Facebook   Twitter   Google+   YouTube Get FREE Online Help Free Download IObit Products  

Go Back   IObit.Com Forums > IObit Security Software > Spyware-Malware Removal Help!
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Spyware-Malware Removal Help! A separate area dedicated to virus, spyware, rootkit and all other forms of malware removal.

Reply
 
Thread Tools Display Modes
  #11  
Old Aug. 17th, 2010, 02:00
americangamingsupply americangamingsupply is offline
Junior Member
 
Join Date: 14 Aug 2010
Posts: 16
Default

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/16/2010 at 06:35 PM

Application Version : 4.41.1000

Core Rules Database Version : 5364
Trace Rules Database Version: 3176

Scan type : Complete Scan
Total Scan Time : 03:49:03

Memory items scanned : 507
Memory threats detected : 0
Registry items scanned : 8192
Registry threats detected : 1
File items scanned : 85887
File threats detected : 344

System.BrokenFileAssociation
HKCR\.exe

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@discountcasinogear[2].txt
C:\Documents and Settings\LocalService\Cookies\system@findwhat[2].txt
2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
adknowledge.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
ads1.msn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
alotporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
bc.youporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
cdn4.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
core.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
ds.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
ec.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
files.streamsex.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
files.youporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
hs.interpolls.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
interclick.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
keywordelite.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
m1.2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
media.cnbc.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
media.domainpromocodes.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
media.entertonement.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
media.nbclosangeles.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
media.scanscout.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
media.sparkart.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
media.tattomedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
media1.break.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
media10.washingtonpost.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
msnbcmedia.msn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
naiadsystems.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
objects.tremormedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
oddcast.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
porn.gonzo-movies.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
pornotube.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
s0.2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
sas-origin.onstreammedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
service.twistage.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
static.2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
static.sexsearch.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
static.youporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
track.cirtex.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
udn.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
web.adknowledge.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
www.crackle.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
www.freshteen.biz [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
www.naiadsystems.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
www.pornhub.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
www.pornotube.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
www.pornrabbit.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
wwwstatic.megaporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
zedo.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WT8GR7XA ]
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@accountonline[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.m5prod[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[10].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[11].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[4].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[6].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[7].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[8].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[9].txt
C:\Documents and Settings\Owner\Cookies\owner@ad2.doublepimp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[3].txt
C:\Documents and Settings\Owner\Cookies\owner@adcentriconline[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads-dev.youporn[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.associatedcontent[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.audxch[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bluelithium[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.contactmusic[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.financialcontent[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.foodbuzz[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.itoot[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.kinetiq[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.lasvegas[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.lucidmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.namx[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.nba[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.panamainfo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pokeracademy.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.r0.d2roi[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.shutterfly[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.whaleads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adreactor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[3].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[4].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[5].txt
C:\Documents and Settings\Owner\Cookies\owner@affiliateelite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@amazonmerchants.122.2 o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[3].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@b5media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@banner.playunited[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bannerads.zwire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bannerads.zwire[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bannerbrause.photocas e[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bridge2.admarketplace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstbeacon[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@c1.istats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@c5.zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casinodiscountsupplie s[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cdn4.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@chitika[1].txt
C:\Documents and Settings\Owner\Cookies\owner@click.optimaltrade3m[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickaider[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickbank[3].txt
C:\Documents and Settings\Owner\Cookies\owner@clicktorrent[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cms.trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@commission-junction[2].txt
C:\Documents and Settings\Owner\Cookies\owner@content.clickbank[1].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[3].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[4].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[5].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[7].txt
C:\Documents and Settings\Owner\Cookies\owner@count.winner24[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.hitslink[1].txt
C:\Documents and Settings\Owner\Cookies\owner@criticalmass.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dc.tremormedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dealtime[1].txt
