Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Or Spyware Pop Ups


  • This topic is locked This topic is locked
15 replies to this topic

#1 sreez

sreez

  • Members
  • 634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai(UAE)
  • Local time:12:28 AM

Posted 29 June 2008 - 08:32 AM

Hi Friends,

I am new to this forum.First the issue I have the pop ups coming. //www.sendspace.com/file/qve56p. I have attached the screen shots of those pop ups. First I ran smitfraud fix in safe mode then after that I ran the super spyware. I am pasting the log file of it. Along with that I have pasted the hijack log as well.

So guys can you suggest how can stop these popups which come every 3 to 4mins.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:39 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\bmjubqrs\duvavaru.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RavDr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nmlwtaje.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sreevas\My Documents\software\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3...ml?mode=toolbar
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=en&s=gen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {5DE91B91-76E9-508E-9073-05CA92F8B24D} - C:\WINDOWS\system32\CmdChk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Ravcy] C:\WINDOWS\system32\RavDr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [rgpuxghm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rgpuxghm.dll"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kexwfixq] C:\WINDOWS\system32\nmlwtaje.exe
O4 - HKCU\..\Run: [wnygtekl] C:\WINDOWS\system32\jwjwrmlg.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [zVjlTklLTb] C:\Documents and Settings\All Users\Application Data\bmjubqrs\duvavaru.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winzlo32 - C:\WINDOWS\SYSTEM32\winzlo32.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10103 bytes



Here is the super spyware log file as well


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/28/2008 at 07:48 PM

Application Version : 4.15.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 01:30:44

Memory items scanned : 405
Memory threats detected : 1
Registry items scanned : 5909
Registry threats detected : 159
File items scanned : 84426
File threats detected : 292

Trojan.Smitfraud Variant-Gen/PushrDrv
C:\WINDOWS\SYSTEM32\DRVXOR.DLL
C:\WINDOWS\SYSTEM32\DRVXOR.DLL

Trojan.SafeSearch
HKLM\Software\Classes\CLSID\{00000000-0000-0000-0000-000000000001}
HKCR\CLSID\{00000000-0000-0000-0000-000000000001}
HKCR\CLSID\{00000000-0000-0000-0000-000000000001}\InprocServer32

Trojan.Media-Codec/V3
HKLM\Software\Classes\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}#xxx
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}\InprocServer32
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\Control
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\Implemented Categories
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\InprocServer32
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\InprocServer32#ThreadingModel
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\MiscStatus
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\MiscStatus\1
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\ProgID
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\TypeLib
HKCR\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\Version

Adware.Yuupsearch
HKLM\Software\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\InprocServer32
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\InprocServer32#ThreadingModel
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\ProgID
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\Programmable
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\TypeLib
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\VersionIndependentProgID
C:\PROGRA~1\REDIFF~2\3.0\REDIFF~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}

Trojan.Media-Codec/V2
HKLM\Software\Classes\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}
HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}
HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}
HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32
HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO AX OBJECT\BPVOL.DLL
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Messenger
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Messenger#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Messenger#UninstallString

411Ferret Toolbar
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{12F02779-6D88-4958-8AD3-83C12D86ADC7}
HKU\S-1-5-21-2150593567-1171169350-2643979753-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{12F02779-6D88-4958-8AD3-83C12D86ADC7}

