehg-stationcasinos.hitbox[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ehg-venetian.hitbox[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ehg-zoom.hitbox[1].txt

C:\Documents and Settings\Owner\Cookies\owner@electronicarts.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@etrade.122.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@eyewonder[1].txt

C:\Documents and Settings\Owner\Cookies\owner@eyewonder[2].txt

C:\Documents and Settings\Owner\Cookies\owner@farecastcom.122.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@fastblogfinder[2].txt

C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt

C:\Documents and Settings\Owner\Cookies\owner@findstuff[2].txt

C:\Documents and Settings\Owner\Cookies\owner@findw[1].txt

C:\Documents and Settings\Owner\Cookies\owner@foxinteractivemedia.122.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ge.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt

C:\Documents and Settings\Owner\Cookies\owner@homestore.122.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@hotels.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@iacas.adbureau[1].txt

C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt

C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt

C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt

C:\Documents and Settings\Owner\Cookies\owner@intermundomedia[1].txt

C:\Documents and Settings\Owner\Cookies\owner@invitemedia[1].txt

C:\Documents and Settings\Owner\Cookies\owner@invitemedia[3].txt

C:\Documents and Settings\Owner\Cookies\owner@keywordelite[1].txt

C:\Documents and Settings\Owner\Cookies\owner@kontera[1].txt

C:\Documents and Settings\Owner\Cookies\owner@lfstmedia[1].txt

C:\Documents and Settings\Owner\Cookies\owner@lucidmedia[2].txt

C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[2].txt

C:\Documents and Settings\Owner\Cookies\owner@media.expedia[2].txt

C:\Documents and Settings\Owner\Cookies\owner@media6degrees[1].txt

C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt

C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt

C:\Documents and Settings\Owner\Cookies\owner@meetupcom.122.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@merchntaccount[1].txt

C:\Documents and Settings\Owner\Cookies\owner@microsoftoffice.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@microsoftwindows.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@msnbc.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@naiadsystems[1].txt

C:\Documents and Settings\Owner\Cookies\owner@naiadsystems[2].txt

C:\Documents and Settings\Owner\Cookies\owner@network.realmedia[1].txt

C:\Documents and Settings\Owner\Cookies\owner@networksolutions.112.2o7[2].txt

C:\Documents and Settings\Owner\Cookies\owner@newamericamedia[1].txt

C:\Documents and Settings\Owner\Cookies\owner@newmedia.tiscali[1].txt

C:\Documents and Settings\Owner\Cookies\owner@news.newamericamedia[1].txt

C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt

C:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt

C:\Documents and Settings\Owner\Cookies\owner@nike.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@oasn04.247realmedia[2].txt

C:\Documents and Settings\Owner\Cookies\owner@openxxx.viragemedia[1].txt

C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt

C:\Documents and Settings\Owner\Cookies\owner@partypoker[2].txt

C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[2].txt

C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt

C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[1].txt

C:\Documents and Settings\Owner\Cookies\owner@pitacount[1].txt

C:\Documents and Settings\Owner\Cookies\owner@pokertablesexpress[1].txt

C:\Documents and Settings\Owner\Cookies\owner@pokertablesexpress[3].txt

C:\Documents and Settings\Owner\Cookies\owner@pornhub[2].txt

C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt

C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt

C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt

C:\Documents and Settings\Owner\Cookies\owner@questionmarket[3].txt

C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt

C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt

C:\Documents and Settings\Owner\Cookies\owner@rediffcom.122.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt

C:\Documents and Settings\Owner\Cookies\owner@reviewporn[1].txt

C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt

C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[2].txt

C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[3].txt

C:\Documents and Settings\Owner\Cookies\owner@roiservice[1].txt

C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[2].txt

C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt

C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt

C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[4].txt

C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[5].txt

C:\Documents and Settings\Owner\Cookies\owner@seoelite[1].txt

C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[10].txt

C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[11].txt

C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt

C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt

C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[3].txt

C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[4].txt

C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[5].txt

C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[7].txt

C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[8].txt

C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[9].txt

C:\Documents and Settings\Owner\Cookies\owner@server1.discountclick[1].txt

C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt

C:\Documents and Settings\Owner\Cookies\owner@serving-sys[3].txt

C:\Documents and Settings\Owner\Cookies\owner@serving-sys[4].txt

C:\Documents and Settings\Owner\Cookies\owner@sexuality.about[1].txt

C:\Documents and Settings\Owner\Cookies\owner@shopping.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@sitesupertracker.videobloggingtips[1].txt