C:\Documents and Settings\Owner\Cookies\owner@discountpokershop[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dmtracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dynamic.media.adrevol ver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wdkoolcjwlp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkyahazgdp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliojdjaap.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkocod5ico.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkycmczsdo.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4wid5skp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlycjc5kkq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlycmdzsgq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyeod5kap.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygjdjkep.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eb.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ecnext.advertserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-codecomputerlove.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-dearborn.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-deerbornakaplan.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-mgmmirageoperations.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-stationcasinos.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-venetian.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-zoom.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@electronicarts.112.2o 7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@etrade.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eyewonder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eyewonder[2].txt
C:\Documents and Settings\Owner\Cookies\owner@farecastcom.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastblogfinder[2].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@findstuff[2].txt
C:\Documents and Settings\Owner\Cookies\owner@findw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@foxinteractivemedia.1 22.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ge.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@homestore.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hotels.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@iacas.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@intermundomedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@invitemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@invitemedia[3].txt
C:\Documents and Settings\Owner\Cookies\owner@keywordelite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[1].txt
C:\Documents and Settings\Owner\Cookies\owner@lfstmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@lucidmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.expedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@meetupcom.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@merchntaccount[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftoffice.112.2 o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftwindows.112. 2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnbc.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@naiadsystems[1].txt
C:\Documents and Settings\Owner\Cookies\owner@naiadsystems[2].txt
C:\Documents and Settings\Owner\Cookies\owner@network.realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@networksolutions.112. 2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@newamericamedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@newmedia.tiscali[1].txt
C:\Documents and Settings\Owner\Cookies\owner@news.newamericamedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nike.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@oasn04.247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@openxxx.viragemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partypoker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pitacount[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pokertablesexpress[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pokertablesexpress[3].txt
C:\Documents and Settings\Owner\Cookies\owner@pornhub[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt
C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[3].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@rediffcom.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt
C:\Documents and Settings\Owner\Cookies\owner@reviewporn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[3].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[4].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[5].txt
C:\Documents and Settings\Owner\Cookies\owner@seoelite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[10].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[11].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[4].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[5].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[7].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[8].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[9].txt
C:\Documents and Settings\Owner\Cookies\owner@server1.discountclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[3].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[4].txt
C:\Documents and Settings\Owner\Cookies\owner@sexuality.about[1].txt
C:\Documents and Settings\Owner\Cookies\owner@shopping.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sitesupertracker.vide obloggingtips[1].txt
C:\Documents and Settings\Owner\Cookies\owner@socialmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[3].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[3].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.paypal[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.paypal[3].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.paypal[4].txt
C:\Documents and Settings\Owner\Cookies\owner@stats2.clicktracks[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats4.clicktracks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
C:\Documents and Settings\Owner\Cookies\owner@superstats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@surveymonkey.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@t.lynxtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ticketnetwork.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ticketsnow[2].txt
C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
C:\Documents and Settings\Owner\Cookies\owner@track.ireel[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracker.freerun[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.keywordmax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.realtor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@traveladvertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@traveldealsdiscounts[2].txt
C:\Documents and Settings\Owner\Cookies\owner@triangledirectmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[3].txt
C:\Documents and Settings\Owner\Cookies\owner@trvlnet.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@viacomedycentralrl.11 2.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@videoegg.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@vitacost.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@web4.realtracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@wotifcom.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.3dstats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.accountonline[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.adultadvertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.discountpokershop[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.fastblogfinder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[3].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[4].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[5].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[6].txt
C:\Documents and Settings\Owner\Cookies\owner@www.pokertablesexpres s[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.pokertablesexpres s[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.pornhub[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.quickhitcounters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ticketsnow[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.traveldealsdiscou nts[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.w3counter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.winecountry[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www5.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xxxstash[2].txt
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@youporn[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt

Adware.k8l
C:\PROGRAM FILES\COMMON FILES\VIKOK.HTML
Reply With Quote
  #12  
Old Aug. 17th, 2010, 18:54
Superdave's Avatar
Superdave Superdave is offline
Malware Fighter
 
Join Date: 07 Mar 2010
Posts: 808
Default

Where are the MBAM and Security Check logs?
Reply With Quote
  #13  
Old Aug. 21st, 2010, 20:05
americangamingsupply americangamingsupply is offline
Junior Member
 
Join Date: 14 Aug 2010
Posts: 16
Default

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4438

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/16/2010 9:31:30 PM
mbam-log-2010-08-16 (21-31-30).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 240189
Time elapsed: 2 hour(s), 22 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Reply With Quote
  #14  
Old Aug. 21st, 2010, 22:47
Superdave's Avatar
Superdave Superdave is offline
Malware Fighter
 
Join Date: 07 Mar 2010
Posts: 808
Default

Please provide me with the Security Check log as well as this one.