Adware.Tracking Cookie
C:\Documents and Settings\sreevas\Cookies\sreevas@ad.yieldmanager[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@casalemedia[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-tfl.hitbox[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.joinaxxess[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@overture[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@richmedia.yahoo[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@stat.youku[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@media.adrevolver[3].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-carphonewarehouse.hitbox[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@specificclick[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ipoint.targetpoint[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-autotrader.hitbox[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@reduxads.valuead[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@saletrack.co[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@hitbox[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.pointroll[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@questionmarket[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.veoh[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@top.mp3hitfinder[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@xxxneeds[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@uk.sitestat[3].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@bs.serving-sys[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@advertising[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@trafficmp[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@spamblockerutility[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@anad.tacoda[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@atoc.112.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@int.sitestat[3].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@partypoker[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adserver.filefront[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@icc.intellisrv[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@server.iad.liveperson[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ad.uk.tangozebra[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@serving-sys[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@tacoda[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@banner.scasino[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adfarm1.adition[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adopt.specificclick[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@roiservice[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@a.websponsors[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@tradedoubler[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@carphonewarehouse.112.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@keywordmax[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@store.2257adult[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-veohnetworksinc.hitbox[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@clicksor[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adlegend[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@indextools[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@counter.hitslink[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@yourtracking[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@indiads[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ad.zanox[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@247realmedia[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@indoormedia.co[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-logantod.hitbox[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ad.uk.tangozebra[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@pornotube[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@lstat.youku[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@uk.sitestat[4].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@doubleclick[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@stats.sellmosoft[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@pacificpoker[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@fastclick[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@zedo[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@revsci[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@anat.tacoda[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@bluestreak[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@paypal.112.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adopt.euroclick[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@statcounter[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@imrworldwide[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@edge.ru4[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@crackle[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@media.adrevolver[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adtech[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adserver.easyad[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www.burstbeacon[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.cooltoad[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@apmebf[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@statse.webtrendslive[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@tribalfusion[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adbrite[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adinterax[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@atdmt[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.revsci[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@partygaming.122.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@xiti[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@eas.apm.emediate[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@pro-market[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@server.iad.liveperson[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@burstnet[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adserver.mediarun[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@divx.112.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@mediaplex[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@server.lon.liveperson[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adserve.v-store.co[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@premiumtv.122.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@112.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@insightexpressai[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www5.addfreestats[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@uk.sitestat[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adviva[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.ak.facebook[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adrevolver[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adserver.adreactor[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ad1.emediate[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@superstats[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@e-2dj6wfkiaidjwgp.stats.esomniture[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www8.addfreestats[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.ozonemedia.co[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@kontera[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@indiansexstories[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@clickaider[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@qnsr[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@counter11.sextracker[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@uk.sitestat[6].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@timesofindia.indiatimes[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@revenue[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@counter.plugin[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@azjmp[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.adgoto[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@toplist[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@totalkiss.trackitdown[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@partners.webmasterplan[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www.sexmaxx[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www3.addfreestats[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@c2.zedo[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.pugetsoundsoftware[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@findlinks[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@eztracks.aavalue[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adbrite.122.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www.burstnet[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@uk.sitestat[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@uk.sitestat[5].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adecn[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ad.yieldmanager[3].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.addynamix[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ad1.clickhype[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@smartadserver[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.soft32[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.realtechnetwork[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@banner.casinoking[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@msnportal.112.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adv.xboard[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@realmedia[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@yadro[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@bestsexworld[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@oas.directaclick[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@int.sitestat[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@stat.onestat[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@hornymatches[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.us.e-planning[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@virginmedia[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@int.sitestat[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@server.lon.liveperson[3].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@optimost[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@bravenet[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@click.cybertvpartner[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-dig.hitbox[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-ufi.hitbox[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adultmovies[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adultadworld[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@4.adbrite[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@hc2.humanclick[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@cleanator[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-totalsystemsservices.hitbox[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@hc2.humanclick[3].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@xxx-18-fwnt.blogspot[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@interclick[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@track.adform[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@indexstats[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@sexyvideos.co[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@spylog[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www.virginmedia[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@e1.cdn.qnsr[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.bridgetrack[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@tripod[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@masalapornmovies[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www.etracker[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-techtarget.hitbox[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-spookmedia.hitbox[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@webpower[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@amazonms.122.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@date.ventivmedia[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@server.lon.liveperson[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@banner.32vegas[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@atwola[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@fl01.ct2.comclick[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.monster[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ipl.timesofindia.indiatimes[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@clickbank[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@multiply.112.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@rotator.adjuggler[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@sexape[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@banner.bingo.blackpoolclub.co[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@youku.iwebtracker[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www.3dstats[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.react2media[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@sexmaxx[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ez-tracks[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@2.go.globaladsales[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-reed.hitbox[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@metacafe.122.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@sextracker[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adultfriendfinder[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@cz6.clickzs[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@clickajob.co[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.planetactive[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-deltatre.hitbox[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@thesexblog[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@mycounter.tinycounter[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@mmstat[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@1sexynight[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-starbucks.hitbox[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-independent.hitbox[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@valueclick[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.livesport[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@12.go.globaladsales[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@nextag[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@smartweb.advertserve[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@counter13.sextracker[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@clickatest.co[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@videoegg.adbureau[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@media6degrees[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@realindianteens[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@semdirector.112.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-1sttech.hitbox[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ad.adocean[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ads.111pix[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www.clash-media[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www.ez-tracks[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@msexchange[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-groupernetworks.hitbox[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@msnaccountservices.112.2o7[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@athomesexnetwork[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@euroclick[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-friendster.hitbox[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@tracking.novem[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@americanexpress.122.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@careers.peopleclick[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@royalmail.112.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@login.revenueloop[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ice.112.2o7[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@lotsofads.smilingtraffic[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@image.masterstats[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@ehg-ittoolbox.hitbox[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@servedby.advertising[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@server.iad.liveperson[4].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@www.googleadservices[2].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@perf.overture[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@keygenguru[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@adserveuk[1].txt
C:\Documents and Settings\sreevas\Cookies\sreevas@aff.primaryads[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adbrite[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adinterax[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.bridgetrack[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.realtechnetwork[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adtech[1].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
C:\Documents and Settings\Guest\Cookies\guest@anad.tacoda[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\guest@bs.serving-sys[2].txt
C:\Documents and Settings\Guest\Cookies\guest@counter.hitslink[1].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@media.adrevolver[2].txt
C:\Documents and Settings\Guest\Cookies\guest@media.adrevolver[3].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
C:\Documents and Settings\Guest\Cookies\guest@overture[1].txt
C:\Documents and Settings\Guest\Cookies\guest@pro-market[2].txt
C:\Documents and Settings\Guest\Cookies\guest@richmedia.yahoo[1].txt
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
C:\Documents and Settings\Guest\Cookies\guest@smileycentral[2].txt
C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt
C:\Documents and Settings\Guest\Cookies\guest@timesofindia.indiatimes[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[2].txt
C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt
.mediaplex.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.pro-market.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.pro-market.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.www.admedian.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
cms.trafficmp.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.timesofindia.indiatimes.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
timesofindia.indiatimes.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
timesofindia.indiatimes.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.timesofindia.indiatimes.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.bluestreak.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.crucial.adbureau.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adserver.easyad.info [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.indoormedia.co.uk [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.ehg-totalsystemsservices.hitbox.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.ehg-totalsystemsservices.hitbox.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.msnaccountservices.112.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.clicksor.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.ads.clicksor.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.myroitracking.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.lstat.youku.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.stat.youku.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.lstat.youku.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adopt.hbmediapro.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adorigin.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adorigin.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.adorigin.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.atoc.112.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.bravenet.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.bravenet.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.bravenet.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.e-2dj6wfkyondpmkq.stats.esomniture.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.e-2dj6wflyckcpedo.stats.esomniture.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.e-2dj6wgkykhcpclo.stats.esomniture.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.e-2dj6wjl4cndpccp.stats.esomniture.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.http.edge.vru4.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.http.edge.vru4.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.indiads.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.masalapornmovies.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.mediaservers.vtc.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.metacafe.122.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.newzfind.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.partygaming.122.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.partypoker.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.perf.overture.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.qksrv.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.qksrv.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.revenue.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.revenue.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.royalmail.112.2o7.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.sexuploader.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.weborama.fr [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.web-stat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.web-stat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.webstat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.webstat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.webstat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad1.emediate.dk [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ad1.emediate.dk [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
ads.mediaturf.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
int.sitestat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
int.sitestat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
int.sitestat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
int.sitestat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
nedstat.192.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
tracker.roitesting.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
uk.2.cqcounter.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
www.adultjobfinder.net [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
www.belstat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
www.belstat.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
www.smartadserver.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
www.smartadserver.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]
www.smartadserver.com [ C:\Documents and Settings\sreevas\Application Data\Mozilla\Firefox\Profiles\ehgjig1r.default\cookies.txt ]

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV

Adware.ClickSpring/Yazzle
HKCR\YAZZLEACTIVEX.YazzleActiveXCtrl.1
HKCR\YAZZLEACTIVEX.YazzleActiveXCtrl.1\CLSID

Trojan.DNSChanger-Codec
HKCR\VAC.Video
HKCR\VAC.Video\CLSID
HKU\S-1-5-21-2150593567-1171169350-2643979753-1006\Software\uninstall

Malware.SpyLocked
HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}
HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0
HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\0
HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\0\win32
HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\FLAGS
HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\HELPDIR
HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}
HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\ProxyStubClsid
HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\ProxyStubClsid32
HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\TypeLib
HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\TypeLib#Version
HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}
HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\ProxyStubClsid
HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\ProxyStubClsid32
HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\TypeLib
HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\TypeLib#Version
HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}
HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\ProxyStubClsid
HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\ProxyStubClsid32
HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\TypeLib
HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\TypeLib#Version
HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}
HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\ProxyStubClsid
HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\ProxyStubClsid32
HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\TypeLib
HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\TypeLib#Version
HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}
HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\ProxyStubClsid
HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\ProxyStubClsid32
HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\TypeLib
HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\TypeLib#Version
HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}
HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\ProxyStubClsid
HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\ProxyStubClsid32
HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\TypeLib
HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\TypeLib#Version
HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}
HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\ProxyStubClsid
HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\ProxyStubClsid32
HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\TypeLib
HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\TypeLib#Version
HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}
HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\ProxyStubClsid
HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\ProxyStubClsid32
HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\TypeLib
HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\TypeLib#Version
HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}
HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\ProxyStubClsid
HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\ProxyStubClsid32
HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\TypeLib
HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\TypeLib#Version
HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}
HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\ProxyStubClsid
HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\ProxyStubClsid32
HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\TypeLib
HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\TypeLib#Version
HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}
HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\ProxyStubClsid
HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\ProxyStubClsid32
HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\TypeLib
HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\TypeLib#Version
HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}
HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\ProxyStubClsid
HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\ProxyStubClsid32
HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\TypeLib
HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\TypeLib#Version
HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}
HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\ProxyStubClsid
HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\ProxyStubClsid32
HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\TypeLib
HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\TypeLib#Version
HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}
HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\ProxyStubClsid
HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\ProxyStubClsid32
HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\TypeLib
HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\TypeLib#Version
HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}
HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\ProxyStubClsid
HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\ProxyStubClsid32
HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\TypeLib
HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\TypeLib#Version
HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}
HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\ProxyStubClsid
HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\ProxyStubClsid32
HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\TypeLib
HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\TypeLib#Version

