Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, Winantivirus Infection.


  • Please log in to reply
14 replies to this topic

#1 monkpart9

monkpart9

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:21 AM

Posted 03 August 2007 - 10:55 PM

Aright so after much consideration and research I've come to the conclusion that I have been infected with "winantivirus" or whatever, some sort of malware. Anyway im just posting this new topic(some of you may have seen my older topic similar to this one----->http://www.bleepingcomputer.com/forums/topic102598.html ) so i can get some help faster being that I included the name of the problem, at least im pretty sure thats what it is... anyhow my HijackThis logfile is below and whoever decides to help me, thanks.




HijackThis logfile:
-----------------------


Logfile of HijackThis v1.99.1
Scan saved at 11:52:40 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr212.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138993339734
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum212.txt
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Edited by monkpart9, 03 August 2007 - 10:58 PM.

If you do things right, then people won't know if you've done anything at all.

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 04 August 2007 - 07:18 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum monkpart9 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

-------------------------------------------------------------------------

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log.
Posted Image
Posted Image

#3 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:21 AM

Posted 04 August 2007 - 08:58 PM

Aright heres the Bit Defender logfile below


Bit Defender Logfile:
----------------------

BitDefender Online Scanner



Scan report generated at: Sat, Aug 04, 2007 - 14:37:26





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:36:52

Files
404663

Folders
10459

Boot Sectors
3

Archives
6866

Packed Files
11399




Results

Identified Viruses
9

Infected Files
41

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
37




Engines Info

Virus Definitions
680051

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\chic about ping loud\default peak logo.exe
Infected with: Trojan.Obfuscated.GZ

C:\Documents and Settings\All Users\Application Data\chic about ping loud\default peak logo.exe
Disinfection failed

C:\Documents and Settings\All Users\Application Data\chic about ping loud\default peak logo.exe
Deleted

C:\Documents and Settings\All Users\Application Data\Loud spam else tool\peak readme.exe
Infected with: Trojan.FatObfus.AF

C:\Documents and Settings\All Users\Application Data\Loud spam else tool\peak readme.exe
Deleted

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
Disinfection failed

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
Delete failed

C:\Documents and Settings\Chris DiBenedetto\Start Menu\Programs\Startup\system.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\Documents and Settings\Chris DiBenedetto\Start Menu\Programs\Startup\system.exe
Disinfection failed

C:\Documents and Settings\Chris DiBenedetto\Start Menu\Programs\Startup\system.exe
Deleted

C:\Documents and Settings\LocalService\Start Menu\Programs\Startup\system.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\Documents and Settings\LocalService\Start Menu\Programs\Startup\system.exe
Disinfection failed

C:\Documents and Settings\LocalService\Start Menu\Programs\Startup\system.exe
Deleted

C:\Documents and Settings\Nicholas DiBenedetto\Start Menu\Programs\Startup\system.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\Documents and Settings\Nicholas DiBenedetto\Start Menu\Programs\Startup\system.exe
Disinfection failed

C:\Documents and Settings\Nicholas DiBenedetto\Start Menu\Programs\Startup\system.exe
Delete failed

C:\driveA.com
Infected with: Trojan.Downloader.Adload.CP

C:\driveA.com
Disinfection failed

C:\driveA.com
Deleted

C:\ipod32.exe
Infected with: Trojan.Downloader.Adload.CP

C:\ipod32.exe
Disinfection failed

C:\ipod32.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367\A0356372.exe
Infected with: Trojan.Muldrop.XJ

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367\A0356372.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367\A0356372.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP368\A0362968.exe
Infected with: Trojan.Muldrop.XJ

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP368\A0362968.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP368\A0362968.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0367264.exe
Infected with: Trojan.Muldrop.XJ

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0367264.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0367264.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP403\A0417562.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP403\A0417562.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP403\A0417562.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP403\A0417563.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP403\A0417563.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP403\A0417563.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417593.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417593.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417593.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417594.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417594.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417594.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417595.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417595.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417595.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417598.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417598.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417598.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417599.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417599.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417599.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417605.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417605.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417605.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417609.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417609.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417609.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417610.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417610.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0417610.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0418561.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0418561.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0418561.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0418562.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0418562.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0418562.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0419557.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0419557.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0419557.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0419559.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0419559.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0419559.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0419560.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0419560.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0419560.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0419563.exe
Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0419563.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420561.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420561.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420561.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420562.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420562.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420562.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420563.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420563.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420563.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420565.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420565.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420565.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420566.exe
Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420566.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420569.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420569.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420569.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420572.exe
Infected with: Trojan.Obfuscated.GZ

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420572.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420572.exe
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420573.com
Infected with: Trojan.Downloader.Adload.CP

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420573.com
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420573.com
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420574.exe
Infected with: Trojan.Downloader.Adload.CP

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420574.exe
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP404\A0420574.exe
Deleted

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
Infected with: Generic.Qhost.60FEA05A

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
Disinfection failed

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
Deleted

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20070803-130744.backup
Infected with: Generic.Qhost.16934822

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20070803-130744.backup
Disinfection failed

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20070803-130744.backup
Deleted

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20070803-130745.backup
Infected with: Generic.Qhost.A736E532

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20070803-130745.backup
Disinfection failed

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20070803-130745.backup
Deleted

C:\WINDOWS\SYSTEM32\printer.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\WINDOWS\SYSTEM32\printer.exe
Disinfection failed

C:\WINDOWS\SYSTEM32\printer.exe
Delete failed

C:\WINDOWS\SYSTEM32\winavxx.exe
Infected with: Generic.Malware.SDYd!wsp.A951E53A

C:\WINDOWS\SYSTEM32\winavxx.exe
Disinfection failed

C:\WINDOWS\SYSTEM32\winavxx.exe
Delete failed

------------------------
ComboFix log:
------------------------------





ComboFix 07-08-05.3 - "Nicholas DiBenedetto" 2007-08-04 21:28:44.1 [GMT -4:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\MICHAE~1\APPLIC~1\Sskknwrd.dll
C:\DOCUME~1\MICHAE~1\APPLIC~1\Sskuknwrd.dll
C:\DOCUME~1\NICHOL~1\Desktop.\internet explorer.lnk
C:\Program Files\Common Files\{C4D1B~1
C:\Program Files\Common Files\{C4D1B~2
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\simtest\svchostsys.bat
C:\Program Files\iMeshBar
C:\WINDOWS\racle~1
C:\WINDOWS\system32\drivers\fad.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))


2007-08-04 21:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-04 12:53 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-04 01:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\chic about ping loud
2007-08-04 01:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Loud spam else tool
2007-08-04 01:19 <DIR> d-------- C:\Program Files\ANTIGLUE
2007-08-03 02:32 37,376 --a------ C:\WINDOWS\SYSTEM32\vtr212.dll
2007-08-03 02:32 14,848 --a------ C:\WINDOWS\SYSTEM32\winavxx.exe
2007-08-03 02:32 14,848 --a------ C:\WINDOWS\SYSTEM32\printer.exe
2007-08-02 11:38 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-08-02 01:34 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-07-31 22:35 <DIR> d-------- C:\Program Files\GamePark
2007-07-30 18:30 <DIR> d-------- C:\Program Files\BoontyGames
2007-07-24 15:32 <DIR> d-------- C:\Program Files\Mozilla Firefox(2)
2007-07-17 15:25 <DIR> d-------- C:\Program Files\MLdonkey
2007-07-17 15:06 <DIR> d-------- C:\DOCUME~1\NICHOL~1\.sancho
2007-07-13 13:51 14 --a------ C:\DOCUME~1\NICHOL~1\onlinesig.dat
2007-07-13 13:51 <DIR> d-------- C:\DOCUME~1\NICHOL~1\web_infos
2007-07-11 13:30 <DIR> d-------- C:\Program Files\DOSBox-0.70
2007-07-09 18:47 <DIR> d--hs---- C:\found.001
2007-07-05 00:37 <DIR> d-------- C:\download


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-04 12:50 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\Metacafe
2007-06-29 11:30 --------- d-------- C:\Program Files\LimeWire
2007-06-27 22:42 --------- d-------- C:\Program Files\Common Files\aol
2007-06-27 17:39 --------- d-------- C:\Program Files\AIM
2007-06-27 17:38 --------- d-------- C:\Program Files\AOD
2007-06-27 17:25 --------- d-------- C:\Program Files\Shareaza
2007-06-27 15:49 --------- d-------- C:\Program Files\WinMX
2007-06-27 15:49 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\Azureus
2007-06-27 15:45 --------- d-------- C:\Program Files\Hydranode
2007-06-27 15:45 --------- d-------- C:\Program Files\Google
2007-06-27 15:44 --------- d-------- C:\Program Files\Ultra MPEG-4 Converter
2007-06-27 15:43 --------- d-------- C:\Program Files\WarZone
2007-06-27 15:43 --------- d-------- C:\Program Files\DAP(2)
2007-06-27 15:42 --------- d-------- C:\Program Files\GetRight
2007-06-27 15:42 --------- d-------- C:\Program Files\FlashGet
2007-06-27 15:42 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\Shareaza
2007-06-27 15:41 --------- d-------- C:\Program Files\Viewpoint
2007-06-27 15:41 --------- d-------- C:\Program Files\MorpheusBar
2007-06-27 15:41 --------- d-------- C:\Program Files\Morpheus
2007-06-27 15:41 --------- d-------- C:\Program Files\iriver
2007-06-27 15:41 --------- d-------- C:\Program Files\iMesh(2)
2007-06-27 15:41 --------- d-------- C:\Program Files\iMesh Applications
2007-06-27 15:41 --------- d-------- C:\Program Files\FrostWire
2007-06-27 15:41 --------- d-------- C:\Program Files\EarthLink 5.0
2007-06-27 15:41 --------- d-------- C:\Program Files\AWS
2007-06-27 15:41 --------- d-------- C:\Program Files\AIM Games
2007-06-27 15:40 --------- d-------- C:\Program Files\Viewpoint(2)
2007-06-27 15:40 --------- d-------- C:\Program Files\PageBreeze
2007-06-19 22:50 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\wsInspector
2007-06-16 08:27 1004 --a------ C:\WINDOWS\system32\drivers\ServUStartUpLog.txt
2007-06-12 12:53 --------- d-------- C:\Program Files\Microprose
2007-06-12 12:52 --------- d-------- C:\Program Files\Common Files\Idu


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 09:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 09:59]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-08 18:42]
"CaAvTray"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2006-07-18 22:29]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2006-07-18 22:29]
"eTrustPPAP"="C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe" [2006-07-18 22:19]
"Zone Labs Client"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe" [2005-01-26 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 15:05]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 10:21]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"else tool title ping"="C:\Documents and Settings\All Users\Application Data\Loud spam else tool\peak readme.exe" []
"iso warn plus ping"="C:\Documents and Settings\All Users\Application Data\chic about ping loud\default peak logo.exe" []
"WinAVX"="C:\WINDOWS\system32\WinAvXX.exe" [2007-08-03 02:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"WinAVX"="C:\WINDOWS\system32\WinAvXX.exe" [2007-08-03 02:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Del41"=cmd /c del C:\WINDOWS\TEMP\BundleInstall.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"mmkk"=C:\Program Files\Common Files\mmkk\mmkkm.exe
"WinAVX"=C:\WINDOWS\system32\WinAvXX.exe

C:\Documents and Settings\Nicholas DiBenedetto\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 19:43:46]
system.exe [2007-08-03 02:32:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
autorun.exe [2007-08-03 02:32:50]
DESKTOP.INI [2002-09-03 10:00:00]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-10-19 14:34:23]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 19:43:46]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2006-03-25 01:15:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\system32\printer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hrum212.txt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