C:\Documents and Settings\Owner\Cookies\owner@socialmedia[1].txt

C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt

C:\Documents and Settings\Owner\Cookies\owner@specificclick[3].txt

C:\Documents and Settings\Owner\Cookies\owner@specificmedia[2].txt

C:\Documents and Settings\Owner\Cookies\owner@specificmedia[3].txt

C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[2].txt

C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt

C:\Documents and Settings\Owner\Cookies\owner@stats.adbrite[2].txt

C:\Documents and Settings\Owner\Cookies\owner@stats.paypal[2].txt

C:\Documents and Settings\Owner\Cookies\owner@stats.paypal[3].txt

C:\Documents and Settings\Owner\Cookies\owner@stats.paypal[4].txt

C:\Documents and Settings\Owner\Cookies\owner@stats2.clicktracks[1].txt

C:\Documents and Settings\Owner\Cookies\owner@stats4.clicktracks[2].txt

C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt

C:\Documents and Settings\Owner\Cookies\owner@superstats[2].txt

C:\Documents and Settings\Owner\Cookies\owner@surveymonkey.122.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@t.lynxtrack[2].txt

C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt

C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt

C:\Documents and Settings\Owner\Cookies\owner@tacoda[3].txt

C:\Documents and Settings\Owner\Cookies\owner@ticketnetwork.122.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ticketsnow.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ticketsnow[2].txt

C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt

C:\Documents and Settings\Owner\Cookies\owner@track.ireel[1].txt

C:\Documents and Settings\Owner\Cookies\owner@tracker.freerun[1].txt

C:\Documents and Settings\Owner\Cookies\owner@tracking.keywordmax[1].txt

C:\Documents and Settings\Owner\Cookies\owner@tracking.realtor[1].txt

C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt

C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt

C:\Documents and Settings\Owner\Cookies\owner@traveladvertising[2].txt

C:\Documents and Settings\Owner\Cookies\owner@traveldealsdiscounts[2].txt

C:\Documents and Settings\Owner\Cookies\owner@triangledirectmedia[1].txt

C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt

C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt

C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[3].txt

C:\Documents and Settings\Owner\Cookies\owner@trvlnet.adbureau[2].txt

C:\Documents and Settings\Owner\Cookies\owner@viacomedycentralrl.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@videoegg.adbureau[2].txt

C:\Documents and Settings\Owner\Cookies\owner@vitacost.122.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@warnerbros.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@web4.realtracker[2].txt

C:\Documents and Settings\Owner\Cookies\owner@wotifcom.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.3dstats[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.accountonline[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.adultadvertising[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.discountpokershop[2].txt

C:\Documents and Settings\Owner\Cookies\owner@www.fastblogfinder[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[2].txt

C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[3].txt

C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[4].txt

C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[5].txt

C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[6].txt

C:\Documents and Settings\Owner\Cookies\owner@www.pokertablesexpress[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.pokertablesexpress[2].txt

C:\Documents and Settings\Owner\Cookies\owner@www.pornhub[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.quickhitcounters[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.ticketsnow[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.traveldealsdiscounts[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www.w3counter[2].txt

C:\Documents and Settings\Owner\Cookies\owner@www.winecountry[1].txt

C:\Documents and Settings\Owner\Cookies\owner@www5.addfreestats[1].txt

C:\Documents and Settings\Owner\Cookies\owner@xxxstash[2].txt

C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt

C:\Documents and Settings\Owner\Cookies\owner@youporn[2].txt

C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt

C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt

 

Adware.k8l

C:\PROGRAM FILES\COMMON FILES\VIKOK.HTML

Link to comment
Share on other sites

Malwarebytes' Anti-Malware 1.46

http://www.malwarebytes.org

 

Database version: 4438

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

8/16/2010 9:31:30 PM

mbam-log-2010-08-16 (21-31-30).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 240189

Time elapsed: 2 hour(s), 22 minute(s), 39 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Link to comment
Share on other sites

Please provide me with the Security Check log as well as this one.

