View Full Version : Vitumonde Again!!!
My pc had that monster virtumonde. I was away and a cousin of mine tried to fix it. I don't have many popups but I am being asked to update everyday and everytime I do, the same damn bubble pops up. (yellow sheild) here my latest kapersky scan. Please help. thank you.
Wednesday, December 19, 2007 2:28:29 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/12/2007
Kaspersky Anti-Virus database records: 488048
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects 91519
Number of viruses found 7
Number of infected objects 27
Number of suspicious objects 0
Duration of the scan process 02:05:47
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall\data\hwcache.xdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/ljhhh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mb skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip/ljhhh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mb skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip/ljhhh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mb skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip/ljhhh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mb skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip/lokpjntn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch.zip/dwdsrngt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch2.zip/dwdsrngt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_3d4.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Owner\Application Data\HorizonWimba\Pronto\debuglog\prontoLog.1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\MSHist012007121920071220\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite_dd6xTyI26Bp0Eqn Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_164.trc Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\byxwxyw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.byj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qmnhbowd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ublpvsey.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\yayvvus.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.byj skipped
C:\qoobox\Quarantine\catchme2007-12-15_142432.60.zip/ddccddc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.byj skipped
C:\qoobox\Quarantine\catchme2007-12-15_142432.60.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP688\A0150003.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP706\A0154105.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.byj skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP706\A0154106.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP706\A0154107.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP706\A0154108.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.byj skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP706\A0154113.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.byj skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP713\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DEECE70D-02BE-447E-89EC-44767A970C49}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wmfkljpw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
steamwiz
2007-12-19, 21:26
Hi
There is just 1 possibly active vundo file shown in that log ...
Most of them are in spybot backups, combofix backups or system restore points ...
Please do this :-
Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK
http://img.photobucket.com/albums/v624/29wood/Clipboard01-1.gif
Then ...
clean out the Spybot backups ...
1. Run Spybot
2. Click on "Recovery" on the left side
3. Place a checkmark in all of the boxes on the right side
4. From the top menu click on "Purge items"
5. This will remove those backups.
Then ...
Download ...
HiJackThis log - Trend Micro HijackThis 2.0.2
Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" and Paste (http://www.webmasternow.com/copyandpaste.html) the entire contents of the log (no attachments) into your next post.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or even required by your Operating System
Then ...
Download Superantispyware.
http://www.superantispyware.com/
Once downloaded and installed update the definitions
and then run a full system scan quarantine what it finds!
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
http://www.superantispyware.com/definitions.html
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Then ...
Please download Combofix: http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
and save to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
Please remember to post :-
1. SUPERAntiSpyware Scan Log
2. C:\ComboFix.txt
3. a new hijackthis log.( run after everything else)
steam
hi, i copy and pasted ComboFix /u and "windows cannot find combofix"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:08 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Horizon Wimba\Pronto\pronto.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /startup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pronto] "C:\Program Files\Horizon Wimba\Pronto\pronto.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - ?p=ZNxmk762CJUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.onerateld.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 11283 bytes
steamwiz
2007-12-20, 17:03
hi, i copy and pasted ComboFix /u and "windows cannot find combofix"
Have you already removed Combofix ?
If not, then delete the Combofix.exe file from your desktop & the :-
C:\qoobox ...folder
C:\Combofix ...folder
& any ...
C:\Combofix.txt ...files
Combofix.txt
Combofix2.txt
Combofix3.txt
Combofix-quarantined-files.txt
THEN go back to my last post and follow the directions to run SUPERAntiSpyware & a new download of Combofix
When you've done that ...
Run Hijackthis again and remove :-
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.onerateld.com
Then post a new hijackthis also...
steam
new hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:55 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Horizon Wimba\Pronto\pronto.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /startup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pronto] "C:\Program Files\Horizon Wimba\Pronto\pronto.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - ?p=ZNxmk762CJUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.onerateld.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 11403 bytes
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/23/2007 at 00:42 AM
Application Version : 3.9.1008
Core Rules Database Version : 3366
Trace Rules Database Version: 1365
Scan type : Complete Scan
Total Scan Time : 00:49:25
Memory items scanned : 471
Memory threats detected : 0
Registry items scanned : 7591
Registry threats detected : 4
File items scanned : 39704
File threats detected : 272
Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-1345614267-3486782314-3411148428-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com
HKU\S-1-5-21-1345614267-3486782314-3411148428-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com#*
HKU\S-1-5-21-1345614267-3486782314-3411148428-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com\www
HKU\S-1-5-21-1345614267-3486782314-3411148428-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com\www#*
Adware.Tracking Cookie
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@adredired[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@1070438744[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@1072590907[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@ads.veoh[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@edge.ru4[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@cgi-bin[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@altastat[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@1072734120[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@divx.112.2o7[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@1072734589[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@azjmp[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@bs.serving-sys[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@ads.adbrite[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@questionmarket[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@list[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@tremor.adbureau[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@ads.us.e-planning[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@login.tracking101[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@player[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@tacoda[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@realmedia[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@sales.liveperson[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@a.tribalfusion[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@tribalfusion[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@clicksor[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@2o7[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@specificclick[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@yadro[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@indexstats[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@richmedia.yahoo[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@revsci[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@collective-media[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@shoplocl.adbureau[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@1066588451[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@www.nicheflixxx[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@ads.bridgetrack[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@msnportal.112.2o7[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@adbrite[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@html[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@adopt.specificclick[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@adopt.euroclick[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@hotlog[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@trafficmp[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@lstat.youku[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@ads.pointroll[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@atwola[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@homestore.122.2o7[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@perf.overture[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@stats.file2upload[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@ecnext.advertserve[1].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@serving-sys[2].txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@media.mtvnservices[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2.go.globaladsales[1].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a.findarticles[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a.tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad1.clickhype[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevenue[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addesktop[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.albawaba[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.e-planning[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.expedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.gamesbannernet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.gametap[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.glispa[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.newgrounds[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.usercash[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.veoh[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads3.blastro[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads4.blastro[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserv.lawinfo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adreactor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.easyad[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultadworld[1].txt