R0 IFP700;iriver Internet Audio Player IFP-700;C:\WINDOWS\system32\drivers\ifp700.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 NPPTNT2;NPPTNT2;\??\C:\WINDOWS\system32\npptNT2.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\system32\DRIVERS\wATV03nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
S3 npkycryp;npkycryp;\??\C:\Program Files\Gravity\RO\npkycryp.sys
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service;C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys


Contents of the 'Scheduled Tasks' folder
2007-08-01 21:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2006-02-07 21:58:29 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-04 21:42:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-04 21:48:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-04 21:48
C:\ComboFix2.txt ... 2007-06-17 10:32

--- E O F ---
---------------------------------
New HijackThis log:
-------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:54:27 PM, on 8/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\winavxx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Documents and Settings\Nicholas DiBenedetto\Start Menu\Programs\Startup\system.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [else tool title ping] C:\Documents and Settings\All Users\Application Data\Loud spam else tool\peak readme.exe
O4 - HKLM\..\Run: [iso warn plus ping] C:\Documents and Settings\All Users\Application Data\chic about ping loud\default peak logo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138993339734
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum212.txt
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
If you do things right, then people won't know if you've done anything at all.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 05 August 2007 - 08:40 AM

Copy and paste ALL the following blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\SYSTEM32\vtr212.dll
C:\WINDOWS\SYSTEM32\winavxx.exe
C:\WINDOWS\SYSTEM32\printer.exe

Folder::
C:\Program Files\DAP(2)
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint(2)
C:\Documents and Settings\All Users\Application Data\chic about ping loud
C:\Documents and Settings\All Users\Application Data\Loud spam else tool

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"else tool title ping"=-
"iso warn plus ping"=-
"WinAVX"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinAVX"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"mmkk"=-
"WinAVX"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.

Edited by RichieUK, 05 August 2007 - 08:41 AM.

Posted Image
Posted Image

#5 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:21 AM

Posted 05 August 2007 - 12:02 PM

ComboFix log:
--------------------------------

ComboFix 07-08-05.4 - "Nicholas DiBenedetto" 2007-08-05 12:32:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.84 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Nicholas DiBenedetto\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\vtr212.dll
C:\WINDOWS\SYSTEM32\winavxx.exe
C:\WINDOWS\SYSTEM32\printer.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\chic about ping loud
C:\Documents and Settings\All Users\Application Data\Loud spam else tool
C:\Program Files\DAP(2)
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint(2)
C:\Program Files\Viewpoint(2)\Viewpoint Experience Technology(2)\npViewpoint.xpt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0303001D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\BlueStreak.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts2Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\WINDOWS\SYSTEM32\printer.exe
C:\WINDOWS\SYSTEM32\vtr212.dll
C:\WINDOWS\SYSTEM32\winavxx.exe


((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))


2007-08-05 12:44 14,848 --a------ C:\WINDOWS\SYSTEM32\WinAvXX.exe
2007-08-05 12:44 14,848 --a------ C:\WINDOWS\SYSTEM32\printer.exe
2007-08-04 21:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-04 12:53 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-04 01:19 <DIR> d-------- C:\Program Files\ANTIGLUE
2007-08-02 11:38 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-08-02 01:34 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-07-31 22:35 <DIR> d-------- C:\Program Files\GamePark
2007-07-30 18:30 <DIR> d-------- C:\Program Files\BoontyGames
2007-07-24 15:32 <DIR> d-------- C:\Program Files\Mozilla Firefox(2)
2007-07-17 15:25 <DIR> d-------- C:\Program Files\MLdonkey
2007-07-17 15:06 <DIR> d-------- C:\DOCUME~1\NICHOL~1\.sancho
2007-07-13 13:51 14 --a------ C:\DOCUME~1\NICHOL~1\onlinesig.dat
2007-07-13 13:51 <DIR> d-------- C:\DOCUME~1\NICHOL~1\web_infos
2007-07-11 13:30 <DIR> d-------- C:\Program Files\DOSBox-0.70
2007-07-09 18:47 <DIR> d--hs---- C:\found.001
2007-07-05 00:37 <DIR> d-------- C:\download


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-05 01:33 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\Metacafe
2007-06-29 11:30 --------- d-------- C:\Program Files\LimeWire
2007-06-27 22:42 --------- d-------- C:\Program Files\Common Files\aol
2007-06-27 17:39 --------- d-------- C:\Program Files\AIM
2007-06-27 17:38 --------- d-------- C:\Program Files\AOD
2007-06-27 17:25 --------- d-------- C:\Program Files\Shareaza
2007-06-27 15:49 --------- d-------- C:\Program Files\WinMX
2007-06-27 15:49 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\Azureus
2007-06-27 15:45 --------- d-------- C:\Program Files\Hydranode
2007-06-27 15:45 --------- d-------- C:\Program Files\Google
2007-06-27 15:44 --------- d-------- C:\Program Files\Ultra MPEG-4 Converter
2007-06-27 15:43 --------- d-------- C:\Program Files\WarZone
2007-06-27 15:42 --------- d-------- C:\Program Files\GetRight
2007-06-27 15:42 --------- d-------- C:\Program Files\FlashGet
2007-06-27 15:42 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\Shareaza
2007-06-27 15:41 --------- d-------- C:\Program Files\MorpheusBar
2007-06-27 15:41 --------- d-------- C:\Program Files\Morpheus
2007-06-27 15:41 --------- d-------- C:\Program Files\iriver
2007-06-27 15:41 --------- d-------- C:\Program Files\iMesh(2)
2007-06-27 15:41 --------- d-------- C:\Program Files\iMesh Applications
2007-06-27 15:41 --------- d-------- C:\Program Files\FrostWire
2007-06-27 15:41 --------- d-------- C:\Program Files\EarthLink 5.0
2007-06-27 15:41 --------- d-------- C:\Program Files\AWS
2007-06-27 15:41 --------- d-------- C:\Program Files\AIM Games
2007-06-27 15:40 --------- d-------- C:\Program Files\PageBreeze
2007-06-19 22:50 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\wsInspector
2007-06-16 08:27 1004 --a------ C:\WINDOWS\system32\drivers\ServUStartUpLog.txt
2007-06-12 12:53 --------- d-------- C:\Program Files\Microprose
2007-06-12 12:52 --------- d-------- C:\Program Files\Common Files\Idu


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 09:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 09:59]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-08 18:42]
"CaAvTray"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2006-07-18 22:29]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2006-07-18 22:29]
"eTrustPPAP"="C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe" [2006-07-18 22:19]
"Zone Labs Client"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe" [2005-01-26 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 15:05]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 10:21]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WinAVX"="C:\WINDOWS\system32\WinAvXX.exe" [2007-08-03 02:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"WinAVX"="C:\WINDOWS\system32\WinAvXX.exe" [2007-08-03 02:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Del41"=cmd /c del C:\WINDOWS\TEMP\BundleInstall.exe

C:\Documents and Settings\Nicholas DiBenedetto\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 19:43:46]
system.exe [2007-08-03 02:32:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
autorun.exe [2007-08-03 02:32:50]
DESKTOP.INI [2002-09-03 10:00:00]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-10-19 14:34:23]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 19:43:46]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2006-03-25 01:15:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\system32\printer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hrum212.txt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

R0 IFP700;iriver Internet Audio Player IFP-700;C:\WINDOWS\system32\drivers\ifp700.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 NPPTNT2;NPPTNT2;\??\C:\WINDOWS\system32\npptNT2.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\system32\DRIVERS\wATV03nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
S3 npkycryp;npkycryp;\??\C:\Program Files\Gravity\RO\npkycryp.sys
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service;C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys


Contents of the 'Scheduled Tasks' folder
2007-08-01 21:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2006-02-07 21:58:29 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-05 12:44:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-05 12:49:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-05 12:48
C:\ComboFix2.txt ... 2007-08-04 21:48
C:\ComboFix3.txt ... 2007-06-17 10:32

--- E O F ---
----------------------------------------------------
New HijackThis log:
-------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:58:21 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138993339734
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum212.txt
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

-----------------------------
Btw thanks for all the help thus far Rich.
If you do things right, then people won't know if you've done anything at all.

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 05 August 2007 - 03:00 PM

Download and install the free trial of Prevx2:
http://info.prevx.com/downloadprevx2.asp
Next Activate Prevx2 by clicking the Free Activation button.
Allow Prevx2 to scan your system and running processes.
If an infection is found,Prevx2 will show you the steps it will take to clean up your system.
Click the Clean Up option and let it run to completion.
This may require a reboot.

Double click on combofix.exe again and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Also post a new Hijackthis log.
Posted Image
Posted Image

#7 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:21 AM

Posted 05 August 2007 - 04:07 PM

Arighty heres that combofix log as well as the new hijackThis log below.



ComboFix log:
---------------------------

ComboFix 07-08-05.4 - "Nicholas DiBenedetto" 2007-08-05 16:45:49.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.77 [GMT -4:00]


((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))


2007-08-05 16:23 <DIR> d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\Prevx
2007-08-05 16:21 <DIR> d-------- C:\Program Files\Prevx2
2007-08-05 16:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-08-05 16:13 77,312 --a------ C:\WINDOWS\ua2.dll
2007-08-05 12:44 14,848 --a------ C:\WINDOWS\SYSTEM32\WinAvXX.exe
2007-08-05 12:44 14,848 --a------ C:\WINDOWS\SYSTEM32\printer.exe
2007-08-04 21:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-04 12:53 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-04 01:19 <DIR> d-------- C:\Program Files\ANTIGLUE
2007-08-02 11:38 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-08-02 01:34 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-07-31 22:35 <DIR> d-------- C:\Program Files\GamePark
2007-07-30 18:30 <DIR> d-------- C:\Program Files\BoontyGames
2007-07-24 15:32 <DIR> d-------- C:\Program Files\Mozilla Firefox(2)
2007-07-17 15:25 <DIR> d-------- C:\Program Files\MLdonkey
2007-07-17 15:06 <DIR> d-------- C:\DOCUME~1\NICHOL~1\.sancho
2007-07-13 13:51 14 --a------ C:\DOCUME~1\NICHOL~1\onlinesig.dat
2007-07-13 13:51 <DIR> d-------- C:\DOCUME~1\NICHOL~1\web_infos
2007-07-11 13:30 <DIR> d-------- C:\Program Files\DOSBox-0.70
2007-07-09 18:47 <DIR> d--hs---- C:\found.001
2007-07-05 00:37 <DIR> d-------- C:\download


