Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Hijackthis


  • This topic is locked This topic is locked
4 replies to this topic

#1 JMitchell024

JMitchell024

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 22 July 2007 - 06:44 PM

I had the soundvol32.exe virus after downloading some games. I think I got rid of it but would like someone who understands the Hijackthis log to tell me if I did get rid of it. All I did was find the file in the registry and delete it. Nod32 didn't find anything afterward nor did sdfix (which didn't find it to begin with, maybe because I disabled soundvol32 in startup) and I also ran superantispyware with no results. Any help is greatly appreciated. My system seems to be running normal but I want to make sure that I got that worm and am not being compromised.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:16 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Shortcut to type32.lnk = C:\Program Files\Microsoft IntelliType Pro\type32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120693282125
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O24 - Desktop Component 1: (no name) - http://www.espn.com/
O24 - Desktop Component 2: Comcast.net - http://www.comcast.net/

--
End of file - 6794 bytes

BC AdBot (Login to Remove)

 


m

#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 23 July 2007 - 04:57 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
I'd like you to run a couple more scans just to make sure that there is nothing else bad lurking in your compuer that could cause some problems in the future.

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

Please include both the Panda and Combofix logs in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 JMitchell024

JMitchell024
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 23 July 2007 - 01:54 PM

Just wanted to thank you for all your help so far. I did what you said and this is what I got.

ComboFix Log:



"Owner" - 2007-07-23 12:07:38 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\Desktop.\internet explorer.lnk
C:\DOCUME~1\Owner\Desktop\internet.lnk


((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))


2007-07-23 12:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 18:34 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-22 16:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-22 16:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-22 16:51 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-07-22 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-22 16:25 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-22 15:57 1,997,312 -r-hs---- C:\WINDOWS\system32\soundvol32.exe
2007-07-10 15:57 <DIR> d-------- C:\Program Files\Opera Software
2007-07-09 03:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc
2007-07-09 02:59 <DIR> d-------- C:\Program Files\VideoLAN


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 21:49:16 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-20021102}.dat
2007-07-22 21:49:16 384 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-20021102}.dat
2007-07-22 20:49:26 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-07-19 17:45:55 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-07-17 06:06:38 -------- d-----w C:\Program Files\PeerGuardian2
2007-07-11 17:15:45 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-07-11 06:18:42 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\1clickPro
2007-07-11 05:12:42 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Vso
2007-07-11 05:12:39 81,920 ----a-w C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2007-07-11 05:12:38 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-07-11 05:12:38 47,360 ----a-w C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-06-15 07:43:27 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-06-03 19:31:28 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-05-28 17:20:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 07:15:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-09 12:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 23:36]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Shortcut to type32.lnk - C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 01:51:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"MaxRecentDocs"=11 (0xb)
"NoStartMenuMFUprogramsList"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet Series 500 Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP OfficeJet Series 500 Startup.lnk
backup=C:\WINDOWS\pss\HP OfficeJet Series 500 Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
backup=C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PlexTools.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PlexTools.lnk
backup=C:\WINDOWS\pss\PlexTools.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABIT uGuru]
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPClientMonitor]
C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPDownloadManager]
C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITD7]
"C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]
soundvol32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
"C:\Program Files\Windows Media Connect 2\wmccfg.exe" /StartQuiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"Adobe Version Cue CS2"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)

R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R3 dvd43llh;dvd43llh;C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys
R3 Pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\Pcouffin.sys
R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S3 BthEnum;Bluetooth Request Block Driver;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
S3 BTHMODEM;Bluetooth Modem Communications Driver;C:\WINDOWS\system32\DRIVERS\bthmodem.sys
S3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys
S3 Dot4;IEEE-1284.4 Driver;C:\WINDOWS\system32\DRIVERS\Dot4.sys
S3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
S3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys
S3 grmnusb;grmnusb;C:\WINDOWS\system32\drivers\grmnusb.sys
S3 Memctl;Memctl;\??\C:\Program Files\ABIT\ABIT uGuru\Memctl.sys
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 P2k;Motorola USB Device;C:\WINDOWS\system32\DRIVERS\P2k.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
S3 USB_RNDIS;Arris Remote NDIS Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
S3 Winflash;WINFLASH;\??\C:\Program Files\ABIT\ABIT uGuru\WinFlash.sys
S4 iPod Service;iPod Service;"C:\Program Files\iPod\bin\iPodService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL

Contents of the 'Scheduled Tasks' folder
2007-07-20 22:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 12:08:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-23 12:09:20
C:\ComboFix-quarantined-files.txt ... 2007-07-23 12:08

--- E O F ---



Panda Scan:


Incident Status Location

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\zgfb1x41.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\zgfb1x41.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\zgfb1x41.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\zgfb1x41.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\zgfb1x41.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\zgfb1x41.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\zgfb1x41.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.overture.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[servedby.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.z1.adserver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.burstnet.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[www.burstbeacon.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.qksrv.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[server.iad.liveperson.net/hc/65645376]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[server.iad.liveperson.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.atwola.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.findwhat.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.cs.sexcounter.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.maxserving.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[stat.onestat.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.paycounter.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.ccbill.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.as-eu.falkag.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.as-eu.falkag.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.as-eu.falkag.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[counter8.sextracker.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.sextracker.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.as-us.falkag.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.bluestreak.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[counter.hitslink.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[statse.webtrendslive.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[server.iad.liveperson.net/hc/89490505]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.target.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.com.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.valueclick.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.revenue.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[server.iad.liveperson.net/hc/56196251]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.ct.360i.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies-1.txt[.centrport.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies.txt[.com.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies.txt[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzu1s9tp.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Virus:W32/IrcBot.AVT.worm Disinfected C:\WINDOWS\system32\soundvol32.exe

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 23 July 2007 - 03:23 PM

Hi there,
Please download ATF Cleaner to your Desktop.
Don't run it yet.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Double click ATF-Cleaner.exe to run the program.
Under Main choose Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

Click Exit on the main menu to close the program.

Boot back into Normal Mode and let me know how things seem to be running now.
Thanks,
Charles

Edited by rookie147, 23 July 2007 - 03:23 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 15 August 2007 - 03:00 AM

Since this issue appears to be resolved, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users