View Full Version : attacked by virus
eitan
01-08-2008, 01:49 AM
Hi
I belived that my Pc is attacked by virus(browsing very slow ,Task mager cpu usage most of the time 100%......) my norton progrm "gone \lost"
I run /clean the conputer with " Regisytryfix / Regcure and try to downlod all antivirus progran - Norton ,AVG. NOD 32.... but can't finish install all the time and on all the program I have a massage that can't find the EXE file
and have to stop the install ! I tray all the programs the same massage
one thing I found that and belived that becouse of the virus in the temp directory I receiving 1000 files like " name -s1tc.5p size -0 kb every second a new file and I have to delete tham but receiving new agaiin ( I can see by the time ) I have to shot down the computer
Any suggestion
Thanks
;) ;)
classicsoftware
01-08-2008, 01:51 AM
Follow these (http://www.pcguide.com/vb/showthread.php?t=60009) instructions.
eitan
01-08-2008, 04:28 PM
Thanks for the instruction-
I will work on that after work
Please can you explain me again and I will follow them and what’d you want me to copy/paste the log and send it to you (before /after the running Hijack) and what else.
If you can give me the process by 1....2....3 it appreciated
Thank again
classicsoftware
01-08-2008, 07:24 PM
When you run Hijackthis, it will create a log. Paste the contents of the log in this thread for review.
eitan
01-08-2008, 08:13 PM
Hi
This is the log after running the hijack is big "14878 bytes"
Thank for the jelp and let me know the next step
Regarding the suspiction of virus :
- The browsing is slow - I connect a second pc and run fast same time
the M-SOFT logo( the flag) not running and the PC IS " Freezzing not moving"
- I receiving in the a Temp File a lot of files 100-1000 and more depend how long the PC is on and the file mame are by letters and number continually like aa1..aa2 aa3 ....ab1.. ab2.. and the size of them aro 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:41 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\DOCUME~1\user\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Application Data\tmp32BB.tmp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\HJT\HiJackThis.exe
I am sendinng a second post [/COLOR]
eitan
01-08-2008, 08:15 PM
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
R3 - URLSearchHook: Radio Israel Toolbar - {889eb3f6-f16b-4bc0-bc81-9c407c8a3240} - C:\Program Files\Radio_Israel\tbRad1.dll
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
I am sending the rest on a new post
eitan
01-08-2008, 08:18 PM
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {ab8cf3b1-f86a-df09-d8f4-48933ab20ba0} - {0ab02ba3-3984-4f8d-90fd-a68f1b3fc8ba} - C:\WINDOWS\system32\tmpFC.tmp.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: {498D520C-88E1-4F11-861D-B70A69F53691} - {2BEB3565-E25F-4021-9CE3-F97226BA686B} - C:\WINDOWS\system32\ddccbcy.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: Radio Israel Toolbar - {889eb3f6-f16b-4bc0-bc81-9c407c8a3240} - C:\Program Files\Radio_Israel\tbRad1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {eeb1421b-c273-4da7-91df-b99db2676d6d} - C:\WINDOWS\system32\mlandla.dll
O3 - Toolbar: Radio Israel Toolbar - {889eb3f6-f16b-4bc0-bc81-9c407c8a3240} - C:\Program Files\Radio_Israel\tbRad1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [b85fc722] rundll32.exe "C:\WINDOWS\jkheby.dll",b
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\user\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
and on more post "Sorry"
eitan
01-08-2008, 08:19 PM
last post
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm737YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?a8d2bf9800e24ef4a9ea1c8f82bc35ab
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?a8d2bf9800e24ef4a9ea1c8f82bc35ab
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - http://wwrex.com/download/AxLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190688151828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190688130796
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.geni.com/ImageUploader4.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://205.232.177.18/activex/AMC.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/ca/en/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://213.8.57.101/sre/ICSScanner.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/sis/axhost.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C276D404-5249-4BBD-A162-26754AE10CDD} (ClickToTalkAxObj Class) - http://www.gipscorp.com/solutions/CTT/download/ClickToTalkAx.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5201/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BF87AB2-F371-41CB-BB26-7C67B71E4F37}: NameServer = 216.254.141.13 209.90.160.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ddccyyw.dll
O20 - Winlogon Notify: mlandla - C:\WINDOWS\SYSTEM32\mlandla.dll
O23 - Service: DomainService - - C:\Documents and Settings\user\Application Data\tmp32BB.tmp.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 14878 bytes
Thanks
classicsoftware
01-08-2008, 09:09 PM
You are good and infected...
Please do the following:
Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop (it needs to be run from the Desktop). Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you.
Note:
Do not mouseclick Combofix's window while it is running. That may cause the program to stall...
Then:
Re-boot the system
Post the Combofix Log
Post a new HJT log
Tell us how the system is running.
eitan
01-09-2008, 12:25 AM
thanks it look faster but still .. the windows open slow it take me time to open Aoutlook and respond time from cliking the mouse is slow I can see all the time that the hard drive is spining long time ( read light)
but maybe now in qne two day will be ok I will let you know
Later i will try too install a an antivirus program what is your recomendation
and if you recomedet to use " RegCure and Registyfix once a nounth...
Regarding the log they are to big I will cut them
ComboFix 08-01-09.2 - user 2008-01-08 21:52:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.972.1033.18.111 [GMT -5:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\windows\system32\ddccyyw.dll
C:\Documents and Settings\user\Application Data\tmp12.tmp.exe
C:\Documents and Settings\user\Application Data\tmp13.tmp.exe
C:\Documents and Settings\user\Application Data\tmp132.tmp.exe
C:\Documents and Settings\user\Application Data\tmp14.tmp.exe
C:\Documents and Settings\user\Application Data\tmp148.tmp.exe
C:\Documents and Settings\user\Application Data\tmp16.tmp.exe
C:\Documents and Settings\user\Application Data\tmp17.tmp.exe
C:\Documents and Settings\user\Application Data\tmp173D.tmp.exe
C:\Documents and Settings\user\Application Data\tmp173E.tmp.exe
C:\Documents and Settings\user\Application Data\tmp18.tmp.exe
C:\Documents and Settings\user\Application Data\tmp19.tmp.exe
C:\Documents and Settings\user\Application Data\tmp1936.tmp.exe
C:\Documents and Settings\user\Application Data\tmp1938.tmp.exe
C:\Documents and Settings\user\Application Data\tmp1B7A.tmp.exe
C:\Documents and Settings\user\Application Data\tmp1B7C.tmp.exe
C:\Documents and Settings\user\Application Data\tmp266.tmp.exe
C:\Documents and Settings\user\Application Data\tmp268.tmp.exe
C:\Documents and Settings\user\Application Data\tmp312.tmp.exe
C:\Documents and Settings\user\Application Data\tmp321.tmp.exe
C:\Documents and Settings\user\Application Data\tmp32BB.tmp.exe
C:\Documents and Settings\user\Application Data\tmp32BF.tmp.exe
C:\Documents and Settings\user\Application Data\tmp32C0.tmp.exe
C:\Documents and Settings\user\Application Data\tmp32C1.tmp.exe
C:\Documents and Settings\user\Application Data\tmp32C4.tmp.exe
C:\Documents and Settings\user\Application Data\tmp32C6.tmp.exe
C:\Documents and Settings\user\Application Data\tmp32C7.tmp.exe
C:\Documents and Settings\user\Application Data\tmp32C9.tmp.exe
C:\Documents and Settings\user\Application Data\tmp38.tmp.exe
C:\Documents and Settings\user\Application Data\tmp3A.tmp.exe
C:\Documents and Settings\user\Application Data\tmp3B.tmp.exe
C:\Documents and Settings\user\Application Data\tmp3C.tmp.exe
C:\Documents and Settings\user\Application Data\tmp3D.tmp.exe
C:\Documents and Settings\user\Application Data\tmp5.tmp.exe
C:\Documents and Settings\user\Application Data\tmp7.tmp.exe
C:\Documents and Settings\user\Application Data\tmp704.tmp.exe
C:\Documents and Settings\user\Application Data\tmp706.tmp.exe
C:\Documents and Settings\user\Application Data\tmpD56.tmp.exe
C:\Documents and Settings\user\Application Data\tmpD59.tmp.exe
C:\Documents and Settings\user\Application Data\tmpD5A.tmp.exe
C:\Documents and Settings\user\Application Data\tmpD5C.tmp.exe
C:\Documents and Settings\user\Application Data\tmpF8.tmp.exe
C:\Documents and Settings\user\Application Data\tmpFB.tmp.exe
C:\Documents and Settings\user\Application Data\tmpFC.tmp.exe
C:\Documents and Settings\user\Application Data\tmpFD.tmp.exe
C:\Documents and Settings\user\Application Data\tmpFE.tmp.exe
C:\Program Files\ActivationManager\ActivationManager.dll
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\ADSTechnology\ADSTechnology.dll
C:\Program Files\autorun.inf
C:\Program Files\FunWebProducts\ScreenSaver\Images\003194CF.u rr
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\system32\ddccyyw.dll
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mlandla.dll
C:\WINDOWS\system32\ssqrpnn.dll
C:\WINDOWS\system32\tmp32C0.tmp.dll
C:\WINDOWS\system32\tmp32C7.tmp.dll
C:\WINDOWS\system32\tmpD5A.tmp.dll
C:\WINDOWS\system32\tmpFC.tmp.dll
C:\WINDOWS\system32\vturqoo.dll
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_SROSA
-------\DomainService
-------\srosa
eitan
01-09-2008, 12:27 AM
second post
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.