Download ComboFix by sUBs from one of the below links.

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.
Reply With Quote
  #15  
Old Aug. 25th, 2010, 00:24
americangamingsupply americangamingsupply is offline
Junior Member
 
Join Date: 14 Aug 2010
Posts: 16
Default

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee SecurityCenter
ZoneAlarm Security Suite
ZoneAlarm Toolbar
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.4
Adobe Reader Chinese Traditional Fonts
Mozilla Firefox (3.6.6) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
Reply With Quote
  #16  
Old Aug. 25th, 2010, 00:45
americangamingsupply americangamingsupply is offline
Junior Member
 
Join Date: 14 Aug 2010
Posts: 16
Default

Now it says that
combo fix has detected norton internet security
I can't find that...I did search and also looked everywhere and I can't find it.
Reply With Quote
  #17  
Old Aug. 25th, 2010, 01:15
Superdave's Avatar
Superdave Superdave is offline
Malware Fighter
 
Join Date: 07 Mar 2010
Posts: 808
Default

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

***********************************

Quote:
Now it says that
combo fix has detected norton internet security
I can't find that...I did search and also looked everywhere and I can't find it.
Are you telling me that you can't run ComboFix?
Reply With Quote
  #18  
Old Aug. 25th, 2010, 02:12
americangamingsupply americangamingsupply is offline
Junior Member
 
Join Date: 14 Aug 2010
Posts: 16
Default Combofix report part 1

combofix in the attachment.