Malware.VirusProtectPro
C:\Program Files\VirusProtectPro 3.3\vpp.ini
C:\Program Files\VirusProtectPro 3.3

Rogue.PC-Cleaner
HKU\S-1-5-21-2150593567-1171169350-2643979753-1006\Software\mwc

Trojan.Unclassified/RCDLL-Fake
C:\TCWIN45\BIN\RCDLL.DLL

Adware.GloboLook
C:\TCWIN45\EXAMPLES\OWL\GAMES\BLAKJACK\BLAKJACK.ICO

Attached Files


Edited by KoanYorel, 29 June 2008 - 10:07 AM.
to disable hot link URL above

LIFE is so simple, if you know the reason of your existence at certain place. Treat every step as first one and trust god, friends, relatives and everyone.

 

Its a simple magic trick given to me by one friend also and I am at this stage  :love4u:


BC AdBot (Login to Remove)

 


m

#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:28 PM

Posted 30 June 2008 - 02:17 AM

Hello Sreez and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 sreez

sreez
  • Topic Starter

  • Members
  • 634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai(UAE)
  • Local time:12:28 AM

Posted 30 June 2008 - 04:56 AM

Good Morning Thunder,

First thanks for the reply, I like this forum and the way you solve issues. Actually yesterday I was at home and was waiting for the reply, now I am in the office so I cant do this process right now. I am really sorry about it. I think I already did the 1 step in your solution. I downloaded CCleaner as well.

I will do this process as soon as I go home (almost 9 hours from now ) will post accordingly, but I m not sure will you available at that time. If not reply me tomorrow. Once again advance thanks in your help.

Cheers,
Sree

LIFE is so simple, if you know the reason of your existence at certain place. Treat every step as first one and trust god, friends, relatives and everyone.

 

Its a simple magic trick given to me by one friend also and I am at this stage  :love4u:


#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:28 PM

Posted 30 June 2008 - 04:59 AM

No problem, Sree :thumbsup:

I'll see the logs appear as soon as you've got time.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 sreez

sreez
  • Topic Starter

  • Members
  • 634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai(UAE)
  • Local time:12:28 AM

Posted 03 July 2008 - 02:44 PM

Hi Thunder,

First very sorry for the delay as I was busy with the work and was a confused a little in using combofix. Anyways here is the information what you asked for. But what I have seen is my problems regarding those pops which I attached in my last messaged didnt solved even after running combo fix. Here I pasted Hijack this log, MBAM log and combo fix log. Give me advise in solving this little issue.

I didnt run this programs all at time. Intially I ran MBAM 2 days before and used to computer for reading,chatting and browsing. Today I ran this Combofix. So I m wondering does the effect in solving this pop ups.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:12 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Documents and Settings\All Users\Application Data\bmjubqrs\duvavaru.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RavDr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nmlwtaje.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sreevas\My Documents\software\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=en&s=gen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - {4B941E37-FC86-8865-C731-04437695998C} - C:\WINDOWS\system32\admproc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {5DE91B91-76E9-508E-9073-05CA92F8B24D} - C:\WINDOWS\system32\CmdChk.dll
O2 - BHO: (no name) - {6991DCAC-56D0-4266-3214-083579A6D9DE} - C:\WINDOWS\system32\dscsmartsys.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Ravcy] C:\WINDOWS\system32\RavDr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ijktmheh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ijktmheh.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kexwfixq] C:\WINDOWS\system32\nmlwtaje.exe
O4 - HKCU\..\Run: [wnygtekl] C:\WINDOWS\system32\jwjwrmlg.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [tghkfmml] C:\WINDOWS\system32\pibozghu.exe
O4 - HKCU\..\Run: [wuwxpdgm] C:\WINDOWS\system32\jifslkvc.exe
O4 - HKLM\..\Policies\Explorer\Run: [zVjlTklLTb] C:\Documents and Settings\All Users\Application Data\bmjubqrs\duvavaru.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10125 bytes

Here is my MBAM log

Malwarebytes' Anti-Malware 1.19
Database version: 912
Windows 5.1.2600 Service Pack 2

8:22:27 PM 7/1/2008
mbam-log-7-1-2008 (20-22-27).txt

Scan type: Quick Scan
Objects scanned: 50501
Time elapsed: 12 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\winzlo32.dll (Dialer) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{964b357b-54c5-488b-ba8c-f19add6dee44} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2bba245f-1f9a-4a16-98a9-e58c09224fde} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{696b98fa-46ed-4e85-bc34-8b992d8b6405} (Trojan.Fakealert) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mediaaccumulativecodec (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32 (Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CTF (Trojan.Dluca) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaAccumulativeCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0993251-2512-4710-af6e-0a13ea199d02} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MediaAccumulativeCodec (Trojan.Fakealert) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MediaAccumulativeCodec\install.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MediaAccumulativeCodec\MediaAccumulativeCodec.ocx (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MediaAccumulativeCodec\Uninstall.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winzlo32.dll (Dialer) -> Delete on reboot.