2008-01-08 22:00 . 0 C:\WINDOWS\ybehkj.tmp
2008-01-08 21:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 18:42 . 2008-01-08 19:22 <DIR> d-------- C:\HJT
2008-01-08 00:09 . 2008-01-08 00:09 <DIR> d-------- C:\Program Files\Support Tools
2008-01-07 23:24 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-07 23:24 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-07 23:24 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-07 23:24 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-07 23:24 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-07 23:24 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-07 23:24 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-07 23:24 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-07 22:25 . 2008-01-07 22:33 <DIR> d-------- C:\Program Files\RegistryFix
2008-01-07 21:23 . 2008-01-07 21:23 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-01-07 20:44 . 2008-01-07 20:55 <DIR> d-------- C:\Documents and Settings\user\Application Data\HouseCall 6.6
2008-01-06 22:27 . 2008-01-07 18:30 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-06 22:25 . 2008-01-06 22:25 <DIR> d-------- C:\Documents and Settings\user\Application Data\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Program Files\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-01-06 14:29 . 2008-01-06 14:29 <DIR> d-------- C:\Program Files\SymplisIT
2008-01-06 13:20 . 2008-01-06 14:18 <DIR> d-------- C:\Program Files\RegCure
2008-01-06 12:57 . 2008-01-06 23:24 <DIR> d-------- C:\Program Files\Registry Defender
2008-01-06 09:27 . 2008-01-06 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
2008-01-06 09:22 . 2008-01-06 09:22 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-06 09:12 . 2008-01-06 09:29 53,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-06 09:12 . 2008-01-06 09:29 2,848 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-06 09:12 . 2008-01-06 09:29 1,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-06 09:12 . 2008-01-06 09:29 1,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-06 08:03 . 2008-01-06 08:03 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-06 01:48 . 2008-01-06 14:59 40,776 ---hs---- C:\himem.ram
2008-01-06 01:27 . 2004-08-03 23:20 2,180,992 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-01-06 01:27 . 2004-08-03 23:20 2,180,992 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-06 00:32 . 2008-01-06 00:32 34,816 --a------ C:\WINDOWS\system\smvss.exe
2008-01-06 00:31 . 2008-01-06 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-06 00:30 . 2008-01-07 22:19 365 --a------ C:\WINDOWS\Ya.com
2008-01-05 23:20 . 2008-01-06 12:35 12,287,676 -r-hs---- C:\WINDOWS\himem.exe
2008-01-05 23:14 . 2001-07-28 07:37 650,208 --a------ C:\NDD.EXE
2008-01-05 23:14 . 2005-10-03 14:49 144,984 --a------ C:\n32dlist.dll
2008-01-05 23:14 . 2005-10-03 14:52 104,024 --a------ C:\lnkcom.dll
2008-01-05 23:14 . 2005-10-03 14:52 87,640 --a------ C:\mdscan.dll
2008-01-05 23:14 . 2005-10-03 14:48 75,352 --a------ C:\coregtst.dll
2008-01-05 23:14 . 2005-10-03 14:49 54,872 --a------ C:\ncomcat.dll
2008-01-05 23:14 . 2000-02-24 15:07 50,176 --a------ C:\csh.dll
2008-01-05 23:14 . 2005-10-03 14:49 34,392 --a------ C:\n32userl.dll
2008-01-05 23:14 . 2005-10-03 14:49 30,296 --a------ C:\eventlg.dll
2008-01-05 23:14 . 2000-06-07 18:47 8,192 --a------ C:\NDD32.DAT
2008-01-05 18:50 . 2008-01-05 18:50 <DIR> d-------- C:\Program Files\CCleaaner new
2008-01-05 18:07 . 2008-01-05 18:07 <DIR> d-------- C:\Documents and Settings\user\Application Data\Neotys
2008-01-05 18:04 . 2008-01-06 14:33 <DIR> d-------- C:\Program Files\Neoload
2008-01-05 17:12 . 2008-01-07 22:56 792,715 ---hs---- C:\WINDOWS\utsvyb.ini
2008-01-05 17:12 . 2008-01-05 17:12 74,532 --a------ C:\WINDOWS\byvstu.dll
2008-01-05 17:12 . 2008-01-05 17:12 13,312 --a------ C:\WINDOWS\system32\ddccbcy.dll
2008-01-05 16:52 . 2004-08-04 00:56 290,816 --a------ C:\WINDOWS\system32\adsiis.dll
2008-01-05 16:52 . 2004-08-04 00:56 133,632 --a------ C:\WINDOWS\system32\iisRtl.dll
2008-01-05 16:52 . 2004-08-04 00:56 68,608 --a------ C:\WINDOWS\system32\iisext.dll
2008-01-05 16:52 . 2004-08-04 00:56 64,512 --a------ C:\WINDOWS\system32\iismap.dll
2008-01-05 16:52 . 2004-08-04 00:56 43,520 --a------ C:\WINDOWS\system32\admwprox.dll
2008-01-05 16:52 . 2004-08-04 00:56 14,336 --a------ C:\WINDOWS\system32\exstrace.dll
2008-01-05 16:52 . 2004-08-04 00:56 13,312 --a------ C:\WINDOWS\system32\infoadmn.dll
2008-01-05 16:52 . 2004-08-04 00:56 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll
2008-01-05 16:52 . 2004-08-04 00:56 9,728 --a------ C:\WINDOWS\system32\rwnh.dll
2008-01-05 16:52 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2008-01-05 16:50 . 2008-01-08 00:07 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-05 16:50 . 2008-01-05 16:50 <DIR> d-------- C:\Inetpub
2008-01-04 22:51 . 2008-01-05 16:54 4,507 --a------ C:\WINDOWS\imsins.BAK
2008-01-02 23:26 . 2008-01-06 13:41 268 --ah----- C:\sqmdata19.sqm
2008-01-02 23:26 . 2008-01-06 09:59 244 --ah----- C:\sqmnoopt19.sqm
2008-01-02 08:19 . 2004-03-20 10:09 637,939 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-02 08:07 . 2008-01-08 18:35 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-02 07:42 . 2008-01-07 00:09 <DIR> d-------- C:\Program Files\AdwareAlert
2008-01-01 22:37 . 2008-01-01 22:38 <DIR> d-------- C:\Documents and Settings\user\Application Data\AdwareAlert
2008-01-01 22:37 . 2008-01-01 22:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PIE Service
2008-01-01 13:53 . 2008-01-06 09:59 268 --ah----- C:\sqmdata18.sqm
2008-01-01 13:53 . 2008-01-06 09:56 244 --ah----- C:\sqmnoopt18.sqm
2008-01-01 13:44 . 2008-01-08 22:00 798,927 ---hs---- C:\WINDOWS\ybehkj.ini
2008-01-01 13:44 . 2008-01-01 13:44 74,532 --a------ C:\WINDOWS\jkheby.dll
2008-01-01 13:44 . 2008-01-01 13:44 13,312 --a------ C:\WINDOWS\system32\jkkjkij.dll
2008-01-01 09:23 . 2008-01-06 09:56 268 --ah----- C:\sqmdata17.sqm
2008-01-01 09:23 . 2008-01-06 09:36 244 --ah----- C:\sqmnoopt17.sqm
2008-01-01 09:15 . 2008-01-06 09:36 268 --ah----- C:\sqmdata16.sqm
2008-01-01 09:15 . 2008-01-06 09:27 244 --ah----- C:\sqmnoopt16.sqm
2007-12-29 20:33 . 2007-12-29 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ilium Software
2007-12-29 20:29 . 2007-12-29 20:29 <DIR> d-------- C:\Program Files\Ilium Software
2007-12-29 20:29 . 2007-12-29 20:29 <DIR> d-------- C:\Documents and Settings\user\Application Data\Ilium Software
2007-12-29 16:38 . 2008-01-06 09:27 268 --ah----- C:\sqmdata15.sqm
2007-12-29 16:38 . 2008-01-06 08:45 244 --ah----- C:\sqmnoopt15.sqm
2007-12-29 15:50 . 2008-01-06 08:45 268 --ah----- C:\sqmdata14.sqm
2007-12-29 15:50 . 2008-01-06 08:34 244 --ah----- C:\sqmnoopt14.sqm
2007-12-29 15:46 . 2007-12-29 15:46 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-12-29 12:29 . 2007-12-29 12:29 <DIR> d-------- C:\Program Files\DeepNight
2007-12-29 12:05 . 2007-12-29 12:07 <DIR> d-------- C:\Program Files\Spb Wallet
2007-12-28 19:55 . 2007-12-28 19:55 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-28 19:55 . 2007-12-28 19:55 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-28 07:46 . 2008-01-06 08:34 268 --ah----- C:\sqmdata13.sqm
2007-12-28 07:46 . 2008-01-06 08:16 244 --ah----- C:\sqmnoopt13.sqm
2007-12-28 07:22 . 2008-01-06 08:16 268 --ah----- C:\sqmdata12.sqm
2007-12-28 07:22 . 2008-01-05 19:35 244 --ah----- C:\sqmnoopt12.sqm
2007-12-27 23:27 . 2007-12-27 23:27 <DIR> d-------- C:\Program Files\MobiMate
eitan
01-09-2008, 12:29 AM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-09 03:00 --------- d-----w C:\Program Files\lx_cats
2008-01-09 02:31 --------- d-----w C:\Documents and Settings\user\Application Data\Skype
2008-01-08 03:32 --------- d-----w C:\Program Files\eMule
2008-01-08 00:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-06 17:34 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-06 17:11 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-06 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-06 05:40 --------- d-----w C:\Program Files\Symantec
2008-01-06 00:33 --------- d-----w C:\Documents and Settings\user\Application Data\Babylon
2008-01-02 04:01 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-02 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-01-02 03:56 --------- d-----w C:\Program Files\Common Files\Research In Motion
2007-12-30 23:27 --------- d-----w C:\Program Files\MSECache
2007-12-29 20:46 --------- d-----w C:\Program Files\Yahoo!