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-05 01:33 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\Metacafe
2007-06-29 11:30 --------- d-------- C:\Program Files\LimeWire
2007-06-27 22:42 --------- d-------- C:\Program Files\Common Files\aol
2007-06-27 17:39 --------- d-------- C:\Program Files\AIM
2007-06-27 17:38 --------- d-------- C:\Program Files\AOD
2007-06-27 17:25 --------- d-------- C:\Program Files\Shareaza
2007-06-27 15:49 --------- d-------- C:\Program Files\WinMX
2007-06-27 15:49 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\Azureus
2007-06-27 15:45 --------- d-------- C:\Program Files\Hydranode
2007-06-27 15:45 --------- d-------- C:\Program Files\Google
2007-06-27 15:44 --------- d-------- C:\Program Files\Ultra MPEG-4 Converter
2007-06-27 15:43 --------- d-------- C:\Program Files\WarZone
2007-06-27 15:42 --------- d-------- C:\Program Files\GetRight
2007-06-27 15:42 --------- d-------- C:\Program Files\FlashGet
2007-06-27 15:42 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\Shareaza
2007-06-27 15:41 --------- d-------- C:\Program Files\MorpheusBar
2007-06-27 15:41 --------- d-------- C:\Program Files\Morpheus
2007-06-27 15:41 --------- d-------- C:\Program Files\iriver
2007-06-27 15:41 --------- d-------- C:\Program Files\iMesh(2)
2007-06-27 15:41 --------- d-------- C:\Program Files\iMesh Applications
2007-06-27 15:41 --------- d-------- C:\Program Files\FrostWire
2007-06-27 15:41 --------- d-------- C:\Program Files\EarthLink 5.0
2007-06-27 15:41 --------- d-------- C:\Program Files\AWS
2007-06-27 15:41 --------- d-------- C:\Program Files\AIM Games
2007-06-27 15:40 --------- d-------- C:\Program Files\PageBreeze
2007-06-19 22:50 --------- d-------- C:\DOCUME~1\NICHOL~1\APPLIC~1\wsInspector
2007-06-16 08:27 1004 --a------ C:\WINDOWS\system32\drivers\ServUStartUpLog.txt
2007-06-12 12:53 --------- d-------- C:\Program Files\Microprose
2007-06-12 12:52 --------- d-------- C:\Program Files\Common Files\Idu


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 09:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 09:59]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-08 18:42]
"CaAvTray"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2006-07-18 22:29]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2006-07-18 22:29]
"eTrustPPAP"="C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe" [2006-07-18 22:19]
"Zone Labs Client"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe" [2005-01-26 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 15:05]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 10:21]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [2007-07-19 16:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Del41"=cmd /c del C:\WINDOWS\TEMP\BundleInstall.exe

C:\Documents and Settings\Nicholas DiBenedetto\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 19:43:46]
system.exe [2007-08-03 02:32:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
autorun.exe [2007-08-03 02:32:50]
DESKTOP.INI [2002-09-03 10:00:00]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-10-19 14:34:23]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 19:43:46]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2006-03-25 01:15:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hrum212.txt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

R0 IFP700;iriver Internet Audio Player IFP-700;C:\WINDOWS\system32\drivers\ifp700.sys
R0 PrevxDriver;PREVX Kernel Mode Agent;C:\WINDOWS\system32\DRIVERS\pxfsf.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 NPPTNT2;NPPTNT2;\??\C:\WINDOWS\system32\npptNT2.sys
R1 PREVXTdi;PREVX TDI filter;C:\WINDOWS\system32\DRIVERS\pxtdi.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 PXRDDriver;PREVX Rootkitscan driver;C:\WINDOWS\system32\DRIVERS\pxrd.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\system32\DRIVERS\wATV03nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
S3 npkycryp;npkycryp;\??\C:\Program Files\Gravity\RO\npkycryp.sys
S3 PREVXEmulator;PREVX Emulator driver;C:\WINDOWS\system32\DRIVERS\PxEmu.sys
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service;C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

*Newly Created Service* - PREVXDRIVER
*Newly Created Service* - PREVXTDI
*Newly Created Service* - PXRDDRIVER

Contents of the 'Scheduled Tasks' folder
2007-08-01 21:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2006-02-07 21:58:29 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-05 16:56:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-05 17:01:31
C:\ComboFix-quarantined-files.txt ... 2007-08-05 17:01
C:\ComboFix2.txt ... 2007-08-05 12:49
C:\ComboFix3.txt ... 2007-08-04 21:48

--- E O F ---
------------------------------------------------------------------------------------

New HijackThis Log:
----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:03:42 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138993339734
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum212.txt
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
If you do things right, then people won't know if you've done anything at all.

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 05 August 2007 - 06:57 PM

First make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum212.txt

Exit Hijackthis.

Find and delete:
C:\WINDOWS\SYSTEM32\WinAvXX.exe
C:\WINDOWS\SYSTEM32\printer.exe

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Posted Image
Posted Image

#9 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:21 AM

Posted 05 August 2007 - 10:12 PM

Hey Richie, I followed your instructions and everything went over fine, the only problem was that I wasn't able to delete "O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum212.txt", when i tried getting rid of it I just got an error. Other than that everything else worked out. Heres my log from the Dr. Web scan.




Dr. Web Scan log file:
--------------------------------------

setup32.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;
Install.exe;C:\Documents and Settings\Brenda DiBenedetto\My Documents\My Videos;Adware.Spysheriff;Incurable.Moved.;
Installpesttrap222006.exe;C:\Documents and Settings\Brenda DiBenedetto\My Documents\My Videos;Adware.Spysheriff;Incurable.Moved.;
erntgphf.exe;C:\Documents and Settings\Michael DiBenedetto\Application Data\ANTIGLUE;Trojan.Packed.149;Incurable.Moved.;
fragpingflaw.exe;C:\Documents and Settings\Michael DiBenedetto\Application Data\ANTIGLUE;Trojan.Swizzor;Deleted.;
Proc once.exe;C:\Documents and Settings\Michael DiBenedetto\Application Data\ANTIGLUE;Trojan.Packed.149;Incurable.Moved.;
jar_cache15020.tmp;C:\Documents and Settings\Michael DiBenedetto\Local Settings\Temp;Trojan.Packed.120;Deleted.;
jar_cache15021.tmp;C:\Documents and Settings\Michael DiBenedetto\Local Settings\Temp;Trojan.Packed.120;Deleted.;
jar_cache15022.tmp;C:\Documents and Settings\Michael DiBenedetto\Local Settings\Temp;Trojan.Packed.120;Deleted.;
jar_cache15023.tmp;C:\Documents and Settings\Michael DiBenedetto\Local Settings\Temp;Trojan.Packed.120;Deleted.;
jar_cache15024.tmp;C:\Documents and Settings\Michael DiBenedetto\Local Settings\Temp;Trojan.Packed.120;Deleted.;
jar_cache15025.tmp;C:\Documents and Settings\Michael DiBenedetto\Local Settings\Temp;Trojan.Packed.120;Deleted.;
sta69.exe;C:\Documents and Settings\Michael DiBenedetto\Local Settings\Temp;Trojan.Packed.149;Incurable.Moved.;
(full version) trogdor guritar hero 40.wma;C:\Documents and Settings\Michael DiBenedetto\Shared;Trojan.Isbar.389;Deleted.;
---------trogdor guritar hero 43.wma;C:\Documents and Settings\Michael DiBenedetto\Shared;Trojan.Isbar.389;Deleted.;
authority wins 50.wma;C:\Documents and Settings\Michael DiBenedetto\Shared;Trojan.Isbar.389;Deleted.;
shared by moby k.k. song animal crossing 33.wma;C:\Documents and Settings\Michael DiBenedetto\Shared;Trojan.Isbar.389;Deleted.;
[Full Version] trogdor guritar hero 52.wma;C:\Documents and Settings\Michael DiBenedetto\Shared;Trojan.Isbar.389;Deleted.;
[Full] turtle sex 09.wma;C:\Documents and Settings\Michael DiBenedetto\Shared;Trojan.Isbar.389;Deleted.;
MiniBugTransporter.EXE;C:\Program Files\AIM;Adware.Aws;Incurable.Moved.;
WxBug.EXE;C:\Program Files\AIM;Adware.Aws;Incurable.Moved.;
PopNDrop.exe;C:\Program Files\GameHouse\PopDrop;Modification of APE.based;Moved.;
morpheustoolbar.exe;C:\Program Files\Morpheus;Adware.MWS.68;Incurable.Moved.;
vtr212.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.DownLoader.28776;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0352815.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367;Adware.MWS.68;Incurable.Moved.;
A0356370.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367;Tool.CleanDisk;Incurable.Moved.;
A0362966.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP368;Tool.CleanDisk;Incurable.Moved.;
A0363115.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP368;Tool.CleanDisk;Incurable.Moved.;
A0364445.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP369;Adware.MWS.68;Incurable.Moved.;
A0367262.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370;Tool.CleanDisk;Incurable.Moved.;
A0367411.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370;Tool.CleanDisk;Incurable.Moved.;
A0368149.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370;Adware.MWS.68;Incurable.Moved.;
A0387413.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381;Tool.Prockill;Incurable.Moved.;
A0414335.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400;Tool.Prockill;Incurable.Moved.;
A0421684.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP406;Trojan.DownLoader.28776;Deleted.;
A0421811.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP407;Trojan.Packed.149;Incurable.Moved.;
A0421812.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP407;Trojan.Swizzor;Deleted.;
A0421813.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP407;Trojan.Packed.149;Incurable.Moved.;
A0421814.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP407;Modification of APE.based;Moved.;
---------------------------------


Again thanks so far for all the help Rich.
If you do things right, then people won't know if you've done anything at all.

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 06 August 2007 - 04:27 AM

Download the trial version of Spy Sweeper:
http://www.webroot.com/shoppingcart/tryme....&vcode=DT14

Install it using the Standard Install option.
You will be asked for your e-mail address,it's safe to give it.
If you receive alerts from your firewall,allow all activities for Spy Sweeper.

You will be prompted to check for updated definitions,please do so,this may take several minutes so please be patient.

Once the updates have been installed,click on 'Options' and check/enable 'Full Sweep [Reccommended]'.
Click on 'Sweep',then 'Start Full Sweep' and allow it to fully scan your system.

When the sweep has finished,click 'Select All' and then click 'Quarantine Selected'.
Under the 'Summary' tab, select 'View Session Log'.
Click 'Save to File' and save the log to your desktop.

Exit Spy Sweeper.

Restart your pc,then copy and paste the SpySweeper log into your next reply.

---------------------------------------------------------------

Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan:
• Select My Computer
• This will start the program and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button:
• Save the file to your desktop.
Copy and paste the contents of that file into your next reply.

Also post a new Hijackthis log.

Edited by RichieUK, 06 August 2007 - 04:28 AM.

Posted Image
Posted Image

#11 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:21 AM

Posted 06 August 2007 - 06:56 PM

Aright heres the Spy Sweeper Log file And a new HijackThis Log File.I was't able to post the Kaspersky webscan results because there were too many "locked" objects, this happened last time i sought help for my computer with another expert from this site. I guess after many failed attempts he just "forgot" about me so I was wondering if you had any ideas as to how I could get these scan results to you.