Here is Combofix log

ComboFix 08-07-02.5 - sreevas 2008-07-03 20:02:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.134 [GMT 1:00]
Running from: C:\Documents and Settings\sreevas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sreevas\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-02 21:30 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
2008-07-02 21:30 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\dllcache\snmpmib.dll
2008-07-01 20:27 . 2008-07-01 20:27 102,400 --a------ C:\WINDOWS\system32\admproc.dll
2008-07-01 20:27 . 2008-07-01 20:27 102,400 --a------ C:\Documents and Settings\All Users\Application Data\qjidqdyb.dll
2008-07-01 20:27 . 2008-07-01 20:27 86,016 --a------ C:\WINDOWS\system32\pibozghu.exe
2008-07-01 20:06 . 2008-07-01 20:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 20:06 . 2008-07-01 20:06 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\Malwarebytes
2008-07-01 20:06 . 2008-07-01 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 20:06 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 20:06 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 20:47 . 2008-06-28 20:47 <DIR> d-------- C:\Program Files\CCleaner
2008-06-28 19:55 . 2008-06-28 19:55 94,208 --a------ C:\WINDOWS\system32\jwjwrmlg.exe
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\SUPERAntiSpyware.com
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-28 13:34 . 2008-06-28 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\bmjubqrs
2008-06-28 13:34 . 2008-06-28 13:34 126,976 --a------ C:\WINDOWS\system32\CmdChk.dll
2008-06-28 13:34 . 2008-06-28 13:34 126,976 --a------ C:\Documents and Settings\All Users\Application Data\rgpuxghm.dll
2008-06-28 13:34 . 2008-06-28 13:34 77,824 --a------ C:\WINDOWS\system32\nmlwtaje.exe
2008-06-28 13:34 . 2008-06-28 13:34 145 --a------ C:\WINDOWS\system32\winver.bat
2008-06-27 20:58 . 2003-03-29 15:45 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-27 20:58 . 2003-09-15 13:56 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-06-27 20:52 . 2008-02-28 14:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-27 20:52 . 2008-02-28 14:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-27 20:51 . 2008-06-27 20:51 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-27 19:58 . 2008-06-27 19:58 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-27 19:54 . 2008-06-27 19:54 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-27 19:54 . 2008-06-27 20:58 <DIR> d-------- C:\Program Files\Ahead
2008-06-27 19:54 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-06-27 19:54 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-06-27 19:54 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-06-27 19:54 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-27 19:54 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-06-25 21:14 . 2008-06-25 21:14 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Nero
2008-06-25 01:00 . 2008-06-25 01:00 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\Nero
2008-06-25 00:53 . 2008-06-25 00:53 <DIR> d-------- C:\Program Files\Nero
2008-06-25 00:53 . 2008-06-27 20:53 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-25 00:53 . 2008-06-27 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-23 22:11 . 2008-06-23 22:11 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\Ahead
2008-06-23 19:32 . 2008-06-23 19:32 <DIR> d-------- C:\OS
2008-06-22 00:15 . 2008-05-09 21:05 364,631 --a------ C:\WINDOWS\system32\vnetlib.dll
2008-06-22 00:15 . 2008-05-09 21:05 135,168 --a------ C:\WINDOWS\system32\vmnat.exe
2008-06-22 00:15 . 2008-05-09 21:05 106,496 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2008-06-22 00:15 . 2008-05-09 21:05 15,744 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-06-22 00:07 . 2008-06-22 00:08 <DIR> d-------- C:\Program Files\Common Files\VMware
2008-06-22 00:06 . 2008-06-22 00:07 <DIR> d-------- C:\Program Files\VMware
2008-06-21 21:35 . 2008-06-21 21:35 <DIR> d-------- C:\Program Files\MSN Messenger
2008-06-21 20:54 . 2008-06-21 20:55 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-21 20:49 . 2008-06-21 20:49 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\DAEMON Tools
2008-06-21 20:24 . 2008-06-21 21:19 <DIR> d-------- C:\Program Files\MagicISO
2008-06-17 23:12 . 2008-06-17 23:12 49,152 --a------ C:\WINDOWS\system32\TCD.mdb
2008-06-16 22:23 . 2008-07-03 19:52 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\VMware
2008-06-16 22:05 . 2008-05-09 21:05 10,240 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2008-06-16 22:05 . 2008-05-09 21:05 9,600 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-06-16 22:05 . 2008-05-09 21:05 5,120 -ra------ C:\WINDOWS\system32\vnetinst.dll
2008-06-16 22:04 . 2008-06-22 00:14 1,024 --a------ C:\.rnd
2008-06-16 21:56 . 2008-06-28 09:03 <DIR> d-------- C:\Virtual Machines
2008-06-15 02:59 . 2008-06-28 09:56 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\VMware
2008-06-15 02:54 . 2008-07-03 20:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-15 02:50 . 2008-07-03 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 10:05 --------- d-----w C:\Documents and Settings\sreevas\Application Data\DNA
2008-06-27 19:54 --------- d--h--r C:\Documents and Settings\sreevas\Application Data\yahoo!
2008-06-27 19:54 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-27 19:44 --------- d-----w C:\Program Files\Java
2008-06-27 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 20:12 --------- d-----w C:\Program Files\Yahoo!
2008-06-21 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-21 19:49 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 21:40 --------- d-----w C:\Program Files\DivX
2008-05-09 20:05 97,152 ----a-w C:\WINDOWS\system32\drivers\vmx86.sys
2008-05-09 20:05 23,296 ----a-w C:\WINDOWS\system32\drivers\vmnetbridge.sys
2008-05-09 20:05 22,016 ----a-w C:\WINDOWS\system32\drivers\hcmon.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-01-28 00:06 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-04-19 15:04 184 -c--a-w C:\Program Files\dynamips-start.cmd
2006-09-06 00:04 14 -c--a-w C:\Documents and Settings\sreevas\getfile.dat
2006-04-24 23:15 9,692,886 -c--a-w C:\Program Files\vlc-0[1].8.4a-win32.exe
2006-04-24 22:54 12,662,176 -c--a-w C:\Program Files\RealPlayer10-5GOLD.exe
2006-04-20 01:00 396,328 -c--a-w C:\Program Files\msgr75us.exe
2006-04-16 21:15 28,104 -c--a-w C:\Documents and Settings\sreevas\Application Data\GDIPFONTCACHEV1.DAT
2006-04-26 11:23 56 -csh--r C:\WINDOWS\system32\CE2AE7E268.sys
2005-06-20 14:56 114,688 --sh--w C:\WINDOWS\system32\RavDr.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B941E37-FC86-8865-C731-04437695998C}]
2008-07-01 20:27 102400 --a------ C:\WINDOWS\system32\admproc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DE91B91-76E9-508E-9073-05CA92F8B24D}]
2008-06-28 13:34 126976 --a------ C:\WINDOWS\system32\CmdChk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6991DCAC-56D0-4266-3214-083579A6D9DE}]
2008-07-03 20:12 114688 --a------ C:\WINDOWS\system32\dscsmartsys.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"kexwfixq"="C:\WINDOWS\system32\nmlwtaje.exe" [2008-06-28 13:34 77824]
"wnygtekl"="C:\WINDOWS\system32\jwjwrmlg.exe" [2008-06-28 19:55 94208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"tghkfmml"="C:\WINDOWS\system32\pibozghu.exe" [2008-07-01 20:27 86016]
"wuwxpdgm"="C:\WINDOWS\system32\jifslkvc.exe" [2008-07-03 20:12 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"Ravcy"="C:\WINDOWS\system32\RavDr.exe" [2005-06-20 15:56 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ijktmheh"="C:\Documents and Settings\All Users\Application Data\ijktmheh.dll" [2008-07-03 20:12 114688]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 23:19 393216 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"zVjlTklLTb"="C:\Documents and Settings\All Users\Application Data\bmjubqrs\duvavaru.exe" [2008-06-28 13:34 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CLBR"= P1001Dex.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sreevas^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
=
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-06-29 10:14 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2003-01-27 17:16 376912 C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a--c--- 2005-08-31 11:06 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a--c--- 2004-07-30 12:04 245760 C:\Program Files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 10:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 07:51 306688 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-11-01 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 11:54 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
--a--c--- 1994-06-03 09:20 34272 C:\TCWIN45\PIPELINE\REMIND.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
--a------ 2007-01-16 13:59 4838952 C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
--a------ 2007-11-30 05:42 1164576 C:\PROGRA~1\McAfee\MHN\McENUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
--------- 2005-09-26 10:26 110592 C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-11-28 18:35 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-05-26 10:39 214560 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra--c--- 2006-11-24 01:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-26 10:39 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2005-11-29 04:56 761947 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-26 10:38 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-12-19 17:31 3477504 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\VitalTech Group\\IOSHunter\\IOSHunter.exe"=
"C:\\Program Files\\GNS3\\Dynamips\\dynamips-wxp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-05-07 11:50]
R2 vmserverdWin32;VMware Registration Service;"C:\Program Files\VMware\VMware Server\vmserverdWin32.exe" [2008-05-09 21:05]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]
S3 P1001VID;Creative WebCam (WDM);C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-01-30 03:25]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 23:58]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]
S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys [2005-07-15 14:47]
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [2005-07-15 14:48]
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys [2005-07-15 14:48]
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [2005-07-15 14:49]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys [2005-07-15 14:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80f9d17a-6a0b-11dc-9503-001422a2dbf2}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2ec4c0c-cbd2-11da-9097-00038a000015}]
\Shell\AutoRun\command - F:\Recycled.exe
\Shell\open\Command - F:\Recycled.exe
\shellexplore\Command - F:\Recycled.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-03 18:59:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-15 00:26:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-29 21:30:45 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistryMechanic - (no file)
HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
HKU-Default-Run-Symantec NetDriver Warning - C:\PROGRA~1\SYMNET~1\SNDWarn.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 20:09:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-07-03 20:14:03 - machine was rebooted [sreevas]
ComboFix-quarantined-files.txt 2008-07-03 19:13:51