 

Download ComboFix by sUBs from one of the below links.

 

Important! You MUST save ComboFix to your desktop

 

link # 1

Link # 2

 

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Double click on ComboFix.exe & follow the prompts.

 

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

When the scan completes it will open a text window.

 

Post the contents of that log in your next reply.

 

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

Link to comment
Share on other sites

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

McAfee SecurityCenter

ZoneAlarm Security Suite

ZoneAlarm Toolbar

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java 6 Update 20

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java 2 Runtime Environment, SE v1.4.2

Out of date Java installed!

Adobe Flash Player 10.0.45.2

Adobe Reader 9.3.4

Adobe Reader Chinese Traditional Fonts

Mozilla Firefox (3.6.6) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

``````````End of Log````````````

Link to comment
Share on other sites

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

4. Run CCleaner.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

 

***********************************

 

Now it says that

combo fix has detected norton internet security

I can't find that...I did search and also looked everywhere and I can't find it.

Are you telling me that you can't run ComboFix?

Link to comment
Share on other sites

Combofix report part 2

 

CONTINUATION OF THE PREVIOUS POST>>>>>>>>>>>>>>>>>>>>>>>>>

 

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: Microsoft XML Parser for Java - http://file://c:\windows\Java\classes\xmldso.cab

DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=35174227666ca442784f6ed08d21cdf6&url=http%3A%2F%2Fd.64.69.14.62.downloads.estara.com.%2Fas%2FOneCCDM.php&template=489693&sessionid=630999502_64.69.14.69_42843&=&req=1244846352171OneCC.cab

DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\

FF - prefs.js: browser.startup.homepage - www.americangamingsupply.com

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - HiddenExtension: XULRunner: {3737F382-CD60-4C3A-B970-F7A1C6486A2C} - c:\documents and settings\Administrator\Local Settings\Application Data\{3737F382-CD60-4C3A-B970-F7A1C6486A2C}\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe

MSConfigStartUp-Qgecuk - c:\windows\ugotafuz.dll

MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-24 18:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQLEXPRESS]

"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3079726014-4200542014-4019606198-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]

"Name"="ActiveSync"

"DisplayName"="Microsoft ActiveSync"

"Param1"="ActiveSync"

"Param2"=""

"Type"="wellknown"

"Order"=dword:00000000

"State"=dword:0000000b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'lsass.exe'(728)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

Completion time: 2010-08-24 18:18:26

ComboFix-quarantined-files.txt 2010-08-25 01:18

Pre-Run: 49,836,285,952 bytes free

Post-Run: 50,458,464,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 926646A2AAC7961A09F875AF9ED3CE7D

combofix.txt

Link to comment
Share on other sites

Combofix report part 1

 

combofix in the attachment.

 

 

Combofix 10-08-24.07 - Owner 08/24/2010 17:54:59.1.1 - x86

Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\g2mdlhlpx.exe

c:\documents and settings\Owner\GoToAssistDownloadHelper.exe

c:\documents and settings\Owner\Local Settings\Application Data\{1C1B5E40-1D2C-437B-87B7-D4C074C932F4}

c:\documents and settings\Owner\Local Settings\Application Data\{1C1B5E40-1D2C-437B-87B7-D4C074C932F4}\chrome.manifest

c:\documents and settings\Owner\Local Settings\Application Data\{1C1B5E40-1D2C-437B-87B7-D4C074C932F4}\chrome\content\_cfg.js

c:\documents and settings\Owner\Local Settings\Application Data\{1C1B5E40-1D2C-437B-87B7-D4C074C932F4}\chrome\content\overlay.xul

c:\documents and settings\Owner\Local Settings\Application Data\{1C1B5E40-1D2C-437B-87B7-D4C074C932F4}\install.rdf

c:\windows\system32\42KJE738.ocx

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))

.

2010-08-16 21:32 . 2010-08-16 21:32 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

2010-08-16 21:32 . 2010-08-16 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-16 21:31 . 2010-08-16 21:32 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-16 16:19 . 2010-08-16 16:19 -------- d-----w- C:\IObit

2010-08-16 16:18 . 2010-08-16 16:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-08-15 10:01 . 2010-08-15 10:01 -------- d-----w- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$