Spysweeper log:
--------------------------------------
4:01 PM: Removal process completed. Elapsed time 00:01:04
4:00 PM: Quarantining All Traces: casalemedia cookie
4:00 PM: Quarantining All Traces: ic-live cookie
4:00 PM: Quarantining All Traces: go.com cookie
4:00 PM: Quarantining All Traces: did-it cookie
4:00 PM: Quarantining All Traces: askmen cookie
4:00 PM: Quarantining All Traces: yadro cookie
4:00 PM: Quarantining All Traces: xiti cookie
4:00 PM: Quarantining All Traces: burstbeacon cookie
4:00 PM: Quarantining All Traces: tribalfusion cookie
4:00 PM: Quarantining All Traces: sexsearch cookie
4:00 PM: Quarantining All Traces: teensforcash cookie
4:00 PM: Quarantining All Traces: servlet cookie
4:00 PM: Quarantining All Traces: about cookie
4:00 PM: Quarantining All Traces: gangbangsquad cookie
4:00 PM: Quarantining All Traces: directtrack cookie
4:00 PM: Quarantining All Traces: coremetrics cookie
4:00 PM: Quarantining All Traces: coolsavings cookie
4:00 PM: Quarantining All Traces: azjmp cookie
4:00 PM: Quarantining All Traces: atlas dmt cookie
4:00 PM: Quarantining All Traces: angelfire cookie
4:00 PM: Quarantining All Traces: advertising cookie
4:00 PM: Quarantining All Traces: zenotecnico cookie
4:00 PM: Quarantining All Traces: websponsors cookie
4:00 PM: Quarantining All Traces: 2o7.net cookie
4:00 PM: Quarantining All Traces: nextag cookie
4:00 PM: Quarantining All Traces: adrevolver cookie
4:00 PM: Quarantining All Traces: yieldmanager cookie
4:00 PM: Quarantining All Traces: burstnet cookie
4:00 PM: Quarantining All Traces: atwola cookie
4:00 PM: Quarantining All Traces: specificclick.com cookie
4:00 PM: Quarantining All Traces: java byteverify
4:00 PM: Quarantining All Traces: mirar webband
4:00 PM: Quarantining All Traces: findthewebsiteyouneed hijack
4:00 PM: Quarantining All Traces: surfsidekick
4:00 PM: Informational: Virus infected file c:\documents and settings\michael dibenedetto\shared\rare recording.wma not cleaned.
4:00 PM: Informational: Virus infected file c:\documents and settings\michael dibenedetto\shared\eighties classic.wma not cleaned.
4:00 PM: Informational: Virus infected file c:\documents and settings\michael dibenedetto\shared\happy adventure, delightful adventure not cleaned.
4:00 PM: Quarantining All Traces: Troj/Wimad-D
4:00 PM: Quarantining All Traces: Troj/ByteVeri-K
4:00 PM: Quarantining All Traces: Troj/Spywad-Gen
4:00 PM: Quarantining All Traces: Troj/Drsmart-BW
4:00 PM: Quarantining All Traces: lopdotcom
4:00 PM: Quarantining All Traces: zenosearchassistant
4:00 PM: Removal process initiated
3:56 PM: Traces Found: 83
3:56 PM: Full Sweep has completed. Elapsed time 02:13:36
3:56 PM: File Sweep Complete, Elapsed Time: 02:02:04
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zeno4.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\networkmonitor3.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc1.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec7.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\fasst8.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\fasst7.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webnexus.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick2.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\networkmonitor1.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\fasst5.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\fasst4.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\fasst2.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\casclient.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec11.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zeno2.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec8.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec9.zip]
3:55 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec10.zip]
3:52 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\michael dibenedetto\local settings\temporary internet files\content.ie5\w16bolun\[kh]_anyone_you_can_do_01[c846788f][1].rar]
3:48 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig709\enu\data1.cab]
3:48 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060929231526.zip]
3:46 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
3:46 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20070404000022.zip]
3:46 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060814023259.zip]
3:39 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060204025707.zip]
3:39 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20070404005951.zip]
3:39 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060719025123.zip]
3:38 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent11.zip]
3:38 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060703202422.zip]
3:38 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060719033119.zip]
3:38 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike18.zip]
3:38 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060718223733.zip]
3:38 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060220005450.zip]
3:38 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice.zip]
3:38 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice1.zip]
3:38 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060712200152.zip]
3:37 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick10.zip]
3:37 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060712175349.zip]
3:37 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060204222222.zip]
3:37 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent12.zip]
3:37 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\michael dibenedetto\my documents\download\madokamiyasha\data.rar]
3:32 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent14.zip]
3:32 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice9.zip]
3:32 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060712175750.zip]
3:31 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick1.zip]
3:31 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\pat dibenedetto\local settings\temp\gtb1a8.tmp.cab]
3:31 PM: Warning: TCompressedFile.GetStreams(2): Stream read error
3:31 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060712135406.zip]
3:29 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-5492bd5c.zip (ID = 0)
3:29 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-5492bd5c.zip (ID = 0)
3:29 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-5492bd5c.zip (ID = 64830)
3:29 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-5492bd5c.zip (ID = 64824)
3:29 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-5492bd5c.zip (ID = 64818)
3:29 PM: Found Adware: java byteverify
3:29 PM: Informational: Detected virus Troj/ByteVeri-K in file c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-5492bd5c.zip object Xeyond.class
3:29 PM: Informational: Detected virus Troj/ByteVeri-K in file c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-5492bd5c.zip object Worker.class
3:28 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060712191328.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060308215629.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060206032155.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zeno3.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060712152820.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060712195019.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\michael dibenedetto\local settings\temporary internet files\content.ie5\s1yv8x2f\swflash[1].cab]
3:27 PM: Warning: TCompressedFile.GetStreams(2): Stream read error
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice8.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick14.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\fasst6.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\fasst3.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\fasst1.zip]
3:27 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts1.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060719023556.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterupdatedisablenotify.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick13.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick12.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterspupdate.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterfirewalloverride.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet13.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet12.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec3.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec1.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet11.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet10.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet9.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet8.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\bookedspace.zip]
3:26 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\bookedspace1.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowsexplorer1.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowsexplorer.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet6.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet5.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet4.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet3.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet2.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\networkmonitor2.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\networkmonitor.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch5.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch4.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch3.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch2.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch1.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\fasst.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterfirewalldisablenotify.zip]
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch.zip]
3:24 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\bookedspace2.zip]
3:24 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\bookedspace3.zip]
3:24 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060712180655.zip]
3:24 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike2.zip]
3:24 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zeno1.zip]
3:24 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060719025300.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060718225135.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\bookedspace4.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice7.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet16.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick3.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusoverride.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice2.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusdisablenotify.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent18.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent16.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent15.zip]
3:23 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent2.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike9.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060712135410.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike8.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike1.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycentertaskmanager1.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycentertaskmanager.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent36.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent35.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent34.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent33.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent32.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick16.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet19.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch13.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch12.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch11.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch10.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060718233135.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice3.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060712151343.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent3.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060719024718.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent4.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent5.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent6.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent7.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060712140700.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice4.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike10.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick9.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060712151333.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike3.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent23.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent22.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent21.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent20.zip]
