Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Redirect/Pop up virus, Computer running slow


  • This topic is locked This topic is locked
13 replies to this topic

#1 snowdude1

snowdude1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 17 July 2009 - 10:59 PM

I have a redirect hijack virus again, it reads"Windows Click". (even though I run Trendmicro PC-illion 12) :thumbup2: . this time it isnt aloowing me to open Malewarebytes. Its running at about 1/10 speed. My computer constantly crashes now (2 gig ram on XP). The virues are running bogus spyware cleaner ads. I had almost the same virus last time, Thanks for the help ahead of time!

Also I did a HJT scan in safemode and a URL redirecter showed up running. It is redirecting me to Info.com search engine
I cannot get into the device manager.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:15 PM, on 7/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-TBFJ2.exe" /REG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {69F497FB-5082-4EA4-9305-9E19F20A2BFF} (MaxisSimCity3TeleX Control) - http://simcity3000unlimited.ea.com/telepor...mCity3TeleX.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 6442 bytes


Ok Weather!

Edited by snowdude1, 18 July 2009 - 09:43 PM.


BC AdBot (Login to Remove)

 


#2 snowdude1

snowdude1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 18 July 2009 - 02:06 PM

Update: Also now getting BSOD's and most of the ads on pages are for spyware protect 2009, and other antivirus things. PLEASE HELP! Its also no longer letting me use Highjackthis!!!! I could not access my documents, Pictures or music, until i rebooted. I think its a Win32/ rotkit but im not sure.

Hello snowdude1,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by snowdude1, 19 July 2009 - 11:48 AM.


#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:50 AM

Posted 23 July 2009 - 09:50 PM

Hello snowdude1,


Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

*************



If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool2.exe
Proceed installing the renamed installer of MBAM.

If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool3.exe, double click newtool3.exe to proceed in running a Full scan.


Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 snowdude1

snowdude1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 24 July 2009 - 06:10 PM

I got Malewarebytes running and it cleared out most of it I think, not more redirects, runs fast as usual. However now im getting error messages prompting me to use the chkdsk utility, but its not fixing it.