2010-08-14 15:37 . 2010-08-18 23:31 -------- d-----w- C:\UPS

2010-08-11 22:14 . 2010-08-11 22:14 -------- d-----w- c:\documents and settings\All Users\Uniblue

2010-08-11 01:16 . 2010-08-11 01:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Bryxen Software

2010-08-07 03:28 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-08-07 03:26 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-08-02 21:08 . 2010-08-02 21:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!

2010-07-28 03:13 . 2010-07-29 03:14 -------- d-----w- c:\documents and settings\Owner\Application Data\FinalMediaPlayer

2010-07-28 03:13 . 2010-07-28 03:13 -------- d-----w- c:\program files\FinalMediaPlayer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-25 00:28 . 2006-02-11 23:03 69496 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-23 17:51 . 2007-06-01 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-08-17 16:15 . 2010-08-17 16:16 59392 ----a-w- c:\windows\Internet Logs\xDB23.tmp

2010-08-16 21:34 . 2010-08-16 21:34 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-16 21:34 . 2010-08-16 21:34 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-16 21:34 . 2010-08-16 21:34 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-16 20:06 . 2010-04-08 00:05 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-08-16 20:02 . 2010-08-16 20:02 64000 ----a-w- c:\windows\Internet Logs\xDB20.tmp

2010-08-16 20:01 . 2010-08-16 20:02 1820160 ----a-w- c:\windows\Internet Logs\xDB22.tmp

2010-08-16 20:01 . 2010-08-16 20:02 1820160 ----a-w- c:\windows\Internet Logs\xDB21.tmp

2010-08-14 16:04 . 2010-08-14 16:05 1854464 ----a-w- c:\windows\Internet Logs\xDB1F.tmp

2010-08-14 15:54 . 2005-11-15 03:08 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-11 22:15 . 2010-02-13 02:31 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit

2010-08-11 22:12 . 2008-06-11 18:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue

2010-08-11 22:12 . 2008-06-11 18:03 -------- d-----w- c:\program files\Uniblue

2010-08-11 18:41 . 2009-04-10 21:42 -------- d-----w- c:\program files\Article Submitter

2010-08-11 18:13 . 2010-08-11 18:13 2423226 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-08-11 18:13 . 2008-08-11 22:49 -------- d-----w- c:\program files\Microsoft Silverlight

2010-08-09 21:50 . 2009-07-01 20:41 -------- d-----w- c:\documents and settings\Owner\Application Data\U3

2010-08-06 23:31 . 2008-10-13 21:17 -------- d-----w- c:\program files\Safari

2010-08-05 22:11 . 2010-08-05 22:11 516784 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2CB.tmp.exe

2010-08-02 20:55 . 2010-02-15 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-08-02 20:55 . 2010-02-13 02:31 -------- d-----w- c:\program files\IObit

2010-08-02 18:39 . 2008-03-12 16:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!

2010-08-02 18:35 . 2006-01-23 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2010-08-02 18:35 . 2009-05-16 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2010-08-02 18:35 . 2006-01-23 19:56 -------- d-----w- c:\program files\Yahoo!

2010-08-02 18:24 . 2010-08-02 18:24 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe

2010-07-24 00:22 . 2010-07-29 19:18 1496064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-07-24 00:22 . 2010-07-29 19:18 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-07-24 00:22 . 2010-07-29 19:18 338944 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-07-24 00:22 . 2010-07-29 19:18 346112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-07-23 00:17 . 2010-07-23 00:17 -------- d-----w- c:\documents and settings\Owner\Application Data\CherryPickerLive

2010-07-23 00:17 . 2010-07-23 00:17 -------- d-----w- c:\program files\CherryPicker

2010-07-23 00:16 . 2010-06-09 21:34 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-07-21 02:29 . 2006-02-25 00:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype

2010-07-21 01:23 . 2008-03-25 17:35 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM

2010-07-15 22:29 . 2010-04-08 00:38 -------- d-----w- c:\documents and settings\Owner\Application Data\MailFrontier

2010-07-15 22:29 . 2010-07-15 22:29 -------- d-----w- c:\program files\SonicWallES

2010-07-14 19:48 . 2010-07-14 19:48 164867 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_07_14_11_27_45_small.dmp.zip

2010-07-10 22:00 . 2007-01-08 20:35 -------- d-----w- c:\program files\eBay

2010-07-10 21:44 . 2006-07-06 19:45 -------- d-----w- c:\program files\Common Files\Intuit

2010-07-10 21:23 . 2006-06-28 18:34 -------- d-----w- c:\program files\WinAce

2010-07-10 21:23 . 2010-06-10 19:06 -------- d-----w- c:\program files\QuickTime

2010-07-10 21:23 . 2008-02-28 22:38 -------- d-----w- c:\program files\Poker Chip Customizer