Pre-Run: 769,179,648 bytes free
Post-Run: 1,442,570,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

338 --- E O F --- 2008-06-22 23:36:54

LIFE is so simple, if you know the reason of your existence at certain place. Treat every step as first one and trust god, friends, relatives and everyone.

 

Its a simple magic trick given to me by one friend also and I am at this stage  :love4u:


#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:28 PM

Posted 04 July 2008 - 04:29 AM

Hello Sreez,

We're not quite there yet. :thumbsup:

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/154933/malware-or-spyware-pop-ups/
Collect::[9]
C:\WINDOWS\system32\admproc.dll
C:\Documents and Settings\All Users\Application Data\qjidqdyb.dll
C:\WINDOWS\system32\pibozghu.exe
C:\WINDOWS\system32\jwjwrmlg.exe
C:\WINDOWS\system32\CmdChk.dll
C:\Documents and Settings\All Users\Application Data\rgpuxghm.dll
C:\WINDOWS\system32\nmlwtaje.exe
C:\WINDOWS\system32\winver.bat
Folder::
C:\Documents and Settings\All Users\Application Data\bmjubqrs
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B941E37-FC86-8865-C731-04437695998C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DE91B91-76E9-508E-9073-05CA92F8B24D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6991DCAC-56D0-4266-3214-083579A6D9DE}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kexwfixq"=-
"wnygtekl"=-
"tghkfmml"=-
"wuwxpdgm"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ijktmheh"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"zVjlTklLTb"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80f9d17a-6a0b-11dc-9503-001422a2dbf2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2ec4c0c-cbd2-11da-9097-00038a000015}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

When CF finishes running, the ComboFix log will open along with a message box, --do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open.
Simply follow the instructions to copy/paste/send the requested file [9]-Submit_Date_Time.zip.

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 sreez

sreez
  • Topic Starter

  • Members
  • 634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai(UAE)
  • Local time:12:28 AM

Posted 04 July 2008 - 05:05 AM

Hi mate,

Thanks for the reply and suggestions. Again I cant do this instructions now I will do them once I am at home.

Cheers,
Sreez

LIFE is so simple, if you know the reason of your existence at certain place. Treat every step as first one and trust god, friends, relatives and everyone.

 

Its a simple magic trick given to me by one friend also and I am at this stage  :love4u:


#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:28 PM

Posted 04 July 2008 - 07:22 AM

No problem, Sreez

See you later then. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 sreez

sreez
  • Topic Starter

  • Members
  • 634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai(UAE)
  • Local time:12:28 AM

Posted 04 July 2008 - 02:55 PM

Hi thunder,

Here is the new combofix and the new hijack log you have asked for. I have observed that internet explorer starts on its own . Anyways I know you can fix this all.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:21 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RavDr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cfcdmzct.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\sreevas\My Documents\software\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=en&s=gen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {66BD2957-01C2-C9C2-8715-03563FC92716} - C:\WINDOWS\system32\DbMnt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Ravcy] C:\WINDOWS\system32\RavDr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [fhibdqrh] C:\WINDOWS\system32\cfcdmzct.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9057 bytes

here is the combofix log

ComboFix 08-07-02.5 - sreevas 2008-07-04 19:15:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.152 [GMT 1:00]
Running from: C:\Documents and Settings\sreevas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sreevas\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\bmjubqrs
C:\Documents and Settings\All Users\Application Data\bmjubqrs\duvavaru.exe
C:\Documents and Settings\All Users\Application Data\qjidqdyb.dll
C:\Documents and Settings\All Users\Application Data\rgpuxghm.dll
C:\Documents and Settings\Guest\Desktop\blackbird.jpg
C:\Documents and Settings\Guest\Desktop\EditorFKWP1.5.exe
C:\Documents and Settings\Guest\Desktop\EditorFKWP2.0.exe
C:\Documents and Settings\Guest\Desktop\filemanagerclient.exe
C:\Documents and Settings\Guest\Desktop\fkwp1.5.exe
C:\Documents and Settings\Guest\Desktop\fkwp2.0.exe
C:\Documents and Settings\Guest\Desktop\fwebd.exe
C:\Documents and Settings\Guest\Desktop\FWebdEditor.exe
C:\Documents and Settings\Guest\Desktop\Trojan.Win32.BlackBird.exe
C:\Documents and Settings\Guest\Desktop\virii
C:\WINDOWS\system32\admproc.dll
C:\WINDOWS\system32\CmdChk.dll
C:\WINDOWS\system32\jwjwrmlg.exe
C:\WINDOWS\system32\nmlwtaje.exe
C:\WINDOWS\system32\pibozghu.exe
C:\WINDOWS\system32\winver.bat

.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.