2007-12-27 03:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 04:13 --------- d-----w C:\Documents and Settings\user\Application Data\Roxio
2007-12-24 03:50 10 ----a-w C:\Program Files\.autoreg
2007-12-19 12:40 256 ----a-w C:\Documents and Settings\user\pool.bin
2007-12-11 18:53 --------- d-----w C:\Documents and Settings\user\Application Data\dvdcss
2007-11-30 06:09 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:02 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-22 06:09 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-22 06:02 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-19 01:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2007-11-19 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-19 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-19 00:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 02:15 --------- d-----w C:\Program Files\Multi_Media
2007-11-12 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-06-25 04:15 92,064 ----a-w C:\Documents and Settings\user\mqdmmdm.sys
2007-06-25 04:15 9,232 ----a-w C:\Documents and Settings\user\mqdmmdfl.sys
2007-06-25 04:15 79,328 ----a-w C:\Documents and Settings\user\mqdmserd.sys
2007-06-25 04:15 66,656 ----a-w C:\Documents and Settings\user\mqdmbus.sys
2007-06-25 04:15 6,208 ----a-w C:\Documents and Settings\user\mqdmcmnt.sys
2007-06-25 04:15 5,936 ----a-w C:\Documents and Settings\user\mqdmwhnt.sys
2007-06-25 04:15 4,048 ----a-w C:\Documents and Settings\user\mqdmcr.sys
2007-06-25 04:15 25,600 ----a-w C:\Documents and Settings\user\usbsermptxp.sys
2007-06-25 04:15 22,768 ----a-w C:\Documents and Settings\user\usbsermpt.sys
2007-02-27 23:33 1,488 ----a-w C:\Program Files\QuickTax 2006 Standard.lnk
2007-02-27 23:33 1,470 ----a-w C:\Program Files\QuickTax 2006 Help.lnk
2006-11-08 01:50 20,265,160 ----a-w C:\Program Files\GoogleEarthWinProSetup.exe
2006-09-01 10:32 3,169,768 ----a-w C:\Program Files\bab_ttsm.exe
2006-09-01 03:23 2,923,034 ----a-w C:\Program Files\Babylon_Hebrew_English.BGL
2006-09-01 03:21 6,997,210 ----a-w C:\Program Files\Babylon_English.BGL
2006-09-01 03:16 12,444,712 ----a-w C:\Program Files\eng_heb_eng.exe
2006-09-01 03:07 3,271,144 ----a-w C:\Program Files\Babylon50_setup.exe
2006-09-01 02:54 11,633,640 ----a-w C:\Program Files\Babylon6_setup_eng_eng_oxford.exe
2006-08-31 11:21 16,451,776 ----a-w C:\Program Files\GoogleEarthPro.exe
2006-08-31 10:55 710,672 ----a-w C:\Program Files\Radio_Israel.exe
2006-08-31 01:35 10,332,640 ----a-w C:\Program Files\SkypeSetup.exe
2003-01-02 17:01 53 ----a-w C:\Program Files\QUICKBOOKS PRO 2003 RETAIL.TXT
2002-11-18 14:05 201 ----a-w C:\Program Files\CD.DAT
2002-11-13 15:36 26,287 ----a-w C:\Program Files\LICENSE AGREEMENT.TXT
2002-11-04 14:39 5,071 ----a-w C:\Program Files\README.TXT
2002-09-27 17:03 40,960 ----a-w C:\Program Files\SETUP.EXE
2002-09-27 17:03 299,008 ----a-w C:\Program Files\AUTORUN.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BEB3565-E25F-4021-9CE3-F97226BA686B}]
2008-01-05 17:12 13312 --a------ C:\WINDOWS\system32\ddccbcy.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{889EB3F6-F16B-4BC0-BC81-9C407C8A3240}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{B5146C40-189A-4311-BDA9-FBAE3E023187}
{1017A80C-6F09-4548-A84D-EDD6AC9525F0}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
{2913D3DD-9363-4C21-B205-C19A584A0674}
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1 ]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2913D3DD-9363-4C21-B205-C19A584A0674}"= C:\Program Files\Spb Wallet\SpbWalletToolbar.dll [2007-07-03 14:53 114688]
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1 ]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07 15360]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 02:06 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 02:06 86016]
"Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [2006-08-13 11:16 2441281]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48 286720]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 00:10 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-30 22:36 180269]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-13 15:43 1838592]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll" [2006-02-24 06:54 65536]
"b85fc722"="C:\WINDOWS\jkheby.dll" [2008-01-01 13:44 74532]
"devenv"="C:\WINDOWS\system\smvss.exe" [2008-01-06 00:32 34816]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 16:46 709992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-04 17:34 282624]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 16:45 279912]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
path=
backup=
[
eitan
01-09-2008, 12:30 AM
last post of combofix
HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 16:24 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-01-11 02:08 577536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 16:45]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);C:\WINDOWS\system32\Drivers\grmn0200.sys [2006-02-20 13:25]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;C:\WINDOWS\system32\Drivers\grmn1200.sys [2005-12-12 16:27]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRI VERS\motccgpfl.sys [2007-01-23 18:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 16:04]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 14:18]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 03:00:37 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-07 03:42:40 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 21:59:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\jkheby.dll
.
Completion time: 2008-01-08 22:11:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 03:11:11
.
2007-12-27 02:32:24 --- E O F ---
eitan
01-09-2008, 12:35 AM
and this is the new log of HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:19 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\HJT\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
R3 - URLSearchHook: Radio Israel Toolbar - {889eb3f6-f16b-4bc0-bc81-9c407c8a3240} - C:\Program Files\Radio_Israel\tbRad1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: {498D520C-88E1-4F11-861D-B70A69F53691} - {2BEB3565-E25F-4021-9CE3-F97226BA686B} - C:\WINDOWS\system32\ddccbcy.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Radio Israel Toolbar - {889eb3f6-f16b-4bc0-bc81-9c407c8a3240} - C:\Program Files\Radio_Israel\tbRad1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Radio Israel Toolbar - {889eb3f6-f16b-4bc0-bc81-9c407c8a3240} - C:\Program Files\Radio_Israel\tbRad1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll
eitan
01-09-2008, 12:36 AM
next post and the last of HJT:
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [b85fc722] rundll32.exe "C:\WINDOWS\jkheby.dll",b
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - [url]http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm737YYCA[/url]
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?a8d2bf9800e24ef4a9ea1c8f82bc35ab
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?a8d2bf9800e24ef4a9ea1c8f82bc35ab
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=67633[/url]
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - [url]http://www1.snapfish.com/SnapfishOutlookImport.cab[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab[/url]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab[/url]
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - [url]https://support.microsoft.com/OAS/ActiveX/odc.cab[/url]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://www1.snapfish.com/SnapfishActivia.cab[/url]
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - [url]http://wwrex.com/download/AxLoader.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab[/url]
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - [url]http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190688151828[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [url]http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190688130796[/url]
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - [url]http://www.geni.com/ImageUploader4.cab[/url]
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - [url]http://205.232.177.18/activex/AMC.cab[/url]
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www.ca.com/ca/en/securityadvisor/virusinfo/webscan.cab[/url]
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - [url]https://213.8.57.101/sre/ICSScanner.cab[/url]
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - [url]http://www.shockwave.com/content/tumblebugs/sis/axhost.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[/url]
O16 - DPF: {C276D404-5249-4BBD-A162-26754AE10CDD} (ClickToTalkAxObj Class) - [url]http://www.gipscorp.com/solutions/CTT/download/ClickToTalkAx.cab[/url]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5201/mcfscan.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BF87AB2-F371-41CB-BB26-7C67B71E4F37}: NameServer = 216.254.141.13 209.90.160.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-hope that all is clear
and thank again
classicsoftware
01-09-2008, 01:05 AM
Open Hijackthis and place a check next to:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: {498D520C-88E1-4F11-861D-B70A69F53691} - {2BEB3565-E25F-4021-9CE3-F97226BA686B} - C:\WINDOWS\system32\ddccbcy.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: rundll32.exe "C:\WINDOWS\jkheby.dll",b
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm737YYCA
Close all open Browser and program windows except for Hijackthis and click fix checked.
Then:
Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click [b]Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: (...it's important that all windows must be closed)
* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and Reboot.
Post the logs and let me know how things seem to be running...
Then:
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the Desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your Desktop icons.
Finally open the SDFix folder on your Desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
eitan
01-09-2008, 10:25 AM
Hi
I don't know if that will solve my problem that I found this morning
First I have to tell you that the PC is running fast and no problem
The problem is - when I open my email (Outlook Express 2003) its take for ever like I explain yesterday night I can't open attachment I receiving massages that M-Outlook is need to editing but nothing help after waiting long time I restart the PC but still I have to wait for Outlook to be opening (massage that outlook was not close properly and will Testing all files) take a lonk time more then 20 M
By open Windows Task manager I see that the CPU usage is between 40- 100% and only outlook was open.
I will follow your instruction at night
Thanks
eitan
01-09-2008, 11:44 PM
Hi
As you request run AVG AntiSpyware and test the PC
Rebuting XP/ IE/Browsing/ Outloock & attachment all running nice and fast
Her is the post after rununig AVG Anti Spyware:
post #1
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:11:12 PM 1/9/2008
+ Scan result:
C:\Program Files\iPod\ipod music\ [Full Albums Album 2005][mp3] Andre Rieu - Les mélodies de mon coeur + covers.RAR/[PC GAME MULTILANGUAGE] Europa Casino - Win real money from your home - Bonus 2400 _ to all new players.exe -> Adware.Casino : Cleaned.
C:\Documents and Settings\user\My Documents\E236479 My Documents\videos.exe -> Adware.Comet : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP143\A0017768.exe -> Adware.Comet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B5.tmp\uninstall onflow.exe -> Adware.OnFlow : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP132\A0016444.exe -> Adware.OnFlow : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP136\A0016741.exe -> Adware.OnFlow : Cleaned.
F:\Program Files\whInstall\whAgent.inf -> Adware.WebHancer : Cleaned.
F:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP95\A0014910.exe -> Backdoor.Nethief.ah : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.ex e.vir -> Downloader.Bagle.gi : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP192\A0023157.exe -> Downloader.Bagle.gi : Cleaned.
C:\WINDOWS\system32\drivers\down\106281.exe -> Downloader.Bagle.gi : Cleaned.
C:\WINDOWS\system32\drivers\down\163609.exe -> Downloader.Bagle.gi : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccyyw.dl l.vir -> Downloader.ConHook.bg : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrpnn.dl l.vir -> Downloader.ConHook.bg : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\vturqoo.dl l.vir -> Downloader.ConHook.bg : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP192\A0023149.dll -> Downloader.ConHook.bg : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP192\A0023150.dll -> Downloader.ConHook.bg : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP192\A0023151.dll -> Downloader.ConHook.bg : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Setup(2).exe -> Downloader.IstBar : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3BA.tmp\ysb.dll -> Downloader.IstBar.pb : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP136\A0016738.dll -> Downloader.IstBar.pb : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Setup(4).exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP136\A0016787.exe -> Dropper.Mudrop.du : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP136\A0016788.exe -> Dropper.Mudrop.du : Cleaned.
C:\HJT\backups\backup-20080109-194509-110.dll -> Hijacker.Agent.oe : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP193\A0023969.dll -> Hijacker.Agent.oe : Cleaned.
C:\WINDOWS\system32\jkkjkij.dll -> Hijacker.Agent.oe : Cleaned.
C:\WINDOWS\system32\pmnlkif.dll -> Hijacker.Agent.oe : Cleaned.
C:\WINDOWS\system32\vturqon.dll -> Hijacker.Agent.oe : Cleaned.
C:\Program Files\iPod\ipod music\Pocket PC Programs april 2007.rar/Pocket PC Programs april 2007\Resco Keyboard Pro v4.35\keygen.exe -> Logger.ProAgent.t : Cleaned.
C:\QooBox\Quarantine\C\Program Files\ADSTechnology\ADSTechnology.dll.vir -> Not-A-Virus.Adware.Agent : Cleaned.
C:\QooBox\Quarantine\C\Program Files\ActivationManager\ActivationManager.dll.vir -> Not-A-Virus.Adware.Agent : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP192\A0023152.dll -> Not-A-Virus.Adware.Agent : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP192\A0023154.dll -> Not-A-Virus.Adware.Agent : Cleaned.
F:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Setup(6).exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Setup(5).exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
C:\Program Files\iPod\ipod music\McAfee QuickClean 2006(PC) cracke.exe -> Proxy.Horst.aag : Cleaned.
C:\Documents and Settings\user\Cookies\user@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.116:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
eitan
01-09-2008, 11:48 PM
post # 2
Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.191:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@borland.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@brightcove.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@semdirector.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3CF.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D0.tmp -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@bellglobemediapublishing.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@chumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@indigio.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@mattressusa.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@msnisrael.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@snapfish.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@torstardigital.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Local Settings\Temp\Cookies\gal eitan@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\Gal Eitan\Local Settings\Temp\Cookies\gal eitan@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@7search[2].txt -> TrackingCookie.7search : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@7search[1].txt -> TrackingCookie.7search : Cleaned.
C:\Documents and Settings\user\Cookies\user@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D3.tmp -> TrackingCookie.Adbrite : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\user\Cookies\user@rotator.dex.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\user\Cookies\user@thunderbolt.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ad.adnet[1].txt -> TrackingCookie.Adnet : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.328:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.329:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.330:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.331:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.332:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
eitan
01-09-2008, 11:51 PM
post # 3
3D4.tmp -> TrackingCookie.Adrevolver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D5.tmp -> TrackingCookie.Adrevolver : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.336:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.337:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.338:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Adserver : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.217:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y4euwcyw.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y4euwcyw.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y4euwcyw.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y4euwcyw.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y4euwcyw.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\user\Cookies\user@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D8.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D9.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3DA.tmp -> TrackingCookie.Advertising : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
F:\Documents and Settings\Gal Eitan\Local Settings\Temp\Cookies\gal eitan@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.86:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\user\Cookies\user@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\user\Cookies\user@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3DB.tmp -> TrackingCookie.Atdmt : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
F:\Documents and Settings\Gal Eitan\Local Settings\Temp\Cookies\gal eitan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.58:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\user\Cookies\user@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@bluemountain[2].txt -> TrackingCookie.Bluemountain : Cleaned.
:mozilla.149:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F3.tmp -> TrackingCookie.Bluestreak : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.387:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.388:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\user\Cookies\user@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F5.tmp -> TrackingCookie.Burstbeacon : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.121:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\user\Cookies\user@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F6.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F7.tmp -> TrackingCookie.Burstnet : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.13:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\user\Cookies\user@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F8.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> TrackingCookie.Casalemedia : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@switch5.castup[2].txt -> TrackingCookie.Castup : Cleaned.
:mozilla.386:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.389:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Centrport : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
eitan
01-09-2008, 11:52 PM
post #4
C:\Documents and Settings\user\Cookies\user@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\user\Cookies\user@clickbank[3].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\user\Cookies\user@clickbank[4].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\user\Cookies\user@clickbank[5].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\user\Cookies\user@clickbank[6].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F9.tmp -> TrackingCookie.Clickbank : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.482:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Co : Cleaned.
C:\Documents and Settings\user\Cookies\user@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.178:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\user\Cookies\user@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\user\Cookies\user@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\user\Cookies\user@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3FB.tmp -> TrackingCookie.Dealtime : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3FC.tmp -> TrackingCookie.Dealtime : Cleaned.
:mozilla.11:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3FD.tmp -> TrackingCookie.Doubleclick : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
G:\10G_DRIVE\Documents and Settings\GAL\Cookies\gal@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq400.tmp -> TrackingCookie.Enhance : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.646:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.647:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.649:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@e-2dj6wjliakcpoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\user\Cookies\user@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.430:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.92:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.598:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\user\Cookies\user@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq401.tmp -> TrackingCookie.Findwhat : Cleaned.
:mozilla.256:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.257:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.282:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.411:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.412:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.413:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.422:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.466:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.510:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.534:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.535:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.536:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.564:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.565:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.609:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.632:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
eitan
01-09-2008, 11:53 PM
post #5
C:\Documents and Settings\user\Cookies\user@ehg-eset.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@ehg-speakeasy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq402.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq403.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq404.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq405.tmp -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-acdsystems.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-aubuchonhardware.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-cartoonbank.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-meandaur.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-petrocanada.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-reddoorinteractive.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-rollins.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-shoppersdrugmart.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-trilegiant.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ehg-yellowpages.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.456:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.457:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.458:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.459:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.76:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.77:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@info[2].txt -> TrackingCookie.Info : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@web.info[1].txt -> TrackingCookie.Info : Cleaned.
:mozilla.78:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Information : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.165:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.166:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.167:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.247:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.248:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.494:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.496:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.539:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.602:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.104:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40B.tmp -> TrackingCookie.Mediaplex : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.79:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.80:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.83:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.100:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Need2find : Cleaned.
:mozilla.101:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Need2find : Cleaned.
:mozilla.102:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Need2find : Cleaned.
:mozilla.103:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Need2find : Cleaned.
C:\Documents and Settings\user\Cookies\user@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
eitan
01-09-2008, 11:54 PM
post #6
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.143:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.144:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.218:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.93:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.94:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@overture[2].txt -> TrackingCookie.Overture : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.151:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.152:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.153:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.155:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\user\Cookies\user@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.503:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.504:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.505:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.506:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\user\Cookies\user@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3FA.tmp -> TrackingCookie.Pro-market : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.426:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\user\Cookies\user@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq410.tmp -> TrackingCookie.Questionmarket : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.335:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.427:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.72:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.73:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.74:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.75:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\user\Cookies\user@real[2].txt -> TrackingCookie.Real : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@guide.real[1].txt -> TrackingCookie.Real : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@real[2].txt -> TrackingCookie.Real : Cleaned.
:mozilla.292:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.293:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.294:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.295:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.296:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\user\Cookies\user@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq411.tmp -> TrackingCookie.Realmedia : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.158:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.479:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\user\Cookies\user@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq413.tmp -> TrackingCookie.Revsci : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3FF.tmp -> TrackingCookie.Ru4 : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.27:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.28:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.29:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.30:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.31:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F4.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq414.tmp -> TrackingCookie.Serving-sys : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.124:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.107:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Spylog : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
eitan
01-09-2008, 11:55 PM
post #7
C:\Documents and Settings\user\Cookies\user@h.starware[12].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[20].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[23].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[3].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[4].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[5].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[6].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[7].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[8].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[9].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.402:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.403:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.404:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@statcounter[10].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@statcounter[4].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@statcounter[5].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@statcounter[6].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@statcounter[7].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@statcounter[9].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq415.tmp -> TrackingCookie.Statcounter : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq416.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq417.tmp -> TrackingCookie.Tacoda : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.651:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq418.tmp -> TrackingCookie.Tracking101 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41B.tmp -> TrackingCookie.Tradedoubler : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.22:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.23:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.19:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41C.tmp -> TrackingCookie.Tribalfusion : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@pmads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.480:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.481:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.137:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.138:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.139:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.423:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.9:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y4euwcyw.default\coo kies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\user\Cookies\user@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41E.tmp -> TrackingCookie.Webtrends : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.431:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\user\Cookies\user@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\user\Cookies\user@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41D.tmp -> TrackingCookie.Webtrendslive : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.169:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.17:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.204:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.205:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.85:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D2.tmp -> TrackingCookie.Yieldmanager : Cleaned.
eitan
01-09-2008, 11:56 PM
post #8
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.66:F:\Documents and Settings\Gal Eitan\Application Data\Mozilla\Firefox\Profiles\63tm2lhh.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\user\Cookies\user@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq421.tmp -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc63432.txt -> TrackingCookie.Zedo : Cleaned.