Windows Defender
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 14
Adobe Flash Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Spybot SDHelper is disabled!
TRENDM~1 INTERN~1 PcCtlCom.exe
Trend Micro Internet Security 12 pccguide.exe
TRENDM~1 INTERN~1 Tmntsrv.exe
TRENDM~1 INTERN~1 tmproxy.exe
TRENDM~1 INTERN~1 TmPfw.exe
Spybot - Search & Destroy TeaTimer.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Very random)

`````````End of Log```````````

Edited by snowdude1, 24 July 2009 - 09:31 PM.


#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:50 AM

Posted 24 July 2009 - 07:39 PM

Hi snowdude1,

Please post the Malwarebytes log and Hijackthis log.
The MBAM log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Edited by SifuMike, 24 July 2009 - 07:40 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 snowdude1

snowdude1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 24 July 2009 - 09:33 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:15 PM, on 7/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {69F497FB-5082-4EA4-9305-9E19F20A2BFF} (MaxisSimCity3TeleX Control) - http://simcity3000unlimited.ea.com/telepor...mCity3TeleX.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6923 bytes


Malwarebytes' Anti-Malware 1.36
Database version: 1979
Windows 5.1.2600 Service Pack 3

4/26/2009 9:14:35 PM
mbam-log-2009-04-26 (21-14-35).txt

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/21/2009 9:21:31 AM
mbam-log-2009-07-21 (09-21-31).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 210100
Time elapsed: 1 hour(s), 16 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\qoobox\quarantine\c\windows\system32\UACafujnkvbwxfxdilns.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\windows\system32\UACcbvpyiiqlsivxsvdw.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\windows\system32\UACfawmkubabdipyymio.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\rp47\A0015449.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\rp47\A0015450.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\rp47\A0015451.dll (Trojan.TDSS)

Edited by snowdude1, 24 July 2009 - 09:34 PM.


#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:50 AM

Posted 24 July 2009 - 09:40 PM

Looks like you ran ComboFix by yourself. :thumbup2:

Why did you do that?

Edited by SifuMike, 26 July 2009 - 12:45 AM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 snowdude1

snowdude1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 24 July 2009 - 10:12 PM

i needed my computer, couldent wait a week.... is that a bad thing?

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:50 AM

Posted 24 July 2009 - 10:14 PM

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 snowdude1

snowdude1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 24 July 2009 - 11:27 PM

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Ok, well what should I do then? At the time i figured if something went wrong I would just re-install the os, I needed the computer working...

Edited by snowdude1, 24 July 2009 - 11:32 PM.


#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:50 AM

Posted 25 July 2009 - 12:43 PM

Ok, well what should I do then?

Not run it on your own (without supervision of a malware expert). ComboFix is NOT for private use. I have seen cases of a reformat and reload required when people run it on their own.


1. Post the Combofix log. It should be located at C:\Combofix.txt

2. Open HijackThis 2.0.2
Press the button 'View Misc Tools Section'
Press the button 'open uninstall manager'
Press the button 'save list'
Save it to your desktop.
Press Save. Save it your desktop.
A notepad file will open.
If no notepad opens then it will be on your desktop (where you saved it)
Post the content here in your reply.
Close HijackThis.



3. Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

4.

Malwarebytes' Anti-Malware 1.36
Database version: 1979


You ran an ancient version of malwarebyres and its datbase. Update Malwarebytes and the database, run with a Full Scan and post the log.

Edited by SifuMike, 25 July 2009 - 12:48 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 snowdude1

snowdude1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 25 July 2009 - 01:15 PM

ComboFix 09-07-20.04 - Ben Gorecki 07/21/2009 12:06.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2038.1410 [GMT -5:00]
Running from: c:\documents and settings\Ben Gorecki\My Documents\Downloads\C-Fix.exe
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\mkil.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fhwowdij


((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

(Shortend List to Fit in post)
2009-07-21 04:07 . 2009-07-21 04:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-20 23:44 . 2009-07-20 23:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-20 23:44 . 2009-07-20 23:44 -------- d-----w- c:\documents and settings\Ben Gorecki\Application Data\SUPERAntiSpyware.com
2009-07-20 23:44 . 2009-07-20 23:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-19 17:04 . 2009-07-20 23:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-19 17:04 . 2009-07-19 17:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-19 16:56 . 2009-07-19 16:56 -------- d-----w- c:\program files\Panda USB Vaccine
2009-07-19 00:02 . 2009-07-19 00:02 -------- d-----w- c:\program files\Safari