2008-07-04 13:15 . 2008-07-04 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zuzavmwh
2008-07-04 08:39 . 2008-07-04 08:39 102,400 --a------ C:\WINDOWS\system32\DbMnt.dll
2008-07-04 08:39 . 2008-07-04 08:39 102,400 --a------ C:\Documents and Settings\All Users\Application Data\qxwjanwr.dll
2008-07-04 08:38 . 2008-07-04 08:38 110,592 --a------ C:\WINDOWS\system32\cfcdmzct.exe
2008-07-03 20:12 . 2008-07-03 20:12 114,688 --a------ C:\WINDOWS\system32\dscsmartsys.dll
2008-07-03 20:12 . 2008-07-03 20:12 114,688 --a------ C:\Documents and Settings\All Users\Application Data\ijktmheh.dll
2008-07-03 20:12 . 2008-07-03 20:12 110,592 --a------ C:\WINDOWS\system32\jifslkvc.exe
2008-07-02 21:30 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
2008-07-02 21:30 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\dllcache\snmpmib.dll
2008-07-01 20:06 . 2008-07-01 20:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 20:06 . 2008-07-01 20:06 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\Malwarebytes
2008-07-01 20:06 . 2008-07-01 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 20:06 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 20:06 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 20:47 . 2008-06-28 20:47 <DIR> d-------- C:\Program Files\CCleaner
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\SUPERAntiSpyware.com
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-27 20:58 . 2003-03-29 15:45 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-27 20:58 . 2003-09-15 13:56 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-06-27 20:52 . 2008-02-28 14:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-27 20:52 . 2008-02-28 14:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-27 20:51 . 2008-06-27 20:51 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-27 19:58 . 2008-06-27 19:58 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-27 19:54 . 2008-06-27 19:54 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-27 19:54 . 2008-06-27 20:58 <DIR> d-------- C:\Program Files\Ahead
2008-06-27 19:54 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-06-27 19:54 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-06-27 19:54 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-06-27 19:54 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-27 19:54 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-06-25 21:14 . 2008-06-25 21:14 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Nero
2008-06-25 01:00 . 2008-06-25 01:00 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\Nero
2008-06-25 00:53 . 2008-06-25 00:53 <DIR> d-------- C:\Program Files\Nero
2008-06-25 00:53 . 2008-06-27 20:53 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-25 00:53 . 2008-06-27 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-23 22:11 . 2008-06-23 22:11 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\Ahead
2008-06-23 19:32 . 2008-06-23 19:32 <DIR> d-------- C:\OS
2008-06-22 00:15 . 2008-05-09 21:05 364,631 --a------ C:\WINDOWS\system32\vnetlib.dll
2008-06-22 00:15 . 2008-05-09 21:05 135,168 --a------ C:\WINDOWS\system32\vmnat.exe
2008-06-22 00:15 . 2008-05-09 21:05 106,496 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2008-06-22 00:15 . 2008-05-09 21:05 15,744 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-06-22 00:07 . 2008-06-22 00:08 <DIR> d-------- C:\Program Files\Common Files\VMware
2008-06-22 00:06 . 2008-06-22 00:07 <DIR> d-------- C:\Program Files\VMware
2008-06-21 21:35 . 2008-06-21 21:35 <DIR> d-------- C:\Program Files\MSN Messenger
2008-06-21 20:54 . 2008-06-21 20:55 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-21 20:49 . 2008-06-21 20:49 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\DAEMON Tools
2008-06-21 20:24 . 2008-06-21 21:19 <DIR> d-------- C:\Program Files\MagicISO
2008-06-17 23:12 . 2008-06-17 23:12 49,152 --a------ C:\WINDOWS\system32\TCD.mdb
2008-06-16 22:23 . 2008-07-04 19:23 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\VMware
2008-06-16 22:05 . 2008-05-09 21:05 10,240 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2008-06-16 22:05 . 2008-05-09 21:05 9,600 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-06-16 22:05 . 2008-05-09 21:05 5,120 -ra------ C:\WINDOWS\system32\vnetinst.dll
2008-06-16 22:04 . 2008-06-22 00:14 1,024 --a------ C:\.rnd
2008-06-16 21:56 . 2008-06-28 09:03 <DIR> d-------- C:\Virtual Machines
2008-06-15 02:59 . 2008-06-28 09:56 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\VMware
2008-06-15 02:54 . 2008-07-04 19:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-15 02:50 . 2008-07-04 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 10:05 --------- d-----w C:\Documents and Settings\sreevas\Application Data\DNA
2008-06-27 19:54 --------- d--h--r C:\Documents and Settings\sreevas\Application Data\yahoo!
2008-06-27 19:54 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-27 19:44 --------- d-----w C:\Program Files\Java
2008-06-27 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 20:12 --------- d-----w C:\Program Files\Yahoo!
2008-06-21 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-21 19:49 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 21:40 --------- d-----w C:\Program Files\DivX
2008-05-09 20:05 97,152 ----a-w C:\WINDOWS\system32\drivers\vmx86.sys
2008-05-09 20:05 23,296 ----a-w C:\WINDOWS\system32\drivers\vmnetbridge.sys
2008-05-09 20:05 22,016 ----a-w C:\WINDOWS\system32\drivers\hcmon.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-01-28 00:06 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-04-19 15:04 184 -c--a-w C:\Program Files\dynamips-start.cmd
2006-09-06 00:04 14 -c--a-w C:\Documents and Settings\sreevas\getfile.dat
2006-04-24 23:15 9,692,886 -c--a-w C:\Program Files\vlc-0[1].8.4a-win32.exe
2006-04-24 22:54 12,662,176 -c--a-w C:\Program Files\RealPlayer10-5GOLD.exe
2006-04-20 01:00 396,328 -c--a-w C:\Program Files\msgr75us.exe
2006-04-16 21:15 28,104 -c--a-w C:\Documents and Settings\sreevas\Application Data\GDIPFONTCACHEV1.DAT
2006-04-26 11:23 56 -csh--r C:\WINDOWS\system32\CE2AE7E268.sys
2005-06-20 14:56 114,688 --sh--w C:\WINDOWS\system32\RavDr.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-03_20.13.28.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-03 19:08:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-04 18:21:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-03 18:57:27 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-04 17:51:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-03 18:57:27 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-04 17:51:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-04 18:22:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66BD2957-01C2-C9C2-8715-03563FC92716}]
2008-07-04 08:39 102400 --a------ C:\WINDOWS\system32\DbMnt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"fhibdqrh"="C:\WINDOWS\system32\cfcdmzct.exe" [2008-07-04 08:38 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"Ravcy"="C:\WINDOWS\system32\RavDr.exe" [2005-06-20 15:56 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 23:19 393216 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CLBR"= P1001Dex.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sreevas^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
=
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-06-29 10:14 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2003-01-27 17:16 376912 C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a--c--- 2005-08-31 11:06 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a--c--- 2004-07-30 12:04 245760 C:\Program Files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 10:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 07:51 306688 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-11-01 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 11:54 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
--a--c--- 1994-06-03 09:20 34272 C:\TCWIN45\PIPELINE\REMIND.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
--a------ 2007-01-16 13:59 4838952 C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
--a------ 2007-11-30 05:42 1164576 C:\PROGRA~1\McAfee\MHN\McENUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
--------- 2005-09-26 10:26 110592 C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-11-28 18:35 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-05-26 10:39 214560 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra--c--- 2006-11-24 01:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-26 10:39 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2005-11-29 04:56 761947 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-26 10:38 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-12-19 17:31 3477504 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\VitalTech Group\\IOSHunter\\IOSHunter.exe"=
"C:\\Program Files\\GNS3\\Dynamips\\dynamips-wxp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-05-07 11:50]
R2 vmserverdWin32;VMware Registration Service;"C:\Program Files\VMware\VMware Server\vmserverdWin32.exe" [2008-05-09 21:05]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]
S3 P1001VID;Creative WebCam (WDM);C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-01-30 03:25]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 23:58]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]
S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys [2005-07-15 14:47]
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [2005-07-15 14:48]
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys [2005-07-15 14:48]
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [2005-07-15 14:49]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys [2005-07-15 14:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-04 17:59:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-15 00:26:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-29 21:30:45 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 19:34:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-07-04 19:37:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-04 18:37:45
ComboFix2.txt 2008-07-03 19:14:04