2010-07-10 21:22 . 2005-11-15 03:09 -------- d-----w- c:\program files\Intel

2010-07-10 21:22 . 2005-11-15 03:05 -------- d-----w- c:\program files\Google

2010-07-10 21:22 . 2008-02-19 22:16 -------- d-----w- c:\program files\DivX

2010-07-10 21:22 . 2005-11-15 03:09 -------- d-----w- c:\program files\Common Files\AOL

2010-07-10 21:19 . 2005-11-15 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2010-07-08 01:40 . 2010-07-08 01:41 1851392 ----a-w- c:\windows\Internet Logs\xDB1E.tmp

2010-07-08 01:40 . 2010-07-08 01:41 1851392 ----a-w- c:\windows\Internet Logs\xDB1D.tmp

2010-06-30 12:31 . 2004-08-26 16:12 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-26 16:12 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-26 16:12 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-26 16:11 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-08-26 18:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-26 16:12 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-10 19:01 . 2010-06-10 19:01 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-274d15fb-n\msvcp71.dll

2010-06-10 19:01 . 2010-06-10 19:01 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-274d15fb-n\jmc.dll

2010-06-10 19:01 . 2010-06-10 19:01 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-250961e9-n\decora-d3d.dll

2010-06-10 19:01 . 2010-06-10 19:01 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-250961e9-n\decora-sse.dll

2010-06-10 19:01 . 2010-06-10 19:01 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-274d15fb-n\msvcr71.dll

2010-06-09 21:29 . 2010-06-09 21:29 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-06-07 18:17 . 2010-06-07 18:18 95744 ----a-w- c:\windows\Internet Logs\xDB1A.tmp

2010-06-07 18:16 . 2010-06-07 18:18 1637888 ----a-w- c:\windows\Internet Logs\xDB1C.tmp

2010-06-07 18:16 . 2010-06-07 18:18 1637888 ----a-w- c:\windows\Internet Logs\xDB1B.tmp

2010-06-06 21:31 . 2010-06-06 21:40 1687040 ----a-w- c:\windows\Internet Logs\xDB19.tmp

2010-06-06 21:31 . 2010-06-06 21:40 1687040 ----a-w- c:\windows\Internet Logs\xDB18.tmp

2010-06-06 01:18 . 2010-06-06 01:21 1679360 ----a-w- c:\windows\Internet Logs\xDB17.tmp

2010-06-06 01:18 . 2010-06-06 01:21 264704 ----a-w- c:\windows\Internet Logs\xDB16.tmp

2010-06-05 22:50 . 2010-06-05 22:51 1677312 ----a-w- c:\windows\Internet Logs\xDB15.tmp

2010-06-02 20:34 . 2010-06-02 20:35 1727488 ----a-w- c:\windows\Internet Logs\xDB14.tmp

2010-06-02 20:34 . 2010-06-02 20:35 1727488 ----a-w- c:\windows\Internet Logs\xDB13.tmp

2007-04-07 22:35 . 2007-04-07 18:20 484 ----a-w- c:\program files\Common Files\rybiv

2008-05-30 19:15 . 2010-04-07 23:24 98304 ----a-w- c:\program files\mozilla firefox\components\GIDBIN1.dll

2008-05-30 19:15 . 2010-04-07 23:24 294912 ----a-w- c:\program files\mozilla firefox\components\GIDBIN3.dll

2008-05-30 19:15 . 2010-04-07 23:24 294912 ----a-w- c:\program files\mozilla firefox\components\GIDBIN4.dll

2008-05-30 19:17 . 2010-04-07 23:24 106496 ----a-w- c:\program files\mozilla firefox\components\gidconnect.dll

2008-08-14 12:17 . 2006-12-12 21:49 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-25 1038728]

"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

LIVECHAT Operator.lnk - c:\program files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe [2010-6-21 13628752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]

backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_startmenu.cmd]

backup=c:\windows\pss\run_startmenu.cmdCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk

backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TradeManager]

c:\progra~1\Alibaba\TRADEM~1\TradeManager -hideframe [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vkaphehb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2010-07-03 00:33 2347216 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-08-14 12:17 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2004-08-20 23:51 118784 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2004-08-20 23:55 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-04-02 23:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

2005-09-23 02:29 303104 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

2006-01-11 20:05 212992 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]

2004-03-02 18:49 86016 ----a-w- c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-13 20:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2004-08-27 17:50 970752 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 23:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-11-10 20:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]