2009-07-18 23:44 . 2009-07-18 23:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-07-18 23:44 . 2009-07-18 23:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-07-18 23:32 . 2009-07-18 23:32 44344 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-18 23:22 . 2009-07-18 23:22 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-18 23:22 . 2009-07-18 23:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-18 18:58 . 2009-07-18 18:58 -------- d-----w- c:\program files\FileASSASSIN
2009-07-18 03:22 . 2009-07-18 03:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-14 21:22 . 2009-07-14 21:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-14 19:08 . 2009-07-14 19:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-14 19:07 . 2009-07-14 19:07 -------- d-sh--w- c:\documents and settings\Ben Gorecki\IECompatCache
2009-07-14 17:14 . 2009-02-20 18:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-14 17:14 . 2009-02-20 18:09 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-07-13 19:31 . 2009-07-13 19:31 -------- d-----w- c:\program files\Windows Defender
2009-06-21 20:04 . 2009-06-21 20:04 -------- d-----w- c:\documents and settings\Ben Gorecki\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 22:35 . 2008-04-02 01:31 -------- d-----w- c:\documents and settings\Ben Gorecki\Application Data\mIRC
2009-07-20 21:59 . 2008-07-01 20:51 34 ----a-w- c:\documents and settings\Ben Gorecki\jagex_runescape_preferences.dat
2009-07-20 21:14 . 2008-04-02 01:31 -------- d-----w- c:\program files\mIRC
2009-07-19 16:30 . 2005-12-10 19:11 -------- d-----w- c:\program files\Java
2009-07-19 16:26 . 2009-04-14 00:08 -------- d-----w- c:\program files\Happy Fun Game
2009-07-18 03:42 . 2009-07-18 03:42 687104 ----a-w- c:\windows\isRS-000.tmp
2009-07-18 01:29 . 2009-07-18 01:29 1063696 ----a-w- c:\windows\system32\rn.tmp
2009-07-13 18:36 . 2009-04-14 00:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:36 . 2009-04-14 00:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-30 18:39 . 2005-12-25 21:18 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-30 18:39 . 2005-12-25 21:18 104 --sh--r- c:\windows\system32\1490F3F7DA.sys
2009-06-21 06:24 . 2009-06-21 06:24 152576 ----a-w- c:\documents and settings\Ben Gorecki\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-21 01:24 . 2009-06-21 01:24 390664 ----a-w- c:\documents and settings\Ben Gorecki\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-10 01:51 . 2009-05-23 16:42 -------- d-----w- c:\program files\Audacity
2009-06-10 01:49 . 2009-05-21 23:41 -------- d-----w- c:\program files\Lame for Audacity
2009-06-02 02:12 . 2008-06-04 01:16 39116 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-02 00:33 . 2005-12-25 21:18 44344 -c--a-w- c:\documents and settings\Ben Gorecki\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 22:17 . 2009-06-01 22:17 -------- d-----w- c:\program files\Stardock
2009-06-01 22:09 . 2009-06-01 22:09 -------- d-----w- c:\program files\TGTSoft
2009-05-28 21:59 . 2009-05-28 21:59 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-28 21:59 . 2005-12-10 19:19 -------- d-----w- c:\program files\Common Files\Real
2009-05-28 21:59 . 2009-05-28 21:59 -------- d-----w- c:\program files\Real
2009-05-24 17:10 . 2009-05-24 17:10 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-21 16:33 . 2009-04-28 01:12 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 19:55 . 2009-05-20 19:55 94208 ----a-w- c:\program files\GooredFix.exe
2009-04-28 01:11 . 2009-04-28 01:11 152576 ----a-w- c:\documents and settings\Ben Gorecki\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-15 20:30 . 2009-07-18 23:58 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-04-14 00:12 . 2009-06-02 00:26 1695232 --sha-w- c:\windows\FlyakiteOSX\Backup\msmsgs.exe
2008-04-14 00:12 . 2008-08-31 04:05 1695232 --sha-w- c:\windows\ServicePackFiles\i386\msmsgs.exe
.

------- Sigcheck -------

[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-10 11:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 00:11 629760 0235E6C41328F5A77A572A4ECA5737C0 c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comctl32.dll
[7] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 00:11 629760 0235E6C41328F5A77A572A4ECA5737C0 c:\windows\system32\comctl32.dll
[7] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\InstallTemp\3440391\comctl32.dll
[7] 2004-08-10 11:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-10 11:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2008-04-14 10:42 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-07-21_04.36.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-21 17:12 . 2009-07-21 17:12 16384 c:\windows\Temp\Perflib_Perfdata_684.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 13:05 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 Icecast;Icecast Media Server;c:\program files\Icecast2 Win32\icecastService.exe [4/30/2008 9:27 PM 393216]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 5:30 PM 205328]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 5:30 PM 36368]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 lurgg;lurgg;c:\windows\system32\drivers\enhum.sys --> c:\windows\system32\drivers\enhum.sys [?]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 5:30 PM 290889]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 5:30 PM 585792]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 5:30 PM 262215]
S3 DellBIOS;DellBIOS;\??\c:\docume~1\BENGOR~1\LOCALS~1\Temp\DellBIOS.Sys --> c:\docume~1\BENGOR~1\LOCALS~1\Temp\DellBIOS.Sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.runescape.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Search
Trusted Zone: musicmatch.com\online