Pre-Run: 1,433,980,928 bytes free
Post-Run: 1,413,853,184 bytes free

331 --- E O F --- 2008-06-22 23:36:54

Cheers,
Sree

LIFE is so simple, if you know the reason of your existence at certain place. Treat every step as first one and trust god, friends, relatives and everyone.

 

Its a simple magic trick given to me by one friend also and I am at this stage  :love4u:


#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:28 PM

Posted 04 July 2008 - 03:43 PM

Hello Sree,

In the mean time some malware reproduced, so we'll have to repeat this last step. :thumbsup:

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
C:\WINDOWS\system32\DbMnt.dll
C:\Documents and Settings\All Users\Application Data\qxwjanwr.dll
C:\WINDOWS\system32\cfcdmzct.exe
C:\WINDOWS\system32\dscsmartsys.dll
C:\Documents and Settings\All Users\Application Data\ijktmheh.dll
C:\WINDOWS\system32\jifslkvc.exe
Folder::
C:\Documents and Settings\All Users\Application Data\zuzavmwh
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66BD2957-01C2-C9C2-8715-03563FC92716}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fhibdqrh"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 sreez

sreez
  • Topic Starter

  • Members
  • 634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai(UAE)
  • Local time:12:28 AM

Posted 04 July 2008 - 06:13 PM

Hi thunder,

I'm really surprised you work so late and the way you analyze this advanced concepts, you guys are genius.

Anyways here is the combofix and hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:51 AM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RavDr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\sreevas\My Documents\software\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=en&s=gen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Ravcy] C:\WINDOWS\system32\RavDr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9028 bytes


Combofix
ComboFix 08-07-02.5 - sreevas 2008-07-04 23:57:01.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.136 [GMT 1:00]
Running from: C:\Documents and Settings\sreevas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sreevas\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\All Users\Application Data\ijktmheh.dll
C:\Documents and Settings\All Users\Application Data\qxwjanwr.dll
C:\WINDOWS\system32\cfcdmzct.exe
C:\WINDOWS\system32\DbMnt.dll
C:\WINDOWS\system32\dscsmartsys.dll
C:\WINDOWS\system32\jifslkvc.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ijktmheh.dll
C:\Documents and Settings\All Users\Application Data\qxwjanwr.dll
C:\Documents and Settings\All Users\Application Data\zuzavmwh
C:\Documents and Settings\All Users\Application Data\zuzavmwh\cdoxmdyr.exe
C:\WINDOWS\system32\cfcdmzct.exe
C:\WINDOWS\system32\DbMnt.dll
C:\WINDOWS\system32\dscsmartsys.dll
C:\WINDOWS\system32\jifslkvc.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.