F:\Documents and Settings\Gal Eitan\Cookies\gal eitan@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
F:\Program Files\eMule\Incoming\-XvooM.co.il-תוכנה שברגע שפותחים אותה שולחת המון נשיקות במחשב מאוד יפה.exe -> Trojan.Delf.tm : Cleaned.
F:\System Volume Information\_restore{E5B3E635-619C-49E7-BDBB-ABB78EF60754}\RP559\A0850664.exe -> Trojan.Delf.tm : Cleaned.
F:\System Volume Information\_restore{E5B3E635-619C-49E7-BDBB-ABB78EF60754}\RP560\A0856703.scr -> Trojan.Delf.tm : Cleaned.
F:\System Volume Information\_restore{E5B3E635-619C-49E7-BDBB-ABB78EF60754}\RP566\A0868862.exe -> Trojan.Delf.tm : Cleaned.
F:\System Volume Information\_restore{E5B3E635-619C-49E7-BDBB-ABB78EF60754}\RP566\A0874674.scr -> Trojan.Delf.tm : Cleaned.
F:\WINDOWS\Kusje.scr -> Trojan.Delf.tm : Cleaned.
F:\Program Files\eMule\Incoming\Legal Forms Self-Incorporate, Financial Plan, Will & Trusts-All forms are Faxable, Printable & Interactive. Download Instantly.zip/Legal Forms Self-Incorporate, Financial Plan, Will & Trusts-All forms are Faxable, Printable & Interactive. Download Instantly.exe -> Trojan.Delf.ys : Cleaned.
C:\QooBox\Quarantine\C\Documents and Settings\user\Application Data\tmp13.tmp.exe.vir -> Trojan.Qhost.wu : Cleaned.
C:\QooBox\Quarantine\C\Documents and Settings\user\Application Data\tmp17.tmp.exe.vir -> Trojan.Qhost.wu : Cleaned.
C:\QooBox\Quarantine\C\Documents and Settings\user\Application Data\tmp3C.tmp.exe.vir -> Trojan.Qhost.wu : Cleaned.
C:\QooBox\Quarantine\C\Documents and Settings\user\Application Data\tmpFD.tmp.exe.vir -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP125\A0016084.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP125\A0016085.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP125\A0016086.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP130\A0016361.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP135\A0016544.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP138\A0017614.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP138\A0017615.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP140\A0017653.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP140\A0017654.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP147\A0020258.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP147\A0020259.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP147\A0020260.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP147\A0020261.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP192\A0023101.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP192\A0023106.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP192\A0023130.exe -> Trojan.Qhost.wu : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP192\A0023147.exe -> Trojan.Qhost.wu : Cleaned.
C:\Program Files\eMule\Incoming\ WinZip 10.0 crack-serial-keygen_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\Apwin32 firewall prototype raygold sexo sex drogas drugs pedo qwert lolita collection casero novia hermana ilegal_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\DivX.for.Windows.6.7_KEYGEN-FFF.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\DivX.for.Windows.6.7_KEYGEN-FFF_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\RegCure 1.5.0.0 Crack.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\RegCure 1.5.0.0 Crack_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\RegSweep.v4.2.Incl.Serial-TBE updated-fixed Release 01-2008.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\RegSweep.v4.2.Incl.Serial-TBE updated-fixed Release 01-2008_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\RegSweep.v4.2.Incl.Serial-TBE_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\Regcure Crack All Versions.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\Regcure Crack All Versions_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\Winzip_Registration_Code_Gene rator_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\regcure + crack.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\eMule\Incoming\regcure + crack_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\(Full Version) Regcure License Key 38.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\(Serial-Keygen-Crack)Microsoft Office 2003 Professional Edition Serial.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\AdWareAlert v3.6.4.0+Serial.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\AdwareAlert 3.6.6.5 Serial.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\AdwareAlert 3.6.6.5.exe -> Worm.VB.fc : Cleaned.
eitan
01-09-2008, 11:56 PM
post #9
C:\Program Files\iPod\ipod music\Adwarealert 3.6.6.6 + seriale.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Angle.Interactive.Registry.Defender.v3.1.4-HERiTAGE.[sharethefiles.com].exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Apwin32 firewall prototype raygold sexo sex drogas drugs pedo qwert lolita collection casero novia hermana ilegal_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Avast! Antivirus 4.6.691 Professional Edition Crack.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Blackberry Card Games Pack 1.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Blackberry Eoffice Installer 3.001.039 updated-fixed Release 05-2007.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Blackberry Pearl Themes.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Blackberry Software.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\EWallet 2.1 Keygen_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\EWallet.Desktop&Palm.Keygen.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Ectaco Language Support Hebrew For Pocket Pc.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Ectaco.Language.Support.Hebrew.for.Pocket.PC (1).exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Ewallet 5 + reg.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Ewallet V5.0 + SERIAL.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\File List Pro 9.1.46.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Handy_Weather_for_Pocket_PC_v2.02_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Htc Touch Theme.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Ilium Software eWallet 4.0.0.1102 (WinPC-PPC) Incl Keygen.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Ilium Software eWallet v5.0 for Ppc + Serial.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Ilium.Software.eWallet.Professional.v5.0.205 58.Incl.Desktop.XScale.WM2003.WM5.Cracked-SyMPDA.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Ilium.Software.eWallet.Professional.v5.0.205 58.Incl.Desktop.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Iliumsoftware Ewallet v5.0 Pc Ppc Regged-Hdf.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Internet Explorer Tools 0.9 (Crack).exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Kaspersky.Anti.Virus.Personal.v5.0.227.with. keys.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\List Pro 2.0.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\McAfee QuickClean 2006(PC) cracke_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\McGraw Hill - How To Do Everything With Your BlackBerry, 2nd Edition.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Memmaid 1.44 Pocket Pc With Keygen-Tsrh.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Microsoft Internet Explorer Tools for Pocket PCs.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Microsoft Money 2006 For Pocket Pc_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Microsoft Power Contacts for Pocket PCs_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Norton Disk Doctor 2006.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Norton_Systemworks_2006_Portable_Usb_Drive_E dition.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Pc Tools Spyware Doctor 5.1.0.272 Serial Xp Vista.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Phone tools for Pocket PC updated-fixed 01-2007.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Pocket Controller-Professional 4.12 Pocket Pc Tsrh.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Pocket PC - Retina WiFi Scanner (full).exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Pocket PC Installation Creator 2.1.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Pocket PC QTEK Software.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Pocket PC_Tetris_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Pocket Pc - 404 Themes For Windows Mobile 2005 By Joal.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Pocket Pc Airscanner Wifi Sniffer(1) Updated-Fixed 07-2006.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\RegCure 1.4 + Crack.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\RegCure 46 serial.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\RegCure PC Optimizer 1.0.0.43.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Regcure 1.2.0.4.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Regcure Crack All Versions.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Registry Defender 1.2.6.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Registry Defender 2007 3.1.4 Working Crack!!!(2).exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Registry Defender 2007 3.1.4 working CRACK!!!(1).exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Registry Defender 2007 3.1.4 working CRACK!!!(1)99999999.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Registry Defender 2007 3.1.4 working CRACK!!!.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Secured Downloading of HEBREW FOR HTC with new Secured Browser.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Secured Downloading of register defender with new Secured Browser.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Serial Activation Key(Keygen) For Norton Antivirus 2007.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Serial Keygen Crack Generator Norton 360 Updated-Fixed Release 03-2007.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Spb Diary 2.5.0 for Ppc + Serial.exe -> Worm.VB.fc : Cleaned.
eitan
01-09-2008, 11:57 PM
C:\Program Files\iPod\ipod music\Spb Pocket Plus v3.1.beta.PPC2002-WM5.+ Serial.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Spb Traveler 1.0 Serial.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Spb Wallet 1.564 Serial.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Spb.Sudoku_v1.1.part4.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Tomtom Navigator 6 Cracked.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\VodafoneNavigation-6.3.76-BlackBerry_8100_20061123.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\Wayfinder Blackberry Navigator-Java-8100-Wf Navigator-It.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\[POCKET PC] Windows Media Player 10 Mobile.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\antispan Share Accelerator.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\ccleaner_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\eWallet Professional 5.0.2.21698 &serial numbers.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\eWallet_Pro_v5.0_keygen.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\ewallet.pro.5.0.keygen-icu.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\htc Spb Brain Evolution 1.1 For Ppc Serial.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\htc touch.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\regcure_v.1.3.0.2_keygen_.exe -> Worm.VB.fc : Cleaned.
C:\Program Files\iPod\ipod music\spb full screen keyboard_v3.0.1 + serial.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58616.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58617.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58618.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58619.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58620.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58621.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58622.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58623.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58624.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58625.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58626.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58627.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58628.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58629.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58647.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58648.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58649.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58650.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58651.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58652.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58653.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58654.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58655.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58656.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58657.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58658.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58659.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58660.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58661.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58662.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58663.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58664.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58665.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58666.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58667.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58668.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58669.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58670.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58671.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58672.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58673.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58674.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58675.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58676.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58677.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58678.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58679.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58680.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58681.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58682.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58683.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58684.exe -> Worm.VB.fc : Cleaned.
eitan
01-09-2008, 11:58 PM
post #11
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58685.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58686.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58687.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58688.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58689.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58690.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58691.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58692.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58693.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58694.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58695.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58696.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58697.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58698.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58699.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58700.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58701.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58702.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58703.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58704.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58705.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58706.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58707.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58708.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58709.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58710.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58711.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58712.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58713.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58714.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58715.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58716.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58717.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58718.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58719.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58720.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58721.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58722.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58723.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58724.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58725.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58726.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58727.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58728.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58729.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58730.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58731.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58732.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58733.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58734.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58735.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58736.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58737.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58738.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58739.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58740.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58741.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58742.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58743.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58744.exe -> Worm.VB.fc : Cleaned.
eitan
01-09-2008, 11:59 PM
post#12
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58745.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58746.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58747.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58748.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58749.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58750.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58751.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58752.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58753.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58754.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58755.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58756.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58757.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58758.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58759.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58760.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58761.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58762.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58763.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58764.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58765.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58766.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58767.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58768.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58769.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58770.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58771.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58772.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58773.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58774.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58775.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58776.exe -> Worm.VB.fc : Cleaned.