2004-10-18 22:05 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-01 00:01 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AOL ACS"=2 (0x2)

"WZCSVC"=2 (0x2)

"SAVScan"=3 (0x3)

"PrismXL"=2 (0x2)

"iPod Service"=3 (0x3)

"ImapiService"=3 (0x3)

"helpsvc"=2 (0x2)

"gusvc"=2 (0x2)

"gupdate"=2 (0x2)

"GoogleDesktopManager-061008-081103"=3 (0x3)

"Brother XP spl Service"=2 (0x2)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"SPBBCSvc"=2 (0x2)

"SNDSrvc"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccProxy"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"Browser"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\LIVECHAT\\LIVECHAT Operator\\LIVECHAT.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1434:UDP"= 1434:UDP:UDP 1434

"1434:TCP"= 1434:TCP:UPS WorldShip MSDE Port

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [3/16/2010 1:55 AM 26232]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [3/16/2010 1:55 AM 488816]

R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [6/22/2007 9:22 AM 95592]

R2 MSSQL$DATAPORT;MSSQL$DATAPORT;c:\program files\MonsterCommerce\DataBase\MSSQL$DATAPORT\Binn\sqlservr.exe -sDATAPORT --> c:\program files\MonsterCommerce\DataBase\MSSQL$DATAPORT\Binn\sqlservr.exe -sDATAPORT [?]

R3 GIDDriver;GIDDriver;c:\windows\system32\drivers\GIDDriver.sys [4/7/2010 4:25 PM 12544]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [8/11/2010 3:15 PM 312152]

S3 SQLAgent$DATAPORT;SQLAgent$DATAPORT;c:\program files\MonsterCommerce\DataBase\MSSQL$DATAPORT\Binn\sqlagent.EXE -i DATAPORT --> c:\program files\MonsterCommerce\DataBase\MSSQL$DATAPORT\Binn\sqlagent.EXE -i DATAPORT [?]

S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/12/2006 2:49 PM 29744]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 8:38 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-08-23 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-02-13 21:11]

2010-08-24 c:\windows\Tasks\AWC Update.job

- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-02-13 23:18]

2010-08-24 c:\windows\Tasks\Final Media Player Update Checker.job

- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-07-28 05:22]

2010-08-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 18:52]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:38]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:38]

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{F00956E9-EBF6-47F5-9AAF-A6AE79CAA3DA}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

.

.

CONTINUED IN THE NEXT POST>>>>>>>>>>>>>>>>>>>>>>>>

combofix.txt

Link to comment
Share on other sites

It would appear that you're running two Anti-Virus programs; ZoneAlarm Security Suite Antivirus and Norton Internet Security. If this is, in fact, true one will have to be disabled. You can this tool to get rid of Norton, if you wish.

 

Download the Norton Removal Tool (SymNRT) to your desktop.

 

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

 

* Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.

* Once open Click Next

* Accept the license agreement and click Next

* Type in the letters/numbers that you see into the text box then click Next.

* Then click Next and the tool will start running.

* Once finished restart the PC.

* Delete the 'Norton_Removal_Tool' from your desktop.

 

*********************************

You have Viewpoint installed.

 

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

 

More information:

 

* ViewMgr.exe - Useless

* Viewpoint to Plunge Into Adware

 

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint

* Viewpoint Manager

* Viewpoint Media Player

* Viewpoint Toolbar

* Viewpoint Experience Technology

 

*************************************

* Download the following tool: RootRepeal - Rootkit Detector

* Direct download link is here: RootRepeal.zip

 

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.

* Click this link to see a list of such programs and how to disable them.

 

* Extract the program file to a new folder such as C:\RootRepeal

* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.

* Select ALL of the checkboxes and then click OK and it will start scanning your system.

* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.

* When done, click on Save Report

* Save it to the same location where you ran it from, such as C:RootRepeal

* Save it as rootrepeal.txt

* Then open that log and select all and copy/paste it back on your next reply please.

* Close RootRepeal.

Link to comment
Share on other sites

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/08/28 16:08

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xED759000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

 