C:\Documents and Settings\Owner\Cookies\owner@affiliate.budsinc[2].txt
C:\Documents and Settings\Owner\Cookies\owner@alllaw.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@americanbarassociation.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@amznshopbop.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bankruptcy.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@banner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bet.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bfm.valueclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@boards.lp.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@boostmobile.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@brightcove.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@celebrateexpress.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cf-db01.clickfacts[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cf-db02.clickfacts[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgm.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@crackle[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dailyheraldpaddockpublication.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dealtime[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dermadoctor.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@divx.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@divx.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wbmiakc5idq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliukdzekp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4ekczwbp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyqhcjwdo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiwgdjadp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eas.apm.emediate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eb.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ecnext.advertserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt
C:\Documents and Settings\Owner\Cookies\owner@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@employment.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@estate.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eyewonder[2].txt
C:\Documents and Settings\Owner\Cookies\owner@family.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@findarticles[1].txt
C:\Documents and Settings\Owner\Cookies\owner@findlaw[2].txt
C:\Documents and Settings\Owner\Cookies\owner@findlegalforms[1].txt
C:\Documents and Settings\Owner\Cookies\owner@h.starware[2].txt
C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@homestore.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hotlog[2].txt
C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[2].txt
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@immigration.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@injury.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@keywordmax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@library.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@linkto.mediafire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@lstat.youku[1].txt
C:\Documents and Settings\Owner\Cookies\owner@m1.webstats.motigo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@marketcenter.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@marketlive.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mattressusa.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.hotels[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.mtvnservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.myfoxny[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediafire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@messagespace.advertserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftwlmobilemkt.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportalbeetoffice2007.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mycounter.tinycounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@news.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner\Cookies\owner@oasc08006.247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@oqo.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[2].txt
C:\Documents and Settings\Owner\Cookies\owner@partners.webmasterplan[2].txt
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@popularscreensavers[1].txt
C:\Documents and Settings\Owner\Cookies\owner@public.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realestate.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@screensavers[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server2.mediatakeout[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@shopping.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@smileycentral[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats1.clicktracks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tgn.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@thomsonelite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tjx.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@track.bestbuy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@track.webgains[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.foxnews[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tremor.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@try.screensavers[1].txt
C:\Documents and Settings\Owner\Cookies\owner@try.starware[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tulsaworld.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@vhost.oddcast[2].txt
C:\Documents and Settings\Owner\Cookies\owner@viamtvcom.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@viamtvnvideo.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@viarnd.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@viavh1com.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@viavh1video.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@vitacost.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@web-tracker.blogspot[1].txt
C:\Documents and Settings\Owner\Cookies\owner@web4.realtracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@webtrack.bestsoftware[1].txt
C:\Documents and Settings\Owner\Cookies\owner@writ.news.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickmanage[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.eztrackz[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.findlegalforms[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.nicheflixxx[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.sswarez[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@a.tribalfusion[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.euroclick[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.bridgetrack[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.us.e-planning[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.veoh[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@divx.112.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ecnext.advertserve[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@edge.ru4[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@homestore.122.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hotlog[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@indexstats[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@lstat.youku[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@media.mtvnservices[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner\Local
PART 2
Settings\Temp\Cookies\owner@sales.liveperson[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@shoplocl.adbureau[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@stats.file2upload[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tremor.adbureau[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.nicheflixxx[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@yadro[1].txt
Adware.eZula
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP688\A0150003.EXE
Trojan.Downloader-Gen/BundleBase
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP703\A0153077.EXE
C:\WINDOWS\SYSTEM32\INEWC01\INEWC011065.EXE
Adware.Vundo-Variant/Small
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP706\A0154105.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP706\A0154108.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP706\A0154113.DLL
Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP706\A0154106.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP706\A0154107.DLL
Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP706\A0154114.DLL
steamwiz
2007-12-23, 20:40
Hi
That's some of what I asked you to do ... :)
I still need you to ...
hi, i copy and pasted ComboFix /u and "windows cannot find combofix"
Have you already removed Combofix ?
If not, then delete the Combofix.exe file from your desktop & the :-
C:\qoobox ...folder
C:\Combofix ...folder
& any ...
C:\Combofix.txt ...files
Combofix.txt
Combofix2.txt
Combofix3.txt
Combofix-quarantined-files.txt
THEN go back to my last post and follow the directions to download & run a new version of Combofix
When you've done that ...
Run Hijackthis again and remove :-
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.onerateld.com
Then post a new hijackthis also... (after running Combofix)
steam
This topic has been archived due to inactivity.
As it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread.
Applies only to the original poster, anyone else with similar problems please start a new topic.