3:22 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\bookedspace6.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060718233152.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet7.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060712151349.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick7.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick6.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike7.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike21.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice10.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec4.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060204181106.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice11.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice12.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice13.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent19.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060204113230.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike19.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike17.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike16.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike15.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060712135754.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike14.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike13.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike12.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike11.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick15.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusavenow1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike6.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\bookedspace5.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike5.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\sexlist1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick11.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\sexlist.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\networkmonitor4.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\dyfucainternetoptimizer1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\dyfucainternetoptimizer.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch9.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch8.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusavenow2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusdisablenotify2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusoverride2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterfirewalldisablenotify2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterfirewalloverride2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterspupdate2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterupdatedisablenotify2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent8.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearchleftovers.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick8.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterupdatedisablenotify1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterspupdate1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spyhunter.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec5.zip]
3:20 PM: C:\QooBox\Quarantine\catchme2007-08-04_214220.29.zip (ID = 77733)
3:20 PM: Found Adware: surfsidekick
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zeno.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spysheriff.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick5.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060718233154.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterfirewalloverride1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterfirewalldisablenotify1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusoverride1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusdisablenotify1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet18.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet17.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymybar.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike4.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060204171136.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060204171102.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet15.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060712191036.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet14.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice15.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice5.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice6.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commandservice14.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent17.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060718233146.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060718233140.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent27.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060204172247.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060718233125.zip]
Not enough storage is available to process this command
3:19 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060204170950.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060813223321.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick4.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060204172231.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusavenow.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymybar1.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\malwarewipe.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent10.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent9.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent13.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent26.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch7.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch6.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060718224557.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\bearshare3.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\bearshare2.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060718233443.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\bearshare1.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\bearshare.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\vcodec6.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060712140324.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060712154728.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\quarantine\20060220005601.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060203215743.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spywarestrike20.zip]
3:18 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\ca\etrust ez armor\etrust pestpatrol\core\quarantine\20060203215724.zip]
3:18 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent25.zip]
3:18 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\surfsidekick.zip]
3:18 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent24.zip]
3:18 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent31.zip]
3:18 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent30.zip]
3:18 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent29.zip]
3:18 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\wildtangent28.zip]
3:18 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
3:18 PM: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
3:18 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms82adf743-c3f2-46be-b122-d19389327eae.tmp]
3:18 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9195553b-2eb1-4f73-acc5-0d7657e3cb27.tmp]
3:18 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsbd559bbb-73aa-4636-9127-8861cdfcba3b.tmp]
3:18 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsecda8e5f-14dc-4024-abd9-7788947576fe.tmp]
3:18 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms92d94f06-7891-4221-b7bc-c04c704b43f7.tmp]
3:18 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5bebaf31-6613-4e1c-8050-541c3e4907ee.tmp]
3:18 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms93fc0914-5539-4d69-befa-08f27a59dc8f.tmp]
3:18 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9ec1e1ab-b83c-40ba-b6d2-3e5fec01711c.tmp]
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms82adf743-c3f2-46be-b122-d19389327eae.tmp". The operation completed successfully
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9195553b-2eb1-4f73-acc5-0d7657e3cb27.tmp". The operation completed successfully
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsbd559bbb-73aa-4636-9127-8861cdfcba3b.tmp". The operation completed successfully
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsecda8e5f-14dc-4024-abd9-7788947576fe.tmp". The operation completed successfully
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms92d94f06-7891-4221-b7bc-c04c704b43f7.tmp". The operation completed successfully
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5bebaf31-6613-4e1c-8050-541c3e4907ee.tmp". The operation completed successfully
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms93fc0914-5539-4d69-befa-08f27a59dc8f.tmp". The operation completed successfully
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9ec1e1ab-b83c-40ba-b6d2-3e5fec01711c.tmp". The operation completed successfully
3:18 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\application data\aim\yqbqbaez\monkpart6\urlcache\aim361.tmp]
3:18 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\application data\aim\yqbqbaez\monkpart6\urlcache\aim2.tmp]
3:18 PM: Warning: Failed to open file "c:\documents and settings\nicholas dibenedetto\application data\aim\yqbqbaez\monkpart6\urlcache\aim361.tmp". The operation completed successfully
3:18 PM: Warning: Failed to open file "c:\documents and settings\nicholas dibenedetto\application data\aim\yqbqbaez\monkpart6\urlcache\aim2.tmp". The operation completed successfully
3:16 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\wxse6c49\cs_email[1].gif]
3:16 PM: Warning: Failed to open file "c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\wxse6c49\cs_email[1].gif". The operation completed successfully
3:16 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\yhlyjehk\nav_m[1].gif]
3:16 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\ol4zsfoj\rss[1].gif]
3:16 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\ry0jv9kl\nav[1].gif]
3:16 PM: Warning: Failed to open file "c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\ol4zsfoj\rss[1].gif". The operation completed successfully
3:16 PM: Warning: Failed to open file "c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\yhlyjehk\nav_m[1].gif". The operation completed successfully
3:16 PM: Warning: Failed to open file "c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\ry0jv9kl\nav[1].gif". The operation completed successfully
3:14 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\yhlyjehk\site=myspace&position=halfpage&page=11014003&rand=828693673&acnt=1schoolpage=0[1].htm]
3:14 PM: Warning: Failed to open file "c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\yhlyjehk\site=myspace&position=halfpage&page=11014003&rand=828693673&acnt=1schoolpage=0[1].htm". The operation completed successfully
3:14 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\application data\aim\yqbqbaez\monkpart6\urlcache\aim7.tmp]
3:14 PM: Warning: Failed to open file "c:\documents and settings\nicholas dibenedetto\application data\aim\yqbqbaez\monkpart6\urlcache\aim7.tmp". The operation completed successfully
3:14 PM: c:\documents and settings\michael dibenedetto\start menu\programs\startup\z_start.lnk (ID = 235994)
3:14 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\application data\aim\yqbqbaez\monkpart6\urlcache\aim17.tmp]
3:14 PM: Warning: Failed to open file "c:\documents and settings\nicholas dibenedetto\application data\aim\yqbqbaez\monkpart6\urlcache\aim17.tmp". The operation completed successfully
3:14 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\application data\aim\yqbqbaez\monkpart6\urlcache\aimd.tmp]
3:14 PM: Warning: Failed to open file "c:\documents and settings\nicholas dibenedetto\application data\aim\yqbqbaez\monkpart6\urlcache\aimd.tmp". The operation completed successfully
3:13 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\nicholas dibenedetto\ntuser.dat]
3:13 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\system]
3:12 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\default]
3:11 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\nicholas dibenedetto\application data\adobe\acrobat\7.0\messages\enu\read0700win_enuadbe0700.pdf]
3:08 PM: C:\Documents and Settings\Brenda DiBenedetto\Start Menu\Programs\Startup\Think-Adz.lnk (ID = 372576)
3:08 PM: c:\documents and settings\michael dibenedetto\start menu\programs\startup\think-adz.lnk (ID = 372576)
3:08 PM: C:\Documents and Settings\Chris DiBenedetto\Start Menu\Programs\Startup\Think-Adz.lnk (ID = 372576)
3:07 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\hiberfil.sys]
3:05 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]
3:05 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsbbea4419-3af2-41b6-b24e-28d4bd426f70.tmp]
3:05 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\software]
3:04 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\downloads\niktoutro_chaos_full_game_client_0517.exe.jc!]
3:04 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf6a5d289-4c18-4ef8-9fe4-933f3043874c.tmp]
3:04 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms92e3bc7c-fd4c-4652-a388-ceaa63165c6e.tmp]
3:03 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf83c7233-d41d-4e64-b60f-a0de32ba7966.tmp]
3:01 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9517f555-5b1e-46f2-8eb8-4adce2bfe82a.tmp]
3:01 PM: c:\documents and settings\michael dibenedetto\shared\happy adventure, delightful adventure (ID = 0)
2:59 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\6.0\30\5e59a65e-6cb14b3b (ID = 0)
2:59 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\6.0\30\5e59a65e-6cb14b3b (ID = 0)
2:59 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\6.0\30\5e59a65e-6cb14b3b (ID = 0)
2:59 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\6.0\30\5e59a65e-6cb14b3b (ID = 0)
2:59 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\security]
2:59 PM: c:\documents and settings\michael dibenedetto\shared\eighties classic.wma (ID = 0)
2:59 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsef84c57b-8b1c-4bc2-bf84-e4c712eaebf2.tmp]
2:58 PM: c:\documents and settings\michael dibenedetto\shared\rare recording.wma (ID = 0)
2:58 PM: Found Troj/Wimad-D: Troj/Wimad-D
2:56 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms8135a258-c127-4266-b518-e38bbaee2b05.tmp]
2:55 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\windows\installer\msi3f.tmp]
2:52 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms23e2b316-b3d5-4c84-9b7a-86dde8e14ab5.tmp]
2:48 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms809c623d-4319-4ffe-88a3-548ca3799028.tmp]
2:47 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch(2)\websearchenu.pdf]
2:44 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3f5bccc4-6d6c-4f31-a3db-07ad6da5069a.tmp]
2:42 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages(2)\rdrmsgsplash.pdf]
2:41 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages(2)\enu(2)\rdrmsgenu.pdf]
2:40 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\6.0\30\5e59a65e-5348a9ff (ID = 0)
2:40 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\6.0\30\5e59a65e-5348a9ff (ID = 0)