C:\RECYCLER\S-1-5-21-602162358-861567501-725345543-1003\Dc58777.exe -> Worm.VB.fc : Cleaned.
C:\System Volume Information\_restore{C4EC8EAD-2E1E-4BD9-9857-F9912E13BAC2}\RP153\A0022523.exe -> Worm.VB.fc : Cleaned.
C:\WINDOWS\himem.exe -> Worm.VB.fc : Cleaned.
::Report end
eitan
01-10-2008, 12:19 AM
Hi
I am trying to follow your instaction (the second part) after install SDFIX
and run the PC in safe mode
I am choose the option "Safe mode" but the system is rebutting and going to the normal windows -tried more then one time and it not finishing the "safe mode"
Any solution?
classicsoftware
01-10-2008, 01:09 AM
For now:
USING INTERNET EXPLORER
* Click here (http://support.f-secure.com/enu/home/ols3.shtml) to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
Then click the F-Secure Online Scanner Next Generation Beta link.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.
Give me the F-Secure Report, a new HJT log and tell me how the system is running.
eitan
01-11-2008, 08:44 PM
Hi
Sorry for my respond (late) I didn't finish your last request I was busy at my work until late night hours
And decided to follow your last instruction on the weekend
I would like thank for your help -now the PC is running very well and I would like to ask if your last instruction to run the F Seure now or later
I have full confidence on you and respect all you instruction
classicsoftware
01-11-2008, 09:28 PM
You are probably not clean yet, please run the F-secure scan and give me the report and new Hijackthis log.
eitan
01-13-2008, 06:31 PM
Is any ather program can scan the PC on line?
F-secure can't finish the scanning on my PC I run that program 4 time and never finished (135000 files 2-3 hours) and I can see from the last scan he found 32 virus but can't run "Automatic cleaning" the PC stop "crash" and have errors massages kike:
- Error on program and the last time:
-run time error Program c:\\program files \internet explorer\explorer exe
Abormal program termination
And all the time I have to start AND run again F- secure this time I give up
HELP
classicsoftware
01-13-2008, 09:11 PM
Download a new copy of Combofix and post the results
eitan
01-14-2008, 08:46 PM
the new combofix post:
ComboFix 08-01-14.4 - user 2008-01-14 19:03:46.3 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.
2008-01-13 18:42 . 2008-01-13 18:42 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-13 18:42 . 2008-01-13 18:42 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-13 18:41 . 2008-01-13 18:41 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-13 18:41 . 2008-01-14 08:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-13 17:44 . 2008-01-13 18:17 <DIR> d-------- C:\kav
2008-01-12 15:38 . 2008-01-12 15:38 <DIR> d-------- C:\fsaua.data
2008-01-09 22:23 . 2008-01-09 22:23 1,207,893 --a------ C:\Program Files\SDFix.exe
2008-01-09 19:52 . 2008-01-09 19:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Grisoft
2008-01-09 19:52 . 2008-01-09 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-09 19:52 . 2008-01-09 19:52 14,113,576 --a------ C:\Program Files\avgas-setup-7.5.1.43-3339.exe
2008-01-09 19:52 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 08:01 . 2008-01-09 08:01 <DIR> d---s---- C:\WINDOWS\Cookies
2008-01-09 08:01 . 2007-11-04 18:54 <DIR> d-------- C:\Do
2008-01-08 21:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 18:42 . 2008-01-09 19:45 <DIR> d-------- C:\HJT
2008-01-08 00:09 . 2008-01-08 00:09 <DIR> d-------- C:\Program Files\Support Tools
2008-01-07 22:25 . 2008-01-07 22:33 <DIR> d-------- C:\Program Files\RegistryFix
2008-01-07 21:23 . 2008-01-07 21:23 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-01-07 20:44 . 2008-01-07 20:55 <DIR> d-------- C:\Documents and Settings\user\Application Data\HouseCall 6.6
2008-01-06 22:27 . 2008-01-07 18:30 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-06 22:25 . 2008-01-06 22:25 <DIR> d-------- C:\Documents and Settings\user\Application Data\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Program Files\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-01-06 14:29 . 2008-01-06 14:29 <DIR> d-------- C:\Program Files\SymplisIT
2008-01-06 13:20 . 2008-01-06 14:18 <DIR> d-------- C:\Program Files\RegCure
2008-01-06 12:57 . 2008-01-06 23:24 <DIR> d-------- C:\Program Files\Registry Defender
2008-01-06 09:12 . 2008-01-14 19:13 15,183,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-06 09:12 . 2008-01-14 08:14 193,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-06 09:12 . 2008-01-14 19:12 19,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-06 09:12 . 2008-01-14 08:14 2,492 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-06 08:03 . 2008-01-06 08:03 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-06 01:48 . 2008-01-06 14:59 40,776 ---hs---- C:\himem.ram
2008-01-06 01:27 . 2007-02-28 04:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-01-06 01:27 . 2007-02-28 04:10 2,180,352 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-06 00:31 . 2008-01-06 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-06 00:30 . 2008-01-07 22:19 365 --a------ C:\WINDOWS\Ya.com
2008-01-05 23:14 . 2001-07-28 07:37 650,208 --a------ C:\NDD.EXE
2008-01-05 23:14 . 2005-10-03 14:49 144,984 --a------ C:\n32dlist.dll
2008-01-05 23:14 . 2005-10-03 14:52 104,024 --a------ C:\lnkcom.dll
2008-01-05 23:14 . 2005-10-03 14:52 87,640 --a------ C:\mdscan.dll
2008-01-05 23:14 . 2005-10-03 14:48 75,352 --a------ C:\coregtst.dll
2008-01-05 23:14 . 2005-10-03 14:49 54,872 --a------ C:\ncomcat.dll
2008-01-05 23:14 . 2000-02-24 15:07 50,176 --a------ C:\csh.dll
2008-01-05 23:14 . 2005-10-03 14:49 34,392 --a------ C:\n32userl.dll
2008-01-05 23:14 . 2005-10-03 14:49 30,296 --a------ C:\eventlg.dll
2008-01-05 23:14 . 2000-06-07 18:47 8,192 --a------ C:\NDD32.DAT
2008-01-05 18:50 . 2008-01-05 18:50 <DIR> d-------- C:\Program Files\CCleaaner new
2008-01-05 18:07 . 2008-01-05 18:07 <DIR> d-------- C:\Documents and Settings\user\Application Data\Neotys
2008-01-05 18:04 . 2008-01-06 14:33 <DIR> d-------- C:\Program Files\Neoload
2008-01-05 17:12 . 2008-01-07 22:56 792,715 ---hs---- C:\WINDOWS\utsvyb.ini
2008-01-05 16:52 . 2004-08-04 00:56 290,816 --a------ C:\WINDOWS\system32\adsiis.dll
2008-01-05 16:52 . 2004-08-04 00:56 133,632 --a------ C:\WINDOWS\system32\iisRtl.dll
2008-01-05 16:52 . 2004-08-04 00:56 68,608 --a------ C:\WINDOWS\system32\iisext.dll
2008-01-05 16:52 . 2004-08-04 00:56 64,512 --a------ C:\WINDOWS\system32\iismap.dll
2008-01-05 16:52 . 2004-08-04 00:56 43,520 --a------ C:\WINDOWS\system32\admwprox.dll
2008-01-05 16:52 . 2004-08-04 00:56 14,336 --a------ C:\WINDOWS\system32\exstrace.dll
2008-01-05 16:52 . 2004-08-04 00:56 13,312 --a------ C:\WINDOWS\system32\infoadmn.dll
2008-01-05 16:52 . 2004-08-04 00:56 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll
2008-01-05 16:52 . 2004-08-04 00:56 9,728 --a------ C:\WINDOWS\system32\rwnh.dll
2008-01-05 16:52 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2008-01-05 16:50 . 2008-01-05 16:50 <DIR> d-------- C:\Inetpub
2008-01-04 22:51 . 2008-01-08 22:28 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-02 23:26 . 2008-01-11 07:47 244 --ah----- C:\sqmnoopt19.sqm
2008-01-02 23:26 . 2008-01-11 17:19 232 --ah----- C:\sqmdata19.sqm
2008-01-02 08:07 . 2008-01-14 07:18 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-02 07:42 . 2008-01-07 00:09 <DIR> d-------- C:\Program Files\AdwareAlert
2008-01-01 22:37 . 2008-01-01 22:38 <DIR> d-------- C:\Documents and Settings\user\Application Data\AdwareAlert
2008-01-01 22:37 . 2008-01-01 22:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PIE Service
2008-01-01 13:53 . 2008-01-11 07:47 268 --ah----- C:\sqmdata18.sqm
2008-01-01 13:53 . 2008-01-11 07:42 244 --ah----- C:\sqmnoopt18.sqm
2008-01-01 13:44 . 2008-01-09 22:00 1,368,504 ---hs---- C:\WINDOWS\ybehkj.ini
2008-01-01 09:23 . 2008-01-11 07:42 268 --ah----- C:\sqmdata17.sqm
2008-01-01 09:23 . 2008-01-13 18:47 244 --ah----- C:\sqmnoopt17.sqm
2008-01-01 09:15 . 2008-01-13 18:47 268 --ah----- C:\sqmdata16.sqm
2008-01-01 09:15 . 2008-01-13 18:43 244 --ah----- C:\sqmnoopt16.sqm
2007-12-29 20:33 . 2007-12-29 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ilium Software
2007-12-29 20:29 . 2007-12-29 20:29 <DIR> d-------- C:\Program Files\Ilium Software
2007-12-29 20:29 . 2007-12-29 20:29 <DIR> d-------- C:\Documents and Settings\user\Application Data\Ilium Software
2007-12-29 16:38 . 2008-01-13 18:43 268 --ah----- C:\sqmdata15.sqm
2007-12-29 16:38 . 2008-01-13 17:49 244 --ah----- C:\sqmnoopt15.sqm
2007-12-29 15:50 . 2008-01-13 17:49 268 --ah----- C:\sqmdata14.sqm
2007-12-29 15:50 . 2008-01-13 10:11 244 --ah----- C:\sqmnoopt14.sqm
2007-12-29 15:46 . 2007-12-29 15:46 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-12-29 12:29 . 2007-12-29 12:29 <DIR> d-------- C:\Program Files\DeepNight
2007-12-29 12:05 . 2007-12-29 12:07 <DIR> d-------- C:\Program Files\Spb Wallet
2007-12-28 19:55 . 2007-12-28 19:55 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-28 19:55 . 2007-12-28 19:55 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-28 07:46 . 2008-01-13 10:11 268 --ah----- C:\sqmdata13.sqm
2007-12-28 07:46 . 2008-01-11 17:41 244 --ah----- C:\sqmnoopt13.sqm
2007-12-28 07:22 . 2008-01-11 17:30 244 --ah----- C:\sqmnoopt12.sqm
2007-12-28 07:22 . 2008-01-11 17:41 232 --ah----- C:\sqmdata12.sqm
2007-12-27 23:27 . 2007-12-27 23:27 <DIR> d-------- C:\Program Files\MobiMate
2007-12-26 23:08 . 2007-12-26 23:08 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-26 22:41 . 2008-01-11 17:30 244 --ah----- C:\sqmnoopt11.sqm
2007-12-26 22:41 . 2008-01-11 17:30 232 --ah----- C:\sqmdata11.sqm
2007-12-26 22:36 . 2008-01-11 17:29 244 --ah----- C:\sqmnoopt10.sqm
2007-12-26 22:36 . 2008-01-11 17:30 232 --ah----- C:\sqmdata10.sqm
2007-12-26 21:41 . 2007-12-26 21:41 <DIR> d-------- C:\Ectaco
eitan
01-14-2008, 08:49 PM
post II:
..