2008-07-02 21:30 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
2008-07-02 21:30 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\dllcache\snmpmib.dll
2008-07-01 20:06 . 2008-07-01 20:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 20:06 . 2008-07-01 20:06 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\Malwarebytes
2008-07-01 20:06 . 2008-07-01 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 20:06 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 20:06 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 20:47 . 2008-06-28 20:47 <DIR> d-------- C:\Program Files\CCleaner
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\SUPERAntiSpyware.com
2008-06-28 18:11 . 2008-06-28 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-27 20:58 . 2003-03-29 15:45 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-27 20:58 . 2003-09-15 13:56 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-06-27 20:52 . 2008-02-28 14:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-27 20:52 . 2008-02-28 14:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-27 20:51 . 2008-06-27 20:51 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-27 19:58 . 2008-06-27 19:58 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-27 19:54 . 2008-06-27 19:54 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-27 19:54 . 2008-06-27 20:58 <DIR> d-------- C:\Program Files\Ahead
2008-06-27 19:54 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-06-27 19:54 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-06-27 19:54 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-06-27 19:54 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-27 19:54 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-06-25 21:14 . 2008-06-25 21:14 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Nero
2008-06-25 01:00 . 2008-06-25 01:00 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\Nero
2008-06-25 00:53 . 2008-06-25 00:53 <DIR> d-------- C:\Program Files\Nero
2008-06-25 00:53 . 2008-06-27 20:53 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-25 00:53 . 2008-06-27 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-23 22:11 . 2008-06-23 22:11 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\Ahead
2008-06-23 19:32 . 2008-06-23 19:32 <DIR> d-------- C:\OS
2008-06-22 00:15 . 2008-05-09 21:05 364,631 --a------ C:\WINDOWS\system32\vnetlib.dll
2008-06-22 00:15 . 2008-05-09 21:05 135,168 --a------ C:\WINDOWS\system32\vmnat.exe
2008-06-22 00:15 . 2008-05-09 21:05 106,496 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2008-06-22 00:15 . 2008-05-09 21:05 15,744 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-06-22 00:07 . 2008-06-22 00:08 <DIR> d-------- C:\Program Files\Common Files\VMware
2008-06-22 00:06 . 2008-06-22 00:07 <DIR> d-------- C:\Program Files\VMware
2008-06-21 21:35 . 2008-06-21 21:35 <DIR> d-------- C:\Program Files\MSN Messenger
2008-06-21 20:54 . 2008-06-21 20:55 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-21 20:49 . 2008-06-21 20:49 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\DAEMON Tools
2008-06-21 20:24 . 2008-06-21 21:19 <DIR> d-------- C:\Program Files\MagicISO
2008-06-17 23:12 . 2008-06-17 23:12 49,152 --a------ C:\WINDOWS\system32\TCD.mdb
2008-06-16 22:23 . 2008-07-04 19:23 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\VMware
2008-06-16 22:05 . 2008-05-09 21:05 10,240 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2008-06-16 22:05 . 2008-05-09 21:05 9,600 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-06-16 22:05 . 2008-05-09 21:05 5,120 -ra------ C:\WINDOWS\system32\vnetinst.dll
2008-06-16 22:04 . 2008-06-22 00:14 1,024 --a------ C:\.rnd
2008-06-16 21:56 . 2008-06-28 09:03 <DIR> d-------- C:\Virtual Machines
2008-06-15 02:59 . 2008-06-28 09:56 <DIR> d-------- C:\Documents and Settings\sreevas\Application Data\VMware
2008-06-15 02:54 . 2008-07-04 19:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-15 02:50 . 2008-07-04 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 18:53 6,788 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-29 10:05 --------- d-----w C:\Documents and Settings\sreevas\Application Data\DNA
2008-06-28 17:02 3,530 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-27 19:54 --------- d--h--r C:\Documents and Settings\sreevas\Application Data\yahoo!
2008-06-27 19:54 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-27 19:44 --------- d-----w C:\Program Files\Java
2008-06-27 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 20:12 --------- d-----w C:\Program Files\Yahoo!
2008-06-21 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-21 19:49 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 21:40 --------- d-----w C:\Program Files\DivX
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-09 20:05 97,152 ----a-w C:\WINDOWS\system32\drivers\vmx86.sys
2008-05-09 20:05 37,888 ----a-w C:\WINDOWS\system32\vmnetbridge.dll
2008-05-09 20:05 23,296 ----a-w C:\WINDOWS\system32\drivers\vmnetbridge.sys
2008-05-09 20:05 22,016 ----a-w C:\WINDOWS\system32\drivers\hcmon.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 21:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-28 00:06 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-04-19 15:04 184 -c--a-w C:\Program Files\dynamips-start.cmd
2006-09-06 00:04 14 -c--a-w C:\Documents and Settings\sreevas\getfile.dat
2006-04-24 23:15 9,692,886 -c--a-w C:\Program Files\vlc-0[1].8.4a-win32.exe
2006-04-24 22:54 12,662,176 -c--a-w C:\Program Files\RealPlayer10-5GOLD.exe
2006-04-20 01:00 396,328 -c--a-w C:\Program Files\msgr75us.exe
2006-04-16 21:15 28,104 -c--a-w C:\Documents and Settings\sreevas\Application Data\GDIPFONTCACHEV1.DAT
2006-04-26 11:23 56 -csh--r C:\WINDOWS\system32\CE2AE7E268.sys
2005-06-20 14:56 114,688 --sh--w C:\WINDOWS\system32\RavDr.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-03_20.13.28.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-03 19:08:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-04 18:21:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-03 18:57:27 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-04 22:55:46 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-03 18:57:27 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-04 22:55:46 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-04 18:22:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"Ravcy"="C:\WINDOWS\system32\RavDr.exe" [2005-06-20 15:56 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-26 10:38 185896]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 23:19 393216 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CLBR"= P1001Dex.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sreevas^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
=
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-06-29 10:14 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2003-01-27 17:16 376912 C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a--c--- 2005-08-31 11:06 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a--c--- 2004-07-30 12:04 245760 C:\Program Files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 10:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 07:51 306688 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-11-01 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 11:54 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
--a--c--- 1994-06-03 09:20 34272 C:\TCWIN45\PIPELINE\REMIND.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
--a------ 2007-01-16 13:59 4838952 C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
--a------ 2007-11-30 05:42 1164576 C:\PROGRA~1\McAfee\MHN\McENUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
--------- 2005-09-26 10:26 110592 C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-11-28 18:35 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-05-26 10:39 214560 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra--c--- 2006-11-24 01:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-26 10:39 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2005-11-29 04:56 761947 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-26 10:38 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-12-19 17:31 3477504 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\VitalTech Group\\IOSHunter\\IOSHunter.exe"=
"C:\\Program Files\\GNS3\\Dynamips\\dynamips-wxp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-05-07 11:50]
R2 vmserverdWin32;VMware Registration Service;"C:\Program Files\VMware\VMware Server\vmserverdWin32.exe" [2008-05-09 21:05]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]
S3 P1001VID;Creative WebCam (WDM);C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-01-30 03:25]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 23:58]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]
S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys [2005-07-15 14:47]
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [2005-07-15 14:48]
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys [2005-07-15 14:48]
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [2005-07-15 14:49]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys [2005-07-15 14:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-04 22:59:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-15 00:26:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-29 21:30:45 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 00:00:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-05 0:02:25
ComboFix-quarantined-files.txt 2008-07-04 23:02:18
ComboFix2.txt 2008-07-04 18:37:53
ComboFix3.txt 2008-07-03 19:14:04

Pre-Run: 1,406,205,952 bytes free
Post-Run: 1,385,508,864 bytes free

304 --- E O F --- 2008-06-22 23:36:54

LIFE is so simple, if you know the reason of your existence at certain place. Treat every step as first one and trust god, friends, relatives and everyone.

 

Its a simple magic trick given to me by one friend also and I am at this stage  :love4u:


#12 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:28 PM

Posted 05 July 2008 - 06:40 AM

Hello Sree,

That looks better. :thumbsup:

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following, if still present :R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, you can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
What problems remain now ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#13 sreez

sreez
  • Topic Starter

  • Members
  • 634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai(UAE)
  • Local time:12:28 AM

Posted 05 July 2008 - 08:03 AM

Hi Thunder,

I have deleted the files which you said. But I cant find the Java update which you said windows offline installation.
Can you also check that my system at start up, it takes almost 3 mins before I can use the internet browser. Also my Macfee is out of date can you suggest any free strong anti virus.

Really appreciated for your help till now.

Cheers,
Sreez

LIFE is so simple, if you know the reason of your existence at certain place. Treat every step as first one and trust god, friends, relatives and everyone.

 

Its a simple magic trick given to me by one friend also and I am at this stage  :love4u:


#14 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:28 PM

Posted 05 July 2008 - 09:02 AM

Hello Sree,

This is the Java download you need :
http://cds.sun.com/is-bin/INTERSHOP.enfini...dows-i586-p.exe

It might also be a good idea to have your VMware no longer start up with Windows.
Disable automatic startup and run when needed.

Free AV programs and other tips you can find here :
Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#15 sreez

sreez
  • Topic Starter

  • Members
  • 634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai(UAE)
  • Local time:12:28 AM

Posted 07 July 2008 - 05:50 AM

Hi Thunder,

I have gone through the topics to increase the performance of system. If there are any further issues I will get back to you.Now my system looks clean, thanks for helping me in flushing the garbage.

Cheers,
Sreez

LIFE is so simple, if you know the reason of your existence at certain place. Treat every step as first one and trust god, friends, relatives and everyone.

 

Its a simple magic trick given to me by one friend also and I am at this stage  :love4u:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users