2:40 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\6.0\30\5e59a65e-5348a9ff (ID = 0)
2:40 PM: c:\documents and settings\michael dibenedetto\application data\sun\java\deployment\cache\6.0\30\5e59a65e-5348a9ff (ID = 0)
2:40 PM: Found Troj/ByteVeri-K: Troj/ByteVeri-K
2:28 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\michael dibenedetto\desktop\chapter 1. 5 questions.doc]
2:13 PM: ApplicationMinimized - EXIT
2:13 PM: ApplicationMinimized - ENTER
2:13 PM: ApplicationMinimized - EXIT
2:13 PM: ApplicationMinimized - ENTER
2:11 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsc0f55b77-5287-48ab-b983-2baa90bfb66a.tmp]
2:04 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\ry0jv9kl\nospam[1].jpg]
2:03 PM: C:\Documents and Settings\Nicholas DiBenedetto\DoctorWeb\Quarantine\Installpesttrap222006.exe (ID = 0)
2:03 PM: C:\Documents and Settings\Nicholas DiBenedetto\DoctorWeb\Quarantine\Install.exe (ID = 0)
2:03 PM: Found Troj/Spywad-Gen: Troj/Spywad-Gen
2:03 PM: C:\Documents and Settings\Nicholas DiBenedetto\DoctorWeb\Quarantine\setup32.exe (ID = 0)
2:03 PM: Found Troj/Drsmart-BW: Troj/Drsmart-BW
2:02 PM: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\Think-Adz.lnk (ID = 372576)
2:02 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\nicholas dibenedetto\local settings\temporary internet files\content.ie5\0lqvo1a7\ms_vistanew[1].gif]
2:00 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se personal\skins\ad-aware se default.ask]
1:54 PM: Starting File Sweep
1:54 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
1:54 PM: Cookie Sweep Complete, Elapsed Time: 00:00:09
1:54 PM: C:\Documents and Settings\Nicholas DiBenedetto\Application Data\Mozilla\Firefox\Profiles\ryu931fc.default\cookies.txt (ID = 3751)
1:54 PM: C:\Documents and Settings\Nicholas DiBenedetto\Application Data\Mozilla\Firefox\Profiles\ryu931fc.default\cookies.txt (ID = 2354)
1:54 PM: C:\Documents and Settings\Nicholas DiBenedetto\Application Data\Mozilla\Firefox\Profiles\ryu931fc.default\cookies.txt (ID = 2354)
1:54 PM: C:\Documents and Settings\Nicholas DiBenedetto\Application Data\Mozilla\Firefox\Profiles\ryu931fc.default\cookies.txt (ID = 2354)
1:54 PM: Found Spy Cookie: casalemedia cookie
1:54 PM: C:\Documents and Settings\Nicholas DiBenedetto\Application Data\Mozilla\Firefox\Profiles\ryu931fc.default\cookies.txt (ID = 3589)
1:54 PM: C:\Documents and Settings\Nicholas DiBenedetto\Application Data\Mozilla\Firefox\Profiles\ryu931fc.default\cookies.txt (ID = 2253)
1:54 PM: c:\documents and settings\pat dibenedetto\cookies\pat dibenedetto@ic-live[1].txt (ID = 2821)
1:54 PM: Found Spy Cookie: ic-live cookie
1:54 PM: c:\documents and settings\pat dibenedetto\cookies\pat dibenedetto@go[1].txt (ID = 2728)
1:54 PM: Found Spy Cookie: go.com cookie
1:54 PM: c:\documents and settings\pat dibenedetto\cookies\pat dibenedetto@directtrack[2].txt (ID = 2527)
1:54 PM: c:\documents and settings\pat dibenedetto\cookies\pat dibenedetto@did-it[1].txt (ID = 2523)
1:54 PM: Found Spy Cookie: did-it cookie
1:54 PM: c:\documents and settings\pat dibenedetto\cookies\pat dibenedetto@dalenetwork.directtrack[2].txt (ID = 2528)
1:54 PM: c:\documents and settings\pat dibenedetto\cookies\pat dibenedetto@angleinteractive.directtrack[2].txt (ID = 2528)
1:54 PM: c:\documents and settings\brenda dibenedetto\cookies\brenda dibenedetto@www.askmen[2].txt (ID = 2248)
1:54 PM: c:\documents and settings\brenda dibenedetto\cookies\brenda dibenedetto@askmen[2].txt (ID = 2247)
1:54 PM: Found Spy Cookie: askmen cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@yadro[1].txt (ID = 3743)
1:54 PM: Found Spy Cookie: yadro cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@xiti[1].txt (ID = 3717)
1:54 PM: Found Spy Cookie: xiti cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@www.teensforcash[1].txt (ID = 3510)
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@www.gangbangsquad[2].txt (ID = 2721)
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@www.burstbeacon[2].txt (ID = 2335)
1:54 PM: Found Spy Cookie: burstbeacon cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@tribalfusion[1].txt (ID = 3589)
1:54 PM: Found Spy Cookie: tribalfusion cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@tour.splash.sexsearch[1].txt (ID = 3358)
1:54 PM: Found Spy Cookie: sexsearch cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@teensforcash[2].txt (ID = 3509)
1:54 PM: Found Spy Cookie: teensforcash cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@servlet[1].txt (ID = 3345)
1:54 PM: Found Spy Cookie: servlet cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@nextag[2].txt (ID = 5014)
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@millnicmedia.directtrack[2].txt (ID = 2528)
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@graphicssoft.about[2].txt (ID = 2038)
1:54 PM: Found Spy Cookie: about cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@gangbangsquad[2].txt (ID = 2720)
1:54 PM: Found Spy Cookie: gangbangsquad cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@directtrack[1].txt (ID = 2527)
1:54 PM: Found Spy Cookie: directtrack cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@data.coremetrics[1].txt (ID = 2472)
1:54 PM: Found Spy Cookie: coremetrics cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@coolsavings[2].txt (ID = 2465)
1:54 PM: Found Spy Cookie: coolsavings cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@burstnet[1].txt (ID = 2336)
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@azjmp[1].txt (ID = 2270)
1:54 PM: Found Spy Cookie: azjmp cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@atwola[2].txt (ID = 2255)
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@atdmt[1].txt (ID = 2253)
1:54 PM: Found Spy Cookie: atlas dmt cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@angelfire[1].txt (ID = 2221)
1:54 PM: Found Spy Cookie: angelfire cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@advertising[1].txt (ID = 2175)
1:54 PM: Found Spy Cookie: advertising cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@ads3.zenotecnico[1].txt (ID = 3859)
1:54 PM: Found Spy Cookie: zenotecnico cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@adrevolver[2].txt (ID = 2088)
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@adrevolver[1].txt (ID = 2088)
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@adopt.specificclick[1].txt (ID = 3400)
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@ad.yieldmanager[1].txt (ID = 3751)
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@a.websponsors[2].txt (ID = 3665)
1:54 PM: Found Spy Cookie: websponsors cookie
1:54 PM: c:\documents and settings\michael dibenedetto\cookies\michael dibenedetto@2o7[1].txt (ID = 1957)
1:54 PM: Found Spy Cookie: 2o7.net cookie
1:54 PM: c:\documents and settings\nicholas dibenedetto\cookies\nicholas dibenedetto@nextag[2].txt (ID = 5014)
1:54 PM: Found Spy Cookie: nextag cookie
1:54 PM: c:\documents and settings\nicholas dibenedetto\cookies\nicholas dibenedetto@adrevolver[2].txt (ID = 2088)
1:54 PM: c:\documents and settings\nicholas dibenedetto\cookies\nicholas dibenedetto@adrevolver[1].txt (ID = 2088)
1:54 PM: Found Spy Cookie: adrevolver cookie
1:54 PM: c:\documents and settings\nicholas dibenedetto\cookies\nicholas dibenedetto@ad.yieldmanager[2].txt (ID = 3751)
1:54 PM: Found Spy Cookie: yieldmanager cookie
1:54 PM: c:\documents and settings\chris dibenedetto\cookies\chris dibenedetto@burstnet[2].txt (ID = 2336)
1:54 PM: Found Spy Cookie: burstnet cookie
1:54 PM: c:\documents and settings\chris dibenedetto\cookies\chris dibenedetto@atwola[2].txt (ID = 2255)
1:54 PM: Found Spy Cookie: atwola cookie
1:54 PM: c:\documents and settings\chris dibenedetto\cookies\chris dibenedetto@adopt.specificclick[1].txt (ID = 3400)
1:54 PM: Found Spy Cookie: specificclick.com cookie
1:54 PM: Starting Cookie Sweep
1:54 PM: Registry Sweep Complete, Elapsed Time:00:00:58
1:53 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\microsoft\internet explorer\new windows\allow\ || www.netbios-wait.com (ID = 2126063)
1:53 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\microsoft\internet explorer\new windows\allow\ || netbios-wait.com (ID = 2126062)
1:53 PM: Found Adware: lopdotcom
1:53 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\relevanceinstaller\ (ID = 1896814)
1:53 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\lifetimeporn\ (ID = 1896808)
1:53 PM: Found Adware: mirar webband
1:53 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\microsoft\internet explorer\search\searchassistant explorer\main\ || Default_Search_URL (ID = 1554015)
1:53 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
1:53 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
1:53 PM: Found Adware: findthewebsiteyouneed hijack
1:53 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\zeno search assistant\ (ID = 1697581)
1:53 PM: Found Adware: zenosearchassistant
1:53 PM: Starting Registry Sweep
1:53 PM: Memory Sweep Complete, Elapsed Time: 00:09:38
1:43 PM: Starting Memory Sweep
1:43 PM: ApplicationMinimized - EXIT
1:43 PM: ApplicationMinimized - ENTER
1:42 PM: ApplicationMinimized - EXIT
1:42 PM: ApplicationMinimized - ENTER
1:42 PM: Start Full Sweep
1:42 PM: Sweep initiated using definitions version 961
1:41 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
1:41 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
Keylogger: Off
E-mail Attachment: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
1:41 PM: Shield States
1:41 PM: License Check Status (0): Success
1:39 PM: Spyware Definitions: 961
1:38 PM: Informational: Loaded AntiVirus Engine: 2.47.0; SDK Version: 4.19E; Virus Definitions: 8/6/2007 11:49:50 AM (GMT)
1:33 PM: Spy Sweeper 5.5.7.48 started
1:33 PM: Spy Sweeper 5.5.7.48 started
1:33 PM: | Start of Session, Monday, August 06, 2007 |
***************
1:03 PM: Starting Memory Sweep
1:02 PM: Start Full Sweep
1:02 PM: Sweep initiated using definitions version 961
1:00 PM: ApplicationMinimized - EXIT
1:00 PM: ApplicationMinimized - ENTER
1:00 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
1:00 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
Keylogger: Off
E-mail Attachment: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:59 PM: Shield States
12:58 PM: License Check Status (0): Success
12:57 PM: Spyware Definitions: 961
12:57 PM: Informational: Loaded AntiVirus Engine: 2.47.0; SDK Version: 4.19E; Virus Definitions: 8/6/2007 11:49:50 AM (GMT)
12:52 PM: Spy Sweeper 5.5.7.48 started
12:52 PM: Spy Sweeper 5.5.7.48 started
12:52 PM: | Start of Session, Monday, August 06, 2007 |
***************
6:31 PM: | End of Session, Friday, February 03, 2006 |
6:30 PM: Your spyware definitions have been updated.
6:27 PM: Spy Sweeper started
6:27 PM: | Start of Session, Friday, February 03, 2006 |
********
7:04 PM: Removal process completed. Elapsed time 00:01:07
7:04 PM: Preparing to restart your computer. Please wait...
7:04 PM: Quarantining All Traces: yieldmanager cookie
7:04 PM: Quarantining All Traces: whenu
7:04 PM: Quarantining All Traces: whenu weathercast
7:04 PM: Quarantining All Traces: whenu save
7:04 PM: Quarantining All Traces: whenu savenow
7:04 PM: Quarantining All Traces: websponsors cookie
7:04 PM: Quarantining All Traces: webpower cookie
7:04 PM: Quarantining All Traces: uptodatesecurity cookie
7:04 PM: Quarantining All Traces: upspiral cookie
7:04 PM: Quarantining All Traces: trafficmp cookie
7:04 PM: Quarantining All Traces: tracking cookie
7:04 PM: Quarantining All Traces: tickle cookie
7:04 PM: Quarantining All Traces: tacoda cookie
7:04 PM: Quarantining All Traces: starware.com cookie
7:04 PM: Quarantining All Traces: spykiller cookie
7:04 PM: Quarantining All Traces: specificclick.com cookie
7:04 PM: Quarantining All Traces: serving-sys cookie
7:04 PM: Quarantining All Traces: seeq cookie
7:04 PM: Quarantining All Traces: screensavers.com cookie
7:04 PM: Quarantining All Traces: ru4 cookie
7:04 PM: Quarantining All Traces: rn11 cookie
7:04 PM: Quarantining All Traces: rightmedia cookie
7:04 PM: Quarantining All Traces: reunion cookie
7:04 PM: Quarantining All Traces: reliablestats cookie
7:04 PM: Quarantining All Traces: questionmarket cookie
7:04 PM: Quarantining All Traces: primaryads cookie
7:04 PM: Quarantining All Traces: pricegrabber cookie
7:04 PM: Quarantining All Traces: pesttrap cookie
7:04 PM: Quarantining All Traces: passion cookie
7:04 PM: Quarantining All Traces: offeroptimizer cookie
7:04 PM: Quarantining All Traces: nextag cookie
7:04 PM: Quarantining All Traces: myaffiliateprogram.com cookie
7:04 PM: Quarantining All Traces: mp3downloadhq cookie
7:04 PM: Quarantining All Traces: malwarewipe cookie
7:04 PM: Quarantining All Traces: hypertracker.com cookie
7:04 PM: Quarantining All Traces: hbmediapro cookie
7:04 PM: Quarantining All Traces: go2net.com cookie
7:04 PM: Quarantining All Traces: go.com cookie
7:04 PM: Quarantining All Traces: gain - common components
7:04 PM: Quarantining All Traces: exitexchange cookie
7:04 PM: Quarantining All Traces: domain sponsor cookie
7:04 PM: Quarantining All Traces: did-it cookie
7:04 PM: Quarantining All Traces: dealtime cookie
7:04 PM: Quarantining All Traces: clickandtrack cookie
7:04 PM: Quarantining All Traces: classmates cookie
7:04 PM: Quarantining All Traces: cc214142 cookie
7:04 PM: Quarantining All Traces: burstnet cookie
7:04 PM: Quarantining All Traces: burstbeacon cookie
7:04 PM: Quarantining All Traces: bizrate cookie
7:04 PM: Quarantining All Traces: belnk cookie
7:04 PM: Quarantining All Traces: banner cookie
7:04 PM: Quarantining All Traces: atwola cookie
7:04 PM: Quarantining All Traces: ask cookie
7:04 PM: Quarantining All Traces: adultfriendfinder cookie
7:04 PM: Quarantining All Traces: adlegend cookie
7:04 PM: Quarantining All Traces: adknowledge cookie
7:04 PM: Quarantining All Traces: about cookie
7:04 PM: Quarantining All Traces: 382 cookie
7:04 PM: Quarantining All Traces: 360i cookie
7:04 PM: Quarantining All Traces: 2o7.net cookie
7:04 PM: Quarantining All Traces: spywarestrike
7:04 PM: Quarantining All Traces: shopathomeselect
7:04 PM: Quarantining All Traces: relatedlinks bho
7:04 PM: Quarantining All Traces: pesttrap
7:04 PM: Quarantining All Traces: java byteverify
7:04 PM: Quarantining All Traces: exact cashback/bargain buddy
7:04 PM: Quarantining All Traces: deskad
7:04 PM: Quarantining All Traces: coolsavings
7:04 PM: Quarantining All Traces: winad
7:04 PM: Quarantining All Traces: trojan-downloader-delf
7:04 PM: Quarantining All Traces: apropos