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-14 23:48 --------- d-----w C:\Documents and Settings\user\Application Data\Skype
2008-01-14 16:12 --------- d-----w C:\Program Files\lx_cats
2008-01-12 21:54 --------- d-----w C:\Program Files\eMule
2008-01-10 00:48 --------- d-----w C:\Program Files\Multi_Media
2008-01-08 00:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-06 17:34 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-06 17:11 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-06 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-06 05:40 --------- d-----w C:\Program Files\Symantec
2008-01-06 00:33 --------- d-----w C:\Documents and Settings\user\Application Data\Babylon
2008-01-02 04:01 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-02 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-01-02 03:56 --------- d-----w C:\Program Files\Common Files\Research In Motion
2007-12-30 23:27 --------- d-----w C:\Program Files\MSECache
2007-12-29 20:46 --------- d-----w C:\Program Files\Yahoo!
2007-12-27 03:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 04:13 --------- d-----w C:\Documents and Settings\user\Application Data\Roxio
2007-12-24 03:50 10 ----a-w C:\Program Files\.autoreg
2007-12-19 12:40 256 ----a-w C:\Documents and Settings\user\pool.bin
2007-12-13 18:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-11 18:53 --------- d-----w C:\Documents and Settings\user\Application Data\dvdcss
2007-11-30 06:09 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:02 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-22 06:09 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-22 06:02 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-19 01:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2007-11-19 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-19 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-19 00:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-06-25 04:15 92,064 ----a-w C:\Documents and Settings\user\mqdmmdm.sys
2007-06-25 04:15 9,232 ----a-w C:\Documents and Settings\user\mqdmmdfl.sys
2007-06-25 04:15 79,328 ----a-w C:\Documents and Settings\user\mqdmserd.sys
2007-06-25 04:15 66,656 ----a-w C:\Documents and Settings\user\mqdmbus.sys
2007-06-25 04:15 6,208 ----a-w C:\Documents and Settings\user\mqdmcmnt.sys
2007-06-25 04:15 5,936 ----a-w C:\Documents and Settings\user\mqdmwhnt.sys
2007-06-25 04:15 4,048 ----a-w C:\Documents and Settings\user\mqdmcr.sys
2007-06-25 04:15 25,600 ----a-w C:\Documents and Settings\user\usbsermptxp.sys
2007-06-25 04:15 22,768 ----a-w C:\Documents and Settings\user\usbsermpt.sys
2007-02-27 23:33 1,488 ----a-w C:\Program Files\QuickTax 2006 Standard.lnk
2007-02-27 23:33 1,470 ----a-w C:\Program Files\QuickTax 2006 Help.lnk
2006-11-08 01:50 20,265,160 ----a-w C:\Program Files\GoogleEarthWinProSetup.exe
2006-09-01 10:32 3,169,768 ----a-w C:\Program Files\bab_ttsm.exe
2006-09-01 03:23 2,923,034 ----a-w C:\Program Files\Babylon_Hebrew_English.BGL
2006-09-01 03:21 6,997,210 ----a-w C:\Program Files\Babylon_English.BGL
2006-09-01 03:16 12,444,712 ----a-w C:\Program Files\eng_heb_eng.exe
2006-09-01 03:07 3,271,144 ----a-w C:\Program Files\Babylon50_setup.exe
2006-09-01 02:54 11,633,640 ----a-w C:\Program Files\Babylon6_setup_eng_eng_oxford.exe
2006-08-31 11:21 16,451,776 ----a-w C:\Program Files\GoogleEarthPro.exe
2006-08-31 10:55 710,672 ----a-w C:\Program Files\Radio_Israel.exe
2006-08-31 01:35 10,332,640 ----a-w C:\Program Files\SkypeSetup.exe
2003-01-02 17:01 53 ----a-w C:\Program Files\QUICKBOOKS PRO 2003 RETAIL.TXT
2002-11-18 14:05 201 ----a-w C:\Program Files\CD.DAT
2002-11-13 15:36 26,287 ----a-w C:\Program Files\LICENSE AGREEMENT.TXT
2002-11-04 14:39 5,071 ----a-w C:\Program Files\README.TXT
2002-09-27 17:03 40,960 ----a-w C:\Program Files\SETUP.EXE
2002-09-27 17:03 299,008 ----a-w C:\Program Files\AUTORUN.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{889EB3F6-F16B-4BC0-BC81-9C407C8A3240}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{B5146C40-189A-4311-BDA9-FBAE3E023187}
{1017A80C-6F09-4548-A84D-EDD6AC9525F0}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2913D3DD-9363-4C21-B205-C19A584A0674}
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1 ]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2913D3DD-9363-4C21-B205-C19A584A0674}"= C:\Program Files\Spb Wallet\SpbWalletToolbar.dll [2007-07-03 14:53 114688]
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1 ]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 02:06 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 02:06 86016]
"Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [2006-08-13 11:16 2441281]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48 286720]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 00:10 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-30 22:36 180269]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-13 15:43 1838592]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 16:46 709992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-04 17:34 282624]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 16:45 279912]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll" [2006-02-24 06:54 65536]
eitan
01-14-2008, 08:50 PM
POST iii:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
path=
backup=
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 16:24 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-01-11 02:08 577536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 16:45]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);C:\WINDOWS\system32\Drivers\grmn0200.sys [2006-02-20 13:25]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;C:\WINDOWS\system32\Drivers\grmn1200.sys [2005-12-12 16:27]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRI VERS\motccgpfl.sys [2007-01-23 18:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 16:04]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 14:18]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 22:00:03 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-12 13:25:55 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-01-14 19:12:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-01-14 19:16:51
ComboFix-quarantined-files.txt 2008-01-15 00:16:22
ComboFix2.txt 2008-01-09 03:11:19
.
2008-01-11 05:59:36 --- E O F ---
Softix
01-16-2008, 05:07 AM
If your attacked with virus run some AVG in it and if your files were lost run system restore. But I do think that you must need some firewall after you can restore back your system so you would be protected by virus
eitan
01-16-2008, 08:19 AM
Hi
Did you have time to check my last post ?
thanks
classicsoftware
01-16-2008, 08:24 AM
Hi
Did you have time to check my last post ?
thanks
Yes, I'll post a response later tonight....
classicsoftware
01-16-2008, 08:25 AM
If your attacked with virus run some AVG in it and if your files were lost run system restore. But I do think that you must need some firewall after you can restore back your system so you would be protected by virus
Softix:
Please do not post advice in threads that have to do with malware. Your advice can do more harm than good.
classicsoftware
01-17-2008, 08:37 PM
Sorry for the delay. I want you to unintsall XoftSpySE. Then post a fresh combofix log. Then I will work out a custom fox for your PC.
eitan
01-18-2008, 01:13 AM
Hi
I found a file by that name very small 244 k and tha file is describe at a
"xAutoUpdate.dll 4.8.0.0"
do you want me to delite it no uninstall(it's not a program)
classicsoftware
01-18-2008, 08:57 AM
Did you remove Xsoftspy as I asked? It appears to be a part of that...
eitan
01-18-2008, 11:12 PM
As i told you I can't found any program by that name ( can't uninstall)
I found a file "small file se my respond before I delite that file and later i will post a new combofix log
eitan
01-19-2008, 01:08 AM
ok it's the new post after delete the xsoftspy file and run anew combofix
I don't know but the Pc is runing very slow delay responding ......
post 1:
ComboFix 08-01-14.4 - user 2008-01-14 19:03:46.3 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.