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {69F497FB-5082-4EA4-9305-9E19F20A2BFF} - hxxp://simcity3000unlimited.ea.com/teleport/simcity/MaxisSimCity3TeleX.cab
FF - ProfilePath - c:\docume~1\BENGOR~1\APPLIC~1\Mozilla\Firefox\Profiles\c2aodfki.default\
FF - plugin: c:\documents and settings\Ben Gorecki\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 12:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\8a66b7f103a948cf808f6f7b3fe84a06d87ff3e2.xml 4309 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\8a7e4d9bcee1be1b7cf1f64358dae8c0950f4517.xml 4416 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\8ab5c2ebd340d2c19cef17e24b116a74e19a53dc.xml 4535 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\8aba94a59e79a0e611d130feaed67341dedd80bf.xml 4439 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\8aecdaf9d16dd51a0ab069c2530ff9634a195cf5.xml 4395 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\8b6bae519cfef4e055aad959014b55b2e5078335.xml 4353 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\8b6de54e67278fd7de23ae7cce756f2c37f28a8e.xml 4440 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\8b854070087c77d4421f1537413418a3b7790eed.xml 4428 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\90660e2a522f5127ae648d4bbda7a1fbf460cc47.xml 4382 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\90c2e84e31b94f52751cd476ab5948a37cf1cebd.xml 4513 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\90e720013e70ad638c95932b6a3e6dc39809e229.xml 4347 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\9109ac8577550243868dbc3424365acfc6c8d4dc.xml 4334 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\915a441ee433f5904b7da287b7a21db2da918274.xml 4319 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\91769650ff13b96da832f4bd307b1f7927ae93a0.xml 4330 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\91f46f79ea5acd4b6b70cfd28629de2391169b09.xml 4288 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\bb8ab34dcb8656fbc98279c619fe7938e5da01d7.xml 4217 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\bbcec261dda3e42cb7f193b86dbca46dabea419c.xml 4285 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\bbcee79a2c83580a54126548c20e91f59436cb19.xml 4443 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\bbe6787b569b90f6f833406b0c501af07e91c491.xml 4391 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\bc254288dc6758e68ec7d7992318a257d81321c3.xml 4397 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\bc26803b61f897f78963102d55e58d9c63a0b705.xml 4420 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\bc42a50adcd678ab5d9f03b32ba193cff4d5c682.xml 3949 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\bc88abafa2f6c36ddf3188298bfd1b53ef95efd0.xml 4220 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\bc8e2904de70dc094cb8f83f205e2e6299ce80cc.xml 4032 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\bcff138be69b1d3a92f67e00247b6a2e08f89093.xml 4566 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\bd1bc22c013b40ff874c78f44f772c97f09dd610.xml 4408 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\e506ad176dd91f6a433afd372aaf449032e2e993.xml 4506 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\e5088b27ffc73b527875f36c3c759c2a79c8d249.xml 4544 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\e52f4fbc9c0f606568074fb9287a6038806841dd.xml 4073 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\e546bdb2e0b47b6a0b025e34e81babd02a8283db.xml 4269 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\e551a099e3ec58ef8ea12f9714d992746adbef01.xml 4436 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\e560de286a36edbe6ce558d556abc4fd26e93969.xml 4330 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\e58e95fdb0b212b97cc98b0f45ad27cd8a40ab55.xml
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\e5b3fa6983558002b3fee089c793ec68c573c1d9.xml 4411 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\cb805a7e2a6efff6fff11138299f9b7116addf5b.xml 4488 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\cc2ef8465f2305b035090972c71c46ea45390019.xml 4394 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\cc5e627a42e77aa5f2d70ef7a9150e3d06d5ba72.xml 4478 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\cc7a0a52c1c9176b6d39a84affd8c13ef306eb63.xml 4121 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\cc7cd9a80508b5305da57d7a7d6be2534fcc4334.xml 4447 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\cca3580c0185922d9f5aa86207b83b13ce9932c7.xml 4530 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\ccd371fc45ea089f4f7d82a3efc3bde31865732d.xml 4242 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\623cf17cc1432a73d7746d81be4127debc9fa393.xml 4314 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\6effb7672dcdb967dbd42b5408b94102f1935d15.xml 4382 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\6f09755f4f5126d82a8448583371560053d317f3.xml 4423 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\6f294efd7b91cf47b5b51290c2aba41443e2bd5c.xml 4495 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\6f36a7b37cb20ddafa84d70ad9833a080fc47b72.xml 4352 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\6f708cbaf3bab808c134580c8326e2d333ee98f6.xml 4382 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\6f72f9539009d968d93f7db12f7161d39b10ef6b.xml 4521 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2\6f950cc4181c9b64379709fbe8f902e60fe48d8e.xml 4375 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#puma.vizu.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#puma.vizu.com\settings.sol 83 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#2mdn.net