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_199.trc

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_201.trc

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\sessionstore.js

Status: Could not get file information (Error 0xc0000008)

 

Path: c:\documents and settings\owner\local settings\application data\mozilla\firefox\profiles\va8eyl4y.default\cache\_cache_001_

Status: Size mismatch (API: 525482, Raw: 523946)

 

Path: c:\documents and settings\owner\local settings\application data\mozilla\firefox\profiles\va8eyl4y.default\cache\_cache_002_

Status: Size mismatch (API: 493074, Raw: 491026)

 

Path: c:\documents and settings\owner\local settings\application data\mozilla\firefox\profiles\va8eyl4y.default\cache\_cache_map_

Status: Allocation size mismatch (API: 280, Raw: 0)

 

SSDT

-------------------

#: 011 Function Name: NtAdjustPrivilegesToken

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee569542

 

#: 025 Function Name: NtClose

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee569dba

 

#: 031 Function Name: NtConnectPort

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3c325a

 

#: 035 Function Name: NtCreateEvent

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56adcc

 

#: 037 Function Name: NtCreateFile

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3bc83a

 

#: 041 Function Name: NtCreateKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3de0ac

 

#: 043 Function Name: NtCreateMutant

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56aca4

 

#: 044 Function Name: NtCreateNamedPipeFile

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee569148

 

#: 046 Function Name: NtCreatePort

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3c3a2c

 

#: 047 Function Name: NtCreateProcess

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3d7f48

 

#: 048 Function Name: NtCreateProcessEx

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3d8370

 

#: 050 Function Name: NtCreateSection

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3e2802

 

#: 051 Function Name: NtCreateSemaphore

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56aefe

 

#: 052 Function Name: NtCreateSymbolicLinkObject

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56c784

 

#: 053 Function Name: NtCreateThread

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee569a58

 

#: 056 Function Name: NtCreateWaitablePort

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3c3b8a

 

#: 057 Function Name: NtDebugActiveProcess

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56c176

 

#: 062 Function Name: NtDeleteFile

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3bd6fc

 

#: 063 Function Name: NtDeleteKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3dfb54

 

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3df44a

 

#: 066 Function Name: NtDeviceIoControlFile

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56a524

 

#: 068 Function Name: NtDuplicateObject

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3d6d2c

 

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee568e80

 

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee568f2a

 

#: 084 Function Name: NtFsControlFile

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56a330

 

#: 097 Function Name: NtLoadDriver

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56c208

 

#: 098 Function Name: NtLoadKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3e051e

 

#: 099 Function Name: NtLoadKey2

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3e075c

 

#: 108 Function Name: NtMapViewOfSection

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3e2bbe

 

#: 111 Function Name: NtNotifyChangeKey

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee569076

 

#: 114 Function Name: NtOpenEvent

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56ae6e

 

#: 116 Function Name: NtOpenFile

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3bd1ee

 

#: 119 Function Name: NtOpenKey

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee568592

 

#: 120 Function Name: NtOpenMutant

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56ad3c

 

#: 122 Function Name: NtOpenProcess

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3da460

 

#: 125 Function Name: NtOpenSection

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56c7ae

 

#: 126 Function Name: NtOpenSemaphore

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56afa0

 

#: 128 Function Name: NtOpenThread

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3da04e

 

#: 160 Function Name: NtQueryKey

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee568fd4

 

