-
JayBG needs help with malware removal
Hi,
I'm new to the forum but have had a problem for a few months now. I believed it was just adware that would pop up a new IE window, which was annoying but not necessarily malicious. Recently, though my computer will crash whenever video is run (seems to crash all video except WMV files).
Some background:
- Computer is several years old running Windows XP Home with service pack updates
- we've been running AVAST! as our primary protection
- based on some other sites I've tried Malewarebytes' Anti-Malware and Advanced System Care for periodic scans and system optimization (including registry fixes, which I now see is not recommended by this site)
As directed by "before you post" thread, I have:
- run ERUNT and created a registry backup point for this morning
- run DDS with the DDS.txt file following and ATTACH.txt as an attachment
Please let me know what to do next .... THANKS !!!!!!!!!!!!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Run by ZZadmin at 10:41:03 on 2011-11-14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.393 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://file.net/process/_a.html
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://mygmgw.gm.com/http://usabhma20.mail.gm.com/iNotes.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mygmgw.gm.com/http://usabhembma10.mail.gm.com/iNotes6W.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/12838be1816f2a23e906/netzip/RdxIE601.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mygmgw.gm.com/http://usabhembma10.mail.gm.com/dwa8W.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{00D379ED-BD69-48C0-AC8D-9E38EFC56EEA} : NameServer = 192.168.1.1
Notify: Themes - c:\windows\system32\o6480ghue6480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\zzadmin\application data\mozilla\firefox\profiles\u7mv6nbs.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-25 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-13 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-25 320856]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-25 353168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-25 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-24 44768]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-25 821080]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-10-14 86098]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
S0 shzu;shzu;c:\windows\system32\drivers\mpfy.sys --> c:\windows\system32\drivers\mpfy.sys [?]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-8-21 24636]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-11-7 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176]
S3 niemrkw;niemrkw;c:\windows\system32\drivers\niemrkw.sys --> c:\windows\system32\drivers\niemrkw.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-9-2 50704]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2005-9-29 131776]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 usb6xxxkw;usb6xxxkw;c:\windows\system32\drivers\usb6xxxkw.sys --> c:\windows\system32\drivers\usb6xxxkw.sys [?]
S3 usb9162k;NI-USB 9162 Carrier Loader Driver;c:\windows\system32\drivers\usb9162k.sys --> c:\windows\system32\drivers\usb9162k.sys [?]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 NiRioRpc;National Instruments RIO Server;c:\windows\system32\niriorpc.exe --> c:\windows\system32\NiRioRpc.exe [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2020-08-11 14:37:27 3991 ----a-w- c:\windows\system32\kbdcache.dll
.
==================== Find3M ====================
.
2011-11-06 19:03:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160021A rev.3.04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86BEAEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85952872; SUB DWORD [EBP-0x4], 0x8595212e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86FCCAB8]
3 CLASSPNP[0xF759005B] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000070[0x86EC59E8]
5 ACPI[0xF73CE620] -> nt!IofCallDriver[0x804E13B9] -> [0x86F25940]
[0x86DE6A78] -> IRP_MJ_CREATE -> 0x86BEAEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskST3160021A______________________________3.04____#4a35325348354748202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86BEAAEA
\Driver\atapi -> 0x86fd71f8
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 10:48:28.20 ===============
Another symptom I forgot to mention was that Google searches get hijacked ... the search seems successful, but the links in the search results are all redirected to somewhere unintended by the user or Google.
Thanks once again and let me know the next steps, PLEASE!!
SpyBot S&D results:
CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
CouponBar: [SBI $0508B240] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\TTB000001
CouponBar: [SBI $0508B240] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\TTB000001
CouponBar: [SBI $0508B240] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\TTB000001
SearchPixieBar: [SBI $B4D617E4] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\BestToolbars\IEToolbar
Fraud.Sysguard: [SBI $3BC81493] Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\wnxmal
Fraud.Sysguard: [SBI $3BC81493] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\wnxmal
Fraud.Sysguard: [SBI $3BC81493] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\wnxmal
Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes
Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes
SpyOnThis: [SBI $6CD506DA] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{2A1E37A4-04F1-5535-0715-F2C7C83EB4EE}
SpyOnThis: [SBI $440C9E27] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses\{041B0275E8944912A}
SpyOnThis: [SBI $E281A2CC] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses\{I41B0275E8944912A}
SpyOnThis: [SBI $2517715A] Program directory (Directory, fixed)
C:\Program Files\SpyOnThis\
Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com
Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com
Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com
Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1019\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com
GameVance: [SBI $E776375B] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1007\Software\gvtl
GameVance: [SBI $E776375B] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\gvtl
FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\FBSearch
FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\FBSearch
FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1007\Software\FBSearch
FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\FBSearch
FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\FBSearch
FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\TBSB07183
FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\TBSB07183
FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1007\Software\TBSB07183
FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\TBSB07183
Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
DSSAgent: [SBI $BF58EA32] Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Broderbund software\dss
Smitfraud-C.MSVPS: [SBI $6FE8300C] Text file (File, fixed)
C:\WINDOWS\dat.txt
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Right Media: Tracking cookie (Internet Explorer: ZZadmin) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Guest (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
WebTrends live: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
BlueStreak: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
HitsLink: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
CoreMetrics: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
LinkSynergy: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
LinkSynergy: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
AdRevolver: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
AdRevolver: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
WebTrends live: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
CoreMetrics: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-11-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-08-29 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-10-31 Includes\Malware.sbi (*)
2011-11-08 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-10-11 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-10-18 Includes\Spyware.sbi (*)
2011-10-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2011-11-09 Includes\TrojansC-02.sbi (*)
2011-11-09 Includes\TrojansC-03.sbi (*)
2011-10-28 Includes\TrojansC-04.sbi (*)
2011-11-03 Includes\TrojansC-05.sbi (*)
2011-11-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Last edited by Blade81; 2011-11-15 at 15:43.
Reason: Two posts merged. Helpers look for topics with 0 replies.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