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#2mdn.net\settings.sol 78 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#80.77.113.118
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#80.77.113.118\settings.sol 83 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.abc.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.abc.com\settings.sol 79 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.dolimg.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.dolimg.com\settings.sol 82 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.ooyala.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.ooyala.com\settings.sol 82 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a01test.xtube.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a01test.xtube.com\settings.sol 87 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a332.g.akamai.net
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a332.g.akamai.net\settings.sol 87 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#abumabobe.ab.ohost.de
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#abumabobe.ab.ohost.de\settings.sol 91 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ace.advertising.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ace.advertising.com\settings.sol 89 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#acvs.mediaonenetwork.net
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#acvs.mediaonenetwork.net\settings.sol 94 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adcontent.videoegg.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adcontent.videoegg.com\settings.sol 92 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#admin.brightcove.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#admin.brightcove.com\settings.sol 90 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ak.c.ooyala.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ak.c.ooyala.com\settings.sol 85 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#akimages.metacafe.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#akimages.metacafe.com\settings.sol 91 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#aolcdn.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#aolcdn.com\settings.sol 80 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com\settings.sol 88 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#assets.cobaltnitra.com
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#assets.cobaltnitra.com\settings.sol 92 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#assets.espn.go.com
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004D300976C160E2A1.qss 486422 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004D4009793230CE19.qss 496419 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004D50096B8320E416.qss 440370 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004D60096C6BB07C13.qss 444091 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004D7009673CE053DA.qss 422862 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004D80096F6630D68E.qss 456291 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004D9009714C70D4C2.qss 464071 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004DA009723E40A49E.qss 467940 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004DB009743370B3B5.qss 475959 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004B500974F7107B00.qss 479089 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004B60097A23C061F8.qss 500284 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004B70096A59708A88.qss 435607 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\CC64C810A616B04EBE99C073900CB7FD000004B800978201058EF.qss 492033 bytes
c:\docum\QMCache00\2C2F0214F4EC864096ECD52577E87C850000011E005435C7077BA.qss 275911 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\2C2F0214F4EC864096ECD52577E87C850000011F00541EBF06F55.qss 270015 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\2C2F0214F4EC864096ECD52577E87C8500000120005437C306FD9.qss 276419 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\2C2F0214F4EC864096ECD52577E87C850000012100542F18077FE.qss 274200 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\2C2F0214F4EC864096ECD52577E87C850000012200542E110770A.qss 273937 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\2C2F0214F4EC864096ECD52577E87C8500000123005432A506F6C.qss 275109 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\2C2F0214F4EC864096ECD52577E87C8500000124005436AE06F15.qss 276142 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\2C2F0214F4EC864096ECD52577E87C85000096560010DF7E01C22.qss 57214 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\2C2F0214F4EC864096ECD52577E87C85000096570010D42501C9F.qss 54309 bytes
c:\docume~1\BENGOR~1\APPLIC~1\Move Networks\QMCache00\2C2F0214F4EC864096ECD52577E87C85000096580010EED400242.qss 61140 bytes

scan completed successfully
hidden files: 1757

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-21 12:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-21 17:19
ComboFix2.txt 2009-07-21 04:39
ComboFix3.txt 2009-05-21 20:59
ComboFix4.txt 2009-05-20 21:57

Pre-Run: 32,155,553,792 bytes free
Post-Run: 32,135,729,152 bytes free

2001 --- E O F --- 2009-05-18 20:00

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:50 AM

Posted 25 July 2009 - 02:11 PM

Your forgot to post the other logs.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:50 AM

Posted 28 July 2009 - 08:49 AM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users