#: 161 Function Name: NtQueryMultipleValueKey

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee568bfc

 

#: 167 Function Name: NtQuerySection

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56cb50

 

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56884c

 

#: 180 Function Name: NtQueueApcThread

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56c49e

 

#: 192 Function Name: NtRenameKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3e15e4

 

#: 193 Function Name: NtReplaceKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3e0ed8

 

#: 194 Function Name: NtReplyPort

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56b32a

 

#: 195 Function Name: NtReplyWaitReceivePort

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56b1f0

 

#: 200 Function Name: NtRequestWaitReplyPort

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3c2df2

 

#: 204 Function Name: NtRestoreKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3e2044

 

#: 206 Function Name: NtResumeThread

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56d028

 

#: 207 Function Name: NtSaveKey

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee5681fe

 

#: 210 Function Name: NtSecureConnectPort

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3c3526

 

#: 213 Function Name: NtSetContextThread

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee569c76

 

#: 224 Function Name: NtSetInformationFile

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3bdb06

 

#: 230 Function Name: NtSetInformationToken

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56b86c

 

#: 237 Function Name: NtSetSecurityObject

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3e1b6c

 

#: 240 Function Name: NtSetSystemInformation

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56cc90

 

#: 247 Function Name: NtSetValueKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3deb6e

 

#: 253 Function Name: NtSuspendProcess

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56cd74

 

#: 254 Function Name: NtSuspendThread

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56ce9c

 

#: 255 Function Name: NtSystemDebugControl

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3d906c

 

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xee3d8d9c

 

#: 258 Function Name: NtTerminateThread

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56980e

 

#: 267 Function Name: NtUnmapViewOfSection

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee56ca06

 

#: 277 Function Name: NtWriteVirtualMemory

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee569998

 

Shadow SSDT

-------------------

#: 013 Function Name: NtGdiBitBlt

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a71e

 

#: 227 Function Name: NtGdiMaskBlt

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a7e8

 

#: 237 Function Name: NtGdiPlgBlt

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a852

 

#: 292 Function Name: NtGdiStretchBlt

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a782

 

#: 307 Function Name: NtUserAttachThreadInput

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a27e

 

#: 312 Function Name: NtUserBuildHwndList

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a8b4

 

#: 323 Function Name: NtUserCallOneParam

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a636

 

#: 378 Function Name: NtUserFindWindowEx

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a46c

 

#: 383 Function Name: NtUserGetAsyncKeyState

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a1e6

 

#: 414 Function Name: NtUserGetKeyboardState

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a56e

 

#: 416 Function Name: NtUserGetKeyState

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a232

 

#: 460 Function Name: NtUserMessageCall

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a3be

 

#: 475 Function Name: NtUserPostMessage

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a314

 

#: 476 Function Name: NtUserPostThreadMessage

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a368

 

#: 491 Function Name: NtUserRegisterRawInputDevices

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a4fe

 

#: 502 Function Name: NtUserSendInput

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a41e

 

#: 549 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a136

 

#: 552 Function Name: NtUserSetWinEventHook

Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee57a18c

 

==EOF==

Link to comment
Share on other sites

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

  • 5 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...