7:04 PM: mssearchnet.exe is in use. It will be removed on reboot.
7:04 PM: trojan-downloader-zlob is in use. It will be removed on reboot.
7:04 PM: Quarantining All Traces: trojan-downloader-zlob
7:04 PM: Quarantining All Traces: trojan-downloader-moneymind
7:04 PM: Quarantining All Traces: security2k hijacker
7:04 PM: Quarantining All Traces: rbot
7:03 PM: Quarantining All Traces: 180search assistant/zango
7:03 PM: Removal process initiated
7:02 PM: Traces Found: 277
7:02 PM: Full Sweep has completed. Elapsed time 00:31:23
7:02 PM: File Sweep Complete, Elapsed Time: 00:19:19
7:02 PM: dummy.class-aefe5c-7b13cf8c.class (ID = 64821)
7:02 PM: Found Adware: java byteverify
7:01 PM: vvsninst.exe (ID = 127141)
7:00 PM: v.dat (ID = 75968)
6:58 PM: kdlmjh8r.dat (ID = 75677)
6:57 PM: weathercast.lnk (ID = 130071)
6:56 PM: salmau.dat (ID = 93788)
6:56 PM: salm_gdf.dat (ID = 93789)
6:53 PM: piggy.cgd (ID = 53867)
6:53 PM: ub.dat (ID = 50877)
6:53 PM: Found Adware: exact cashback/bargain buddy
6:53 PM: ppq9f.tmp (ID = 129780)
6:53 PM: resa7.tmp (ID = 157832)
6:53 PM: vvsninst.exe (ID = 127141)
6:52 PM: sa160.exe (ID = 231403)
6:52 PM: Found Adware: spywarestrike
6:52 PM: saveinstwm.exe (ID = 74391)
6:48 PM: vvsn.exe (ID = 188685)
6:48 PM: ppqec.tmp (ID = 74391)
6:48 PM: Found Adware: whenu save
6:46 PM: deskadx.dll (ID = 57857)
6:46 PM: Found Adware: deskad
6:45 PM: vg.dat (ID = 75979)
6:45 PM: Found Adware: shopathomeselect
6:45 PM: squiggly.cgd (ID = 53868)
6:45 PM: mediagateway[1].exe (ID = 214272)
6:45 PM: ppqd8.tmp (ID = 50158)
6:45 PM: Found Adware: apropos
6:44 PM: ppq11.tmp (ID = 127161)
6:44 PM: Found Adware: whenu savenow
6:44 PM: uninstall.exe (ID = 235956)
6:43 PM: 180a9.mht (ID = 148810)
6:43 PM: 1802.mht (ID = 148809)
6:43 PM: c:\program files\pesttrap (1 subtraces) (ID = -2147459352)
6:43 PM: Found Adware: pesttrap
6:43 PM: c:\documents and settings\michael dibenedetto\start menu\programs\weathercast (1 subtraces) (ID = -2147480072)
6:43 PM: c:\documents and settings\michael dibenedetto\local settings\temp\fsg_tmp (8 subtraces) (ID = -2147480935)
6:43 PM: Found Adware: gain - common components
6:43 PM: c:\documents and settings\michael dibenedetto\start menu\programs\whenu (3 subtraces) (ID = -2147480383)
6:43 PM: Starting File Sweep
6:43 PM: Cookie Sweep Complete, Elapsed Time: 00:00:16
6:43 PM: pat dibenedetto@www2.nextag[1].txt (ID = 5015)
6:43 PM: pat dibenedetto@www.uptodatesecurity[2].txt (ID = 6465)
6:43 PM: Found Spy Cookie: uptodatesecurity cookie
6:43 PM: pat dibenedetto@www.upspiral[2].txt (ID = 3615)
6:43 PM: Found Spy Cookie: upspiral cookie
6:43 PM: pat dibenedetto@www.screensavers[2].txt (ID = 3298)
6:43 PM: Found Spy Cookie: screensavers.com cookie
6:43 PM: pat dibenedetto@www.nextag[1].txt (ID = 5015)
6:43 PM: pat dibenedetto@www.myaffiliateprogram[2].txt (ID = 3032)
6:43 PM: Found Spy Cookie: myaffiliateprogram.com cookie
6:43 PM: pat dibenedetto@www.malwarewipe[2].txt (ID = 6468)
6:43 PM: pat dibenedetto@www.disney.go[1].txt (ID = 2729)
6:43 PM: pat dibenedetto@www.burstbeacon[1].txt (ID = 2335)
6:43 PM: pat dibenedetto@urbanlegends.about[1].txt (ID = 2038)
6:43 PM: pat dibenedetto@tracking[1].txt (ID = 3571)
6:43 PM: Found Spy Cookie: tracking cookie
6:43 PM: pat dibenedetto@stat.dealtime[2].txt (ID = 2506)
6:43 PM: pat dibenedetto@starware[2].txt (ID = 3441)
6:43 PM: Found Spy Cookie: starware.com cookie
6:43 PM: pat dibenedetto@spykiller[1].txt (ID = 3413)
6:43 PM: Found Spy Cookie: spykiller cookie
6:43 PM: pat dibenedetto@serving-sys[1].txt (ID = 3343)
6:43 PM: Found Spy Cookie: serving-sys cookie
6:43 PM: pat dibenedetto@searchportal.domainsponsor[1].txt (ID = 2534)
6:43 PM: Found Spy Cookie: domain sponsor cookie
6:43 PM: pat dibenedetto@rightmedia[2].txt (ID = 3259)
6:43 PM: Found Spy Cookie: rightmedia cookie
6:43 PM: pat dibenedetto@reunion[1].txt (ID = 3255)
6:43 PM: pat dibenedetto@questionmarket[1].txt (ID = 3217)
6:43 PM: Found Spy Cookie: questionmarket cookie
6:43 PM: pat dibenedetto@pricegrabber[1].txt (ID = 3185)
6:43 PM: Found Spy Cookie: pricegrabber cookie
6:43 PM: pat dibenedetto@passion[1].txt (ID = 3113)
6:43 PM: Found Spy Cookie: passion cookie
6:43 PM: pat dibenedetto@nextag[2].txt (ID = 5014)
6:43 PM: pat dibenedetto@msnportal.112.2o7[1].txt (ID = 1958)
6:43 PM: pat dibenedetto@microsofteup.112.2o7[1].txt (ID = 1958)
6:43 PM: pat dibenedetto@maxim.122.2o7[1].txt (ID = 1958)
6:43 PM: pat dibenedetto@malwarewipe[1].txt (ID = 6467)
6:43 PM: pat dibenedetto@inventors.about[1].txt (ID = 2038)
6:43 PM: pat dibenedetto@hits.clickandtrack[1].txt (ID = 2397)
6:43 PM: Found Spy Cookie: clickandtrack cookie
6:43 PM: pat dibenedetto@go[1].txt (ID = 2728)
6:43 PM: pat dibenedetto@go2net[1].txt (ID = 2730)
6:43 PM: Found Spy Cookie: go2net.com cookie
6:43 PM: pat dibenedetto@familyfun.go[1].txt (ID = 2729)
6:43 PM: pat dibenedetto@exitexchange[1].txt (ID = 2633)
6:43 PM: Found Spy Cookie: exitexchange cookie
6:43 PM: pat dibenedetto@e.rn11[2].txt (ID = 3262)
6:43 PM: Found Spy Cookie: rn11 cookie
6:43 PM: pat dibenedetto@dist.belnk[1].txt (ID = 2293)
6:43 PM: pat dibenedetto@disney.go[1].txt (ID = 2729)
6:43 PM: pat dibenedetto@did-it[2].txt (ID = 2523)
6:43 PM: Found Spy Cookie: did-it cookie
6:43 PM: pat dibenedetto@dealtime[1].txt (ID = 2505)
6:43 PM: Found Spy Cookie: dealtime cookie
6:43 PM: pat dibenedetto@ct.360i[2].txt (ID = 1962)
6:43 PM: Found Spy Cookie: 360i cookie
6:43 PM: pat dibenedetto@cookie.tickle[1].txt (ID = 3530)
6:43 PM: Found Spy Cookie: tickle cookie
6:43 PM: pat dibenedetto@classmates[1].txt (ID = 2384)
6:43 PM: Found Spy Cookie: classmates cookie
6:43 PM: pat dibenedetto@burstnet[1].txt (ID = 2336)
6:43 PM: pat dibenedetto@bizrate[2].txt (ID = 2308)
6:43 PM: pat dibenedetto@belnk[2].txt (ID = 2292)
6:43 PM: pat dibenedetto@banner[1].txt (ID = 2276)
6:43 PM: pat dibenedetto@atwola[2].txt (ID = 2255)
6:43 PM: pat dibenedetto@atheism.about[1].txt (ID = 2038)
6:43 PM: pat dibenedetto@ath.belnk[2].txt (ID = 2293)
6:43 PM: pat dibenedetto@ask[1].txt (ID = 2245)
6:43 PM: pat dibenedetto@ads.cc214142[1].txt (ID = 2367)
6:43 PM: pat dibenedetto@adopt.hbmediapro[1].txt (ID = 2768)
6:43 PM: pat dibenedetto@adlegend[1].txt (ID = 2074)
6:43 PM: Found Spy Cookie: adlegend cookie
6:43 PM: pat dibenedetto@adknowledge[1].txt (ID = 2072)
6:43 PM: pat dibenedetto@ad.yieldmanager[2].txt (ID = 3751)
6:43 PM: pat dibenedetto@ad.reunion[2].txt (ID = 3256)
6:43 PM: Found Spy Cookie: reunion cookie
6:43 PM: pat dibenedetto@about[2].txt (ID = 2037)
6:43 PM: Found Spy Cookie: about cookie
6:43 PM: pat dibenedetto@a.websponsors[2].txt (ID = 3665)
6:43 PM: pat dibenedetto@382[2].txt (ID = 1965)
6:43 PM: Found Spy Cookie: 382 cookie
6:43 PM: pat dibenedetto@2o7[1].txt (ID = 1957)
6:43 PM: pat dibenedetto@112.2o7[2].txt (ID = 1958)
6:42 PM: michael dibenedetto@www.burstbeacon[1].txt (ID = 2335)
6:42 PM: michael dibenedetto@webpower[2].txt (ID = 3660)
6:42 PM: Found Spy Cookie: webpower cookie
6:42 PM: michael dibenedetto@tacoda[1].txt (ID = 6444)
6:42 PM: michael dibenedetto@stats1.reliablestats[2].txt (ID = 3254)
6:42 PM: Found Spy Cookie: reliablestats cookie
6:42 PM: michael dibenedetto@mp3downloadhq[1].txt (ID = 3014)
6:42 PM: Found Spy Cookie: mp3downloadhq cookie
6:42 PM: michael dibenedetto@dist.belnk[1].txt (ID = 2293)
6:42 PM: michael dibenedetto@couponchief.122.2o7[1].txt (ID = 1958)
6:42 PM: Found Spy Cookie: 2o7.net cookie
6:42 PM: michael dibenedetto@burstnet[2].txt (ID = 2336)
6:42 PM: michael dibenedetto@belnk[2].txt (ID = 2292)
6:42 PM: michael dibenedetto@banner[1].txt (ID = 2276)
6:42 PM: michael dibenedetto@atwola[1].txt (ID = 2255)
6:42 PM: michael dibenedetto@ath.belnk[2].txt (ID = 2293)
6:42 PM: michael dibenedetto@ask[2].txt (ID = 2245)
6:42 PM: michael dibenedetto@aff.primaryads[2].txt (ID = 3190)
6:42 PM: michael dibenedetto@ads.cc214142[1].txt (ID = 2367)
6:42 PM: michael dibenedetto@adopt.specificclick[2].txt (ID = 3400)
6:42 PM: michael dibenedetto@adknowledge[1].txt (ID = 2072)
6:42 PM: michael dibenedetto@ad.yieldmanager[1].txt (ID = 3751)
6:42 PM: michael dibenedetto@a.websponsors[2].txt (ID = 3665)
6:42 PM: nicholas dibenedetto@www.pesttrap[1].txt (ID = 6462)
6:42 PM: Found Spy Cookie: pesttrap cookie
6:42 PM: nicholas dibenedetto@www.burstbeacon[2].txt (ID = 2335)
6:42 PM: nicholas dibenedetto@tacoda[1].txt (ID = 6444)
6:42 PM: nicholas dibenedetto@nextag[1].txt (ID = 5014)
6:42 PM: nicholas dibenedetto@malwarewipe[1].txt (ID = 6467)
6:42 PM: Found Spy Cookie: malwarewipe cookie
6:42 PM: nicholas dibenedetto@dist.belnk[2].txt (ID = 2293)
6:42 PM: nicholas dibenedetto@belnk[2].txt (ID = 2292)
6:42 PM: nicholas dibenedetto@atwola[1].txt (ID = 2255)
6:42 PM: nicholas dibenedetto@ath.belnk[2].txt (ID = 2293)
6:42 PM: nicholas dibenedetto@ask[1].txt (ID = 2245)
6:42 PM: nicholas dibenedetto@ar.atwola[1].txt (ID = 2256)
6:42 PM: nicholas dibenedetto@aff.primaryads[2].txt (ID = 3190)
6:42 PM: Found Spy Cookie: primaryads cookie
6:42 PM: nicholas dibenedetto@adultfriendfinder[2].txt (ID = 2165)
6:42 PM: Found Spy Cookie: adultfriendfinder cookie
6:42 PM: nicholas dibenedetto@ad.yieldmanager[1].txt (ID = 3751)
6:42 PM: nicholas dibenedetto@a.websponsors[2].txt (ID = 3665)
6:42 PM: chris dibenedetto@www48.seeq[1].txt (ID = 3332)
6:42 PM: Found Spy Cookie: seeq cookie
6:42 PM: chris dibenedetto@www.disney.go[1].txt (ID = 2729)
6:42 PM: chris dibenedetto@www.burstbeacon[1].txt (ID = 2335)
6:42 PM: Found Spy Cookie: burstbeacon cookie
6:42 PM: chris dibenedetto@trafficmp[2].txt (ID = 3581)
6:42 PM: Found Spy Cookie: trafficmp cookie
6:42 PM: chris dibenedetto@tacoda[2].txt (ID = 6444)
6:42 PM: Found Spy Cookie: tacoda cookie
6:42 PM: chris dibenedetto@psc.disney.go[1].txt (ID = 2729)
6:42 PM: chris dibenedetto@offeroptimizer[1].txt (ID = 3087)
6:42 PM: Found Spy Cookie: offeroptimizer cookie
6:42 PM: chris dibenedetto@nextag[1].txt (ID = 5014)
6:42 PM: Found Spy Cookie: nextag cookie
6:42 PM: chris dibenedetto@hypertracker[1].txt (ID = 2817)
6:42 PM: Found Spy Cookie: hypertracker.com cookie
6:42 PM: chris dibenedetto@go[2].txt (ID = 2728)
6:42 PM: chris dibenedetto@edge.ru4[2].txt (ID = 3269)
6:42 PM: Found Spy Cookie: ru4 cookie
6:42 PM: chris dibenedetto@dist.belnk[1].txt (ID = 2293)
6:42 PM: chris dibenedetto@disney.go[1].txt (ID = 2729)
6:42 PM: Found Spy Cookie: go.com cookie
6:42 PM: chris dibenedetto@burstnet[2].txt (ID = 2336)
6:42 PM: Found Spy Cookie: burstnet cookie
6:42 PM: chris dibenedetto@bizrate[2].txt (ID = 2308)
6:42 PM: Found Spy Cookie: bizrate cookie
6:42 PM: chris dibenedetto@belnk[2].txt (ID = 2292)
6:42 PM: chris dibenedetto@banner[2].txt (ID = 2276)
6:42 PM: Found Spy Cookie: banner cookie
6:42 PM: chris dibenedetto@atwola[2].txt (ID = 2255)
6:42 PM: Found Spy Cookie: atwola cookie
6:42 PM: chris dibenedetto@ath.belnk[2].txt (ID = 2293)
6:42 PM: Found Spy Cookie: belnk cookie
6:42 PM: chris dibenedetto@ask[1].txt (ID = 2245)
6:42 PM: Found Spy Cookie: ask cookie
6:42 PM: chris dibenedetto@ads.cc214142[1].txt (ID = 2367)
6:42 PM: Found Spy Cookie: cc214142 cookie
6:42 PM: chris dibenedetto@adopt.specificclick[1].txt (ID = 3400)
6:42 PM: Found Spy Cookie: specificclick.com cookie
6:42 PM: chris dibenedetto@adopt.hbmediapro[2].txt (ID = 2768)
6:42 PM: Found Spy Cookie: hbmediapro cookie
6:42 PM: chris dibenedetto@adknowledge[1].txt (ID = 2072)
6:42 PM: Found Spy Cookie: adknowledge cookie
6:42 PM: chris dibenedetto@ad.yieldmanager[2].txt (ID = 3751)
6:42 PM: chris dibenedetto@ad.yieldmanager[1].txt (ID = 3751)
6:42 PM: Found Spy Cookie: yieldmanager cookie
6:42 PM: chris dibenedetto@a.websponsors[2].txt (ID = 3665)
6:42 PM: Found Spy Cookie: websponsors cookie
6:42 PM: Starting Cookie Sweep
6:42 PM: Registry Sweep Complete, Elapsed Time:00:00:57
6:42 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1006\software\zango\ (12 subtraces) (ID = 147919)
6:42 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\microsoft\windows\currentversion\run\ || weathercast (ID = 638983)
6:42 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\whenu\weather\ (22 subtraces) (ID = 146224)
6:42 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\microsoft\windows\currentversion\run\ || weathercast (ID = 146223)
6:42 PM: Found Adware: whenu weathercast
6:42 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\xjado\ (1 subtraces) (ID = 144725)
6:42 PM: Found Trojan Horse: trojan-downloader-moneymind
6:42 PM: HKU\WRSS_Profile_S-1-5-21-2343418766-168586627-3082325074-1008\software\whenu\ (23 subtraces) (ID = 140455)
6:42 PM: Found Adware: whenu
6:42 PM: HKLM\software\classes\appid\activex.dll\ || appid (ID = 1049594)
6:42 PM: HKLM\software\classes\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}\ (1 subtraces) (ID = 1049593)
6:42 PM: HKCR\appid\activex.dll\ || appid (ID = 1049592)
6:42 PM: HKCR\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}\ (1 subtraces) (ID = 1023385)
6:42 PM: HKLM\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (10 subtraces) (ID = 832871)
6:42 PM: Found Adware: 180search assistant/zango
6:42 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 797671)
6:42 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 796421)
6:42 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
6:42 PM: Found Adware: winad
6:42 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (2 subtraces) (ID = 735573)
6:42 PM: Found Adware: security2k hijacker
6:42 PM: HKLM\software\classes\clsid\{11cefa27-5ae9-46cb-b791-738c242b4761}\ (4 subtraces) (ID = 144476)
6:42 PM: HKCR\clsid\{11cefa27-5ae9-46cb-b791-738c242b4761}\ (4 subtraces) (ID = 144468)
6:42 PM: Found Trojan Horse: trojan-downloader-delf
6:42 PM: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 subtraces) (ID = 139388)
6:42 PM: Found Adware: relatedlinks bho
6:42 PM: HKLM\software\krypton\ (4 subtraces) (ID = 139241)
6:42 PM: Found Trojan Horse: rbot
6:42 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
6:42 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
6:42 PM: Found Adware: coolsavings
6:41 PM: Starting Registry Sweep
6:41 PM: Memory Sweep Complete, Elapsed Time: 00:10:33
6:31 PM: Starting Memory Sweep
6:31 PM: mscornet.exe (ID = 1052561)
6:31 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 1052561)
6:31 PM: mssearchnet.exe (ID = 1052560)
6:31 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 1052560)
6:31 PM: Found Trojan Horse: trojan-downloader-zlob
6:31 PM: Sweep initiated using definitions version 611
6:31 PM: Spy Sweeper started
6:31 PM: | Start of Session, Friday, February 03, 2006 |
********