Combofix 10-08-24.07 - Owner 08/24/2010 17:54:59.1.1 - x86
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\Owner\Local Settings\Application Data\{1C1B5E40-1D2C-437B-87B7-D4C074C932F4}
c:\documents and settings\Owner\Local Settings\Application Data\{1C1B5E40-1D2C-437B-87B7-D4C074C932F4}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{1C1B5E40-1D2C-437B-87B7-D4C074C932F4}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{1C1B5E40-1D2C-437B-87B7-D4C074C932F4}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{1C1B5E40-1D2C-437B-87B7-D4C074C932F4}\install.rdf
c:\windows\system32\42KJE738.ocx
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.
2010-08-16 21:32 . 2010-08-16 21:32 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-08-16 21:32 . 2010-08-16 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-16 21:31 . 2010-08-16 21:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-16 16:19 . 2010-08-16 16:19 -------- d-----w- C:\IObit
2010-08-16 16:18 . 2010-08-16 16:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-08-15 10:01 . 2010-08-15 10:01 -------- d-----w- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2010-08-14 15:37 . 2010-08-18 23:31 -------- d-----w- C:\UPS
2010-08-11 22:14 . 2010-08-11 22:14 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-08-11 01:16 . 2010-08-11 01:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Bryxen Software
2010-08-07 03:28 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-07 03:26 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-02 21:08 . 2010-08-02 21:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-07-28 03:13 . 2010-07-29 03:14 -------- d-----w- c:\documents and settings\Owner\Application Data\FinalMediaPlayer
2010-07-28 03:13 . 2010-07-28 03:13 -------- d-----w- c:\program files\FinalMediaPlayer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-25 00:28 . 2006-02-11 23:03 69496 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-23 17:51 . 2007-06-01 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-17 16:15 . 2010-08-17 16:16 59392 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2010-08-16 21:34 . 2010-08-16 21:34 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-08-16 21:34 . 2010-08-16 21:34 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
2010-08-16 21:34 . 2010-08-16 21:34 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-08-16 20:06 . 2010-04-08 00:05 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-08-16 20:02 . 2010-08-16 20:02 64000 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2010-08-16 20:01 . 2010-08-16 20:02 1820160 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2010-08-16 20:01 . 2010-08-16 20:02 1820160 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2010-08-14 16:04 . 2010-08-14 16:05 1854464 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2010-08-14 15:54 . 2005-11-15 03:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-11 22:15 . 2010-02-13 02:31 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2010-08-11 22:12 . 2008-06-11 18:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2010-08-11 22:12 . 2008-06-11 18:03 -------- d-----w- c:\program files\Uniblue
2010-08-11 18:41 . 2009-04-10 21:42 -------- d-----w- c:\program files\Article Submitter
2010-08-11 18:13 . 2010-08-11 18:13 2423226 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-08-11 18:13 . 2008-08-11 22:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-09 21:50 . 2009-07-01 20:41 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2010-08-06 23:31 . 2008-10-13 21:17 -------- d-----w- c:\program files\Safari
2010-08-05 22:11 . 2010-08-05 22:11 516784 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2CB.tmp.exe
2010-08-02 20:55 . 2010-02-15 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-08-02 20:55 . 2010-02-13 02:31 -------- d-----w- c:\program files\IObit
2010-08-02 18:39 . 2008-03-12 16:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-08-02 18:35 . 2006-01-23 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-08-02 18:35 . 2009-05-16 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-02 18:35 . 2006-01-23 19:56 -------- d-----w- c:\program files\Yahoo!
2010-08-02 18:24 . 2010-08-02 18:24 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-07-24 00:22 . 2010-07-29 19:18 1496064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-24 00:22 . 2010-07-29 19:18 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-24 00:22 . 2010-07-29 19:18 338944 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-24 00:22 . 2010-07-29 19:18 346112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-23 00:17 . 2010-07-23 00:17 -------- d-----w- c:\documents and settings\Owner\Application Data\CherryPickerLive
2010-07-23 00:17 . 2010-07-23 00:17 -------- d-----w- c:\program files\CherryPicker
2010-07-23 00:16 . 2010-06-09 21:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-21 02:29 . 2006-02-25 00:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-07-21 01:23 . 2008-03-25 17:35 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-07-15 22:29 . 2010-04-08 00:38 -------- d-----w- c:\documents and settings\Owner\Application Data\MailFrontier
2010-07-15 22:29 . 2010-07-15 22:29 -------- d-----w- c:\program files\SonicWallES
2010-07-14 19:48 . 2010-07-14 19:48 164867 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_07_14_11_27_45_small.dmp.zip
2010-07-10 22:00 . 2007-01-08 20:35 -------- d-----w- c:\program files\eBay
2010-07-10 21:44 . 2006-07-06 19:45 -------- d-----w- c:\program files\Common Files\Intuit
2010-07-10 21:23 . 2006-06-28 18:34 -------- d-----w- c:\program files\WinAce
2010-07-10 21:23 . 2010-06-10 19:06 -------- d-----w- c:\program files\QuickTime
2010-07-10 21:23 . 2008-02-28 22:38 -------- d-----w- c:\program files\Poker Chip Customizer
2010-07-10 21:22 . 2005-11-15 03:09 -------- d-----w- c:\program files\Intel
2010-07-10 21:22 . 2005-11-15 03:05 -------- d-----w- c:\program files\Google
2010-07-10 21:22 . 2008-02-19 22:16 -------- d-----w- c:\program files\DivX
2010-07-10 21:22 . 2005-11-15 03:09 -------- d-----w- c:\program files\Common Files\AOL