-------------------------------
New HijackThis log:
---------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:51:37 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138993339734
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum212.txt
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Edited by monkpart9, 06 August 2007 - 07:11 PM.

If you do things right, then people won't know if you've done anything at all.

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 07 August 2007 - 06:31 AM

First make sure you're logged on to your pc as Administrator,or at least logged on using an account with administrators privileges.

Go here,download the Sysclean Package (3.1MB):
http://www.trendmicro.com/download/pattern-dcs.asp

Go here,download the latest Virus Pattern File for Windows (lpt637.zip) (21.9MB):
http://www.trendmicro.com/download/viruspattern.asp

Now create a new folder on your desktop,rename it Sysclean.
Now place the Sysclean Package inside that new folder.
Unzip/extract the Virus Pattern File to that new folder.

Close all open applications,and DISABLE your current antivirus software.
Open the Sysclean folder and double-click on sysclean.com to start the scan.
It will take some time to complete.
Be patient and let it clean whatever it finds.
Exit when done.

Open your Sysclean folder then copy and paste the contents of sysclean.log in your next reply.
Also post a new HijackThis log.
Posted Image
Posted Image

#13 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:21 AM

Posted 07 August 2007 - 11:51 AM

Hey, Look im really sry but it seems as though whenever I click iether of these links im not able to access the page. I'm on an account with administrators privilidges, ive tried refreshing the page,I've even tried getting to the area by going to trendmicro.com and getting the stuff that way but nothings working. I dunno if my computer is just being stubborn or the site is down or what but if it is my computer, is there anything that you can think of that may be blocking my acces to the website?
If you do things right, then people won't know if you've done anything at all.

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 07 August 2007 - 03:22 PM

Ok,lets try this:

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Don't run it just yet.

Download Killbox by Option^Explicit:
http://download.bleepingcomputer.com/spyware/KillBox.exe
Save it to your desktop.

You should now copy/print out the following because i need you to disconnect from the internet from here on.

Disconnect from the internet.

Disable Prevx2 or it will interfere.
1. Right click on the Prevx icon in your system tray at the bottom-right corner of your screen and choose Show Management Console..
2. On the Management Console click the Protection Level drop-down menu. You will see three levels:

Maximum
Off
User Defined

3. To disable all protection set the level to Off. You will receive a prompt asking "You are about to change your security settings. Do you wish to continue?" Click Yes.
4. Click the X on the upper right hand corner to exit the Management console.

Disable SpySweeper or it will interfere.
If you have Spy Sweeper version 4:

* Open it, Click Options over on the left, then Program options
* Uncheck load at windows startup.
* Over to the left, Click shields and Uncheck all there.
* Uncheck home page shield.
* Uncheck automatically restore default without notification.
* Reboot your machine for the changes to take effect before running HJT.

If you have SpySweeper version 5:
To disable SpySweeper Shields

* Open SpySweeper.
* Click Shield Settings on the right

(or Shields on the left, depending what screen you're on).

* Click Internet Explorer and uncheck all items.
* Click Windows System and uncheck all items.
* Click Hosts File and uncheck all items.
* Click Startup Programs and uncheck all items.
* Close SpySweeper.

Reboot you computer, and ensure Spy Sweeper is disabled.

------------------------------------------------

Please double-click Killbox.exe to run it.
Select: 'Delete on Reboot'.
Then Click on the 'All Files' button.
Please copy ALL the file paths inside the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe

Return to Killbox,go to the File menu,and choose 'Paste from Clipboard'.
Click the red-and-white Delete File button.
Click 'Yes' at the 'Delete on Reboot' prompt.
Click OK at any 'PendingFileRenameOperations' prompt.
If your computer does not restart automatically,please restart it manually.

After rebooting, open up Killbox again.
Click 'File'>'Logs'>'Actions History Log'.
Post this log in your next reply.

------------------------------------------------

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the imformation into the registry,then restart your pc.


REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"


Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum212.txt

Exit Hijackthis.

------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

------------------------------------------------

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Restart your pc.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Reconnect to the internet,post a new Hijackthis log.

Edited by RichieUK, 07 August 2007 - 03:23 PM.

Posted Image
Posted Image

#15 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:21 AM

Posted 07 August 2007 - 03:26 PM

Aright so I was able to do everything in the instuctions, I got the killbox log as well as a new HijackThis log posted below. The only thing I wasnt able to do was the thing with the restore points(When I click the properties on my computer, I get a message saying "This action has been cancelled due to restrictions in effect on this computer.Please contact your system administrators" ( from winantivirus virus really i know) Anyway heres the HijackThis log and Killbox log



Killbox Log:
-----------------------
Pocket Killbox version 2.0.0.881
Running on Windows XP as Nicholas DiBenedetto(Administrator)
was started @ Tuesday, June 19, 2007, 10:10 AM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\DRIVERS\fwd.reg


# 3 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\DRIVERS\winlogon.exe


# 4 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\DRIVERS\start.bat


# 5 [Delete on Reboot]
Path = C:\Windows\java\java.log\spoolsv.exe


I Rebooted @ 10:14:09 AM
Killbox Closed(Exit) @ 10:14:20 AM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Nicholas DiBenedetto(Administrator)
was started @ Tuesday, August 07, 2007, 5:04 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\printer.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\WinAvXX.exe


I Rebooted @ 5:06:48 PM
Killbox Closed(Exit) @ 5:06:52 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Nicholas DiBenedetto(Administrator)
was started @ Tuesday, August 07, 2007, 5:10 PM

--------------------------------------------------------------------------------------
New HijackThis Log:
------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:31:02 PM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\winavxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\Nicholas DiBenedetto\Start Menu\Programs\Startup\system.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138993339734
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum212.txt
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Edited by monkpart9, 07 August 2007 - 05:35 PM.

If you do things right, then people won't know if you've done anything at all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users