2010-07-10 21:19 . 2005-11-15 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-07-08 01:40 . 2010-07-08 01:41 1851392 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2010-07-08 01:40 . 2010-07-08 01:41 1851392 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2010-06-30 12:31 . 2004-08-26 16:12 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-26 16:12 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-26 16:12 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-26 16:11 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-26 18:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-26 16:12 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 19:01 . 2010-06-10 19:01 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-274d15fb-n\msvcp71.dll
2010-06-10 19:01 . 2010-06-10 19:01 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-274d15fb-n\jmc.dll
2010-06-10 19:01 . 2010-06-10 19:01 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-250961e9-n\decora-d3d.dll
2010-06-10 19:01 . 2010-06-10 19:01 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-250961e9-n\decora-sse.dll
2010-06-10 19:01 . 2010-06-10 19:01 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-274d15fb-n\msvcr71.dll
2010-06-09 21:29 . 2010-06-09 21:29 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-07 18:17 . 2010-06-07 18:18 95744 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2010-06-07 18:16 . 2010-06-07 18:18 1637888 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2010-06-07 18:16 . 2010-06-07 18:18 1637888 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2010-06-06 21:31 . 2010-06-06 21:40 1687040 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2010-06-06 21:31 . 2010-06-06 21:40 1687040 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2010-06-06 01:18 . 2010-06-06 01:21 1679360 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2010-06-06 01:18 . 2010-06-06 01:21 264704 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2010-06-05 22:50 . 2010-06-05 22:51 1677312 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-06-02 20:34 . 2010-06-02 20:35 1727488 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-06-02 20:34 . 2010-06-02 20:35 1727488 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2007-04-07 22:35 . 2007-04-07 18:20 484 ----a-w- c:\program files\Common Files\rybiv
2008-05-30 19:15 . 2010-04-07 23:24 98304 ----a-w- c:\program files\mozilla firefox\components\GIDBIN1.dll
2008-05-30 19:15 . 2010-04-07 23:24 294912 ----a-w- c:\program files\mozilla firefox\components\GIDBIN3.dll
2008-05-30 19:15 . 2010-04-07 23:24 294912 ----a-w- c:\program files\mozilla firefox\components\GIDBIN4.dll
2008-05-30 19:17 . 2010-04-07 23:24 106496 ----a-w- c:\program files\mozilla firefox\components\gidconnect.dll
2008-08-14 12:17 . 2006-12-12 21:49 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-01 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-25 1038728]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupda te.exe" [2006-01-11 212992]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
LIVECHAT Operator.lnk - c:\program files\LIVECHAT\LIVECHAT Operator\LIVECHAT.exe [2010-6-21 13628752]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_startmenu.cmd]
backup=c:\windows\pss\run_startmenu.cmdCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TradeManager]
c:\progra~1\Alibaba\TRADEM~1\TradeManager -hideframe [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vkaphehb
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-07-03 00:33 2347216 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-14 12:17 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 23:51 118784 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 23:55 155648 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 23:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2005-09-23 02:29 303104 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2006-01-11 20:05 212992 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
2004-03-02 18:49 86016 ----a-w- c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-13 20:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-08-27 17:50 970752 ----a-w- c:\windows\creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 23:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 20:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-10-18 22:05 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-01 00:01 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"WZCSVC"=2 (0x2)
"SAVScan"=3 (0x3)
"PrismXL"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate"=2 (0x2)
"GoogleDesktopManager-061008-081103"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Browser"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\LIVECHAT\\LIVECHAT Operator\\LIVECHAT.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1434:UDP"= 1434:UDP:UDP 1434
"1434:TCP"= 1434:TCP:UPS WorldShip MSDE Port
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [3/16/2010 1:55 AM 26232]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [3/16/2010 1:55 AM 488816]
R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [6/22/2007 9:22 AM 95592]
R2 MSSQL$DATAPORT;MSSQL$DATAPORT;c:\program files\MonsterCommerce\DataBase\MSSQL$DATAPORT\Binn \sqlservr.exe -sDATAPORT --> c:\program files\MonsterCommerce\DataBase\MSSQL$DATAPORT\Binn \sqlservr.exe -sDATAPORT [?]
R3 GIDDriver;GIDDriver;c:\windows\system32\drivers\GI DDriver.sys [4/7/2010 4:25 PM 12544]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [8/11/2010 3:15 PM 312152]
S3 SQLAgent$DATAPORT;SQLAgent$DATAPORT;c:\program files\MonsterCommerce\DataBase\MSSQL$DATAPORT\Binn \sqlagent.EXE -i DATAPORT --> c:\program files\MonsterCommerce\DataBase\MSSQL$DATAPORT\Binn \sqlagent.EXE -i DATAPORT [?]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/12/2006 2:49 PM 29744]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 8:38 PM 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2010-08-23 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-02-13 21:11]
2010-08-24 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-02-13 23:18]
2010-08-24 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-07-28 05:22]
2010-08-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 18:52]
2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:38]
2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:38]
2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{F00956E9-EBF6-47F5-9AAF-A6AE79CAA3DA}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
CONTINUED IN THE NEXT POST>>>>>>>>>>>>>>>>>>>>>>>>
Attached Files
File Type: txt combofix.txt (33.8 KB, 0 views)

Last edited by enoskype : Aug. 25th, 2010 at 21:41. Reason: EDIT to divide report in 2 posts
Reply With Quote
  #19  
Old Aug. 25th, 2010, 02:12
americangamingsupply americangamingsupply is offline
Junior Member
 
Join Date: 14 Aug 2010
Posts: 16
Default Combofix report part 2

CONTINUATION OF THE PREVIOUS POST>>>>>>>>>>>>>>>>>>>>>>>>>

------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=35174227666ca442784f6ed08d21cdf6&url=http%3A %2F%2Fd.64.69.14.62.downloads.estara.com.%2Fas%2FO neCCDM.php&template=489693&sessionid=630999502_64. 69.14.69_42843&=&req=1244846352171OneCC.cab
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\
FF - prefs.js: browser.startup.homepage - www.americangamingsupply.com
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va8eyl4y.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserpl us_2.8.1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.d ll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {3737F382-CD60-4C3A-B970-F7A1C6486A2C} - c:\documents and settings\Administrator\Local Settings\Application Data\{3737F382-CD60-4C3A-B970-F7A1C6486A2C}\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-Qgecuk - c:\windows\ugotafuz.dll
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 18:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m sftesql$SQLEXPRESS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3079726014-4200542014-4019606198-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSyn c]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Param2"=""
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
- - - - - - - > 'lsass.exe'(728)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-08-24 18:18:26
ComboFix-quarantined-files.txt 2010-08-25 01:18
Pre-Run: 49,836,285,952 bytes free
Post-Run: 50,458,464,256 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 926646A2AAC7961A09F875AF9ED3CE7D
Attached Files
File Type: txt combofix.txt (33.8 KB, 2 views)

Last edited by enoskype : Aug. 25th, 2010 at 21:42. Reason: EDIT to divide report in 2 posts
Reply With Quote
  #20  
Old Aug. 25th, 2010, 22:30
Superdave's Avatar
Superdave Superdave is offline
Malware Fighter
 
Join Date: 07 Mar 2010
Posts: 808
Default

It would appear that you're running two Anti-Virus programs; ZoneAlarm Security Suite Antivirus and Norton Internet Security. If this is, in fact, true one will have to be disabled. You can this tool to get rid of Norton, if you wish.


Download the Norton Removal Tool (SymNRT) to your desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

* Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
* Once open Click Next
* Accept the license agreement and click Next
* Type in the letters/numbers that you see into the text box then click Next.
* Then click Next and the tool will start running.
* Once finished restart the PC.
* Delete the 'Norton_Removal_Tool' from your desktop.

*********************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology


*************************************
* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Get FREE Online Help



Free Download IObit Products




Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: iobit link hijacked KaCayo ASC General Discussions 0 Sep. 15th, 2010 02:10
IObit link hijacked sunny staines Lounge 5 Sep. 13th, 2010 15:42
IE Browser Hijacked hay1 ASC General Discussions 1 Oct. 29th, 2009 16:30
Windows XP Applications Hijacked VodkaIce IObit Security 360 4 Sep. 22nd, 2009 15:16
Hijacked settings? Ikaura ASC General Discussions 1 Sep. 13th, 2009 16:53


All times are GMT +0. The time now is 06:46.


Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.