2008-01-13 18:42 . 2008-01-13 18:42 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-13 18:42 . 2008-01-13 18:42 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-13 18:41 . 2008-01-13 18:41 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-13 18:41 . 2008-01-14 08:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-13 17:44 . 2008-01-13 18:17 <DIR> d-------- C:\kav
2008-01-12 15:38 . 2008-01-12 15:38 <DIR> d-------- C:\fsaua.data
2008-01-09 22:23 . 2008-01-09 22:23 1,207,893 --a------ C:\Program Files\SDFix.exe
2008-01-09 19:52 . 2008-01-09 19:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Grisoft
2008-01-09 19:52 . 2008-01-09 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-09 19:52 . 2008-01-09 19:52 14,113,576 --a------ C:\Program Files\avgas-setup-7.5.1.43-3339.exe
2008-01-09 19:52 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 08:01 . 2008-01-09 08:01 <DIR> d---s---- C:\WINDOWS\Cookies
2008-01-09 08:01 . 2007-11-04 18:54 <DIR> d-------- C:\Do
2008-01-08 21:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 18:42 . 2008-01-09 19:45 <DIR> d-------- C:\HJT
2008-01-08 00:09 . 2008-01-08 00:09 <DIR> d-------- C:\Program Files\Support Tools
2008-01-07 22:25 . 2008-01-07 22:33 <DIR> d-------- C:\Program Files\RegistryFix
2008-01-07 21:23 . 2008-01-07 21:23 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-01-07 20:44 . 2008-01-07 20:55 <DIR> d-------- C:\Documents and Settings\user\Application Data\HouseCall 6.6
2008-01-06 22:27 . 2008-01-07 18:30 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-06 22:25 . 2008-01-06 22:25 <DIR> d-------- C:\Documents and Settings\user\Application Data\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Program Files\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-01-06 22:24 . 2008-01-06 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-01-06 14:29 . 2008-01-06 14:29 <DIR> d-------- C:\Program Files\SymplisIT
2008-01-06 13:20 . 2008-01-06 14:18 <DIR> d-------- C:\Program Files\RegCure
2008-01-06 12:57 . 2008-01-06 23:24 <DIR> d-------- C:\Program Files\Registry Defender
2008-01-06 09:12 . 2008-01-14 19:13 15,183,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-06 09:12 . 2008-01-14 08:14 193,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-06 09:12 . 2008-01-14 19:12 19,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-06 09:12 . 2008-01-14 08:14 2,492 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-06 08:03 . 2008-01-06 08:03 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-06 01:48 . 2008-01-06 14:59 40,776 ---hs---- C:\himem.ram
2008-01-06 01:27 . 2007-02-28 04:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-01-06 01:27 . 2007-02-28 04:10 2,180,352 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-06 00:31 . 2008-01-06 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-06 00:30 . 2008-01-07 22:19 365 --a------ C:\WINDOWS\Ya.com
2008-01-05 23:14 . 2001-07-28 07:37 650,208 --a------ C:\NDD.EXE
2008-01-05 23:14 . 2005-10-03 14:49 144,984 --a------ C:\n32dlist.dll
2008-01-05 23:14 . 2005-10-03 14:52 104,024 --a------ C:\lnkcom.dll
2008-01-05 23:14 . 2005-10-03 14:52 87,640 --a------ C:\mdscan.dll
2008-01-05 23:14 . 2005-10-03 14:48 75,352 --a------ C:\coregtst.dll
2008-01-05 23:14 . 2005-10-03 14:49 54,872 --a------ C:\ncomcat.dll
2008-01-05 23:14 . 2000-02-24 15:07 50,176 --a------ C:\csh.dll
2008-01-05 23:14 . 2005-10-03 14:49 34,392 --a------ C:\n32userl.dll
2008-01-05 23:14 . 2005-10-03 14:49 30,296 --a------ C:\eventlg.dll
2008-01-05 23:14 . 2000-06-07 18:47 8,192 --a------ C:\NDD32.DAT
2008-01-05 18:50 . 2008-01-05 18:50 <DIR> d-------- C:\Program Files\CCleaaner new
2008-01-05 18:07 . 2008-01-05 18:07 <DIR> d-------- C:\Documents and Settings\user\Application Data\Neotys
2008-01-05 18:04 . 2008-01-06 14:33 <DIR> d-------- C:\Program Files\Neoload
2008-01-05 17:12 . 2008-01-07 22:56 792,715 ---hs---- C:\WINDOWS\utsvyb.ini
2008-01-05 16:52 . 2004-08-04 00:56 290,816 --a------ C:\WINDOWS\system32\adsiis.dll
2008-01-05 16:52 . 2004-08-04 00:56 133,632 --a------ C:\WINDOWS\system32\iisRtl.dll
2008-01-05 16:52 . 2004-08-04 00:56 68,608 --a------ C:\WINDOWS\system32\iisext.dll
2008-01-05 16:52 . 2004-08-04 00:56 64,512 --a------ C:\WINDOWS\system32\iismap.dll
2008-01-05 16:52 . 2004-08-04 00:56 43,520 --a------ C:\WINDOWS\system32\admwprox.dll
2008-01-05 16:52 . 2004-08-04 00:56 14,336 --a------ C:\WINDOWS\system32\exstrace.dll
2008-01-05 16:52 . 2004-08-04 00:56 13,312 --a------ C:\WINDOWS\system32\infoadmn.dll
2008-01-05 16:52 . 2004-08-04 00:56 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll
2008-01-05 16:52 . 2004-08-04 00:56 9,728 --a------ C:\WINDOWS\system32\rwnh.dll
2008-01-05 16:52 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2008-01-05 16:50 . 2008-01-05 16:50 <DIR> d-------- C:\Inetpub
2008-01-04 22:51 . 2008-01-08 22:28 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-02 23:26 . 2008-01-11 07:47 244 --ah----- C:\sqmnoopt19.sqm
2008-01-02 23:26 . 2008-01-11 17:19 232 --ah----- C:\sqmdata19.sqm
2008-01-02 08:07 . 2008-01-14 07:18 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-02 07:42 . 2008-01-07 00:09 <DIR> d-------- C:\Program Files\AdwareAlert
2008-01-01 22:37 . 2008-01-01 22:38 <DIR> d-------- C:\Documents and Settings\user\Application Data\AdwareAlert
2008-01-01 22:37 . 2008-01-01 22:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PIE Service
2008-01-01 13:53 . 2008-01-11 07:47 268 --ah----- C:\sqmdata18.sqm
2008-01-01 13:53 . 2008-01-11 07:42 244 --ah----- C:\sqmnoopt18.sqm
2008-01-01 13:44 . 2008-01-09 22:00 1,368,504 ---hs---- C:\WINDOWS\ybehkj.ini
2008-01-01 09:23 . 2008-01-11 07:42 268 --ah----- C:\sqmdata17.sqm
2008-01-01 09:23 . 2008-01-13 18:47 244 --ah----- C:\sqmnoopt17.sqm
2008-01-01 09:15 . 2008-01-13 18:47 268 --ah----- C:\sqmdata16.sqm
2008-01-01 09:15 . 2008-01-13 18:43 244 --ah----- C:\sqmnoopt16.sqm
2007-12-29 20:33 . 2007-12-29 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ilium Software
2007-12-29 20:29 . 2007-12-29 20:29 <DIR> d-------- C:\Program Files\Ilium Software
2007-12-29 20:29 . 2007-12-29 20:29 <DIR> d-------- C:\Documents and Settings\user\Application Data\Ilium Software
2007-12-29 16:38 . 2008-01-13 18:43 268 --ah----- C:\sqmdata15.sqm
2007-12-29 16:38 . 2008-01-13 17:49 244 --ah----- C:\sqmnoopt15.sqm
2007-12-29 15:50 . 2008-01-13 17:49 268 --ah----- C:\sqmdata14.sqm
2007-12-29 15:50 . 2008-01-13 10:11 244 --ah----- C:\sqmnoopt14.sqm
2007-12-29 15:46 . 2007-12-29 15:46 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-12-29 12:29 . 2007-12-29 12:29 <DIR> d-------- C:\Program Files\DeepNight
2007-12-29 12:05 . 2007-12-29 12:07 <DIR> d-------- C:\Program Files\Spb Wallet
2007-12-28 19:55 . 2007-12-28 19:55 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-28 19:55 . 2007-12-28 19:55 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-28 07:46 . 2008-01-13 10:11 268 --ah----- C:\sqmdata13.sqm
2007-12-28 07:46 . 2008-01-11 17:41 244 --ah----- C:\sqmnoopt13.sqm
2007-12-28 07:22 . 2008-01-11 17:30 244 --ah----- C:\sqmnoopt12.sqm
2007-12-28 07:22 . 2008-01-11 17:41 232 --ah----- C:\sqmdata12.sqm
2007-12-27 23:27 . 2007-12-27 23:27 <DIR> d-------- C:\Program Files\MobiMate
2007-12-26 23:08 . 2007-12-26 23:08 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-26 22:41 . 2008-01-11 17:30 244 --ah----- C:\sqmnoopt11.sqm
2007-12-26 22:41 . 2008-01-11 17:30 232 --ah----- C:\sqmdata11.sqm
2007-12-26 22:36 . 2008-01-11 17:29 244 --ah----- C:\sqmnoopt10.sqm
2007-12-26 22:36 . 2008-01-11 17:30 232 --ah----- C:\sqmdata10.sqm
2007-12-26 21:41 . 2007-12-26 21:41 <DIR> d-------- C:\Ectaco
eitan
01-19-2008, 01:11 AM
post 2:
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-14 23:48 --------- d-----w C:\Documents and Settings\user\Application Data\Skype
2008-01-14 16:12 --------- d-----w C:\Program Files\lx_cats
2008-01-12 21:54 --------- d-----w C:\Program Files\eMule
2008-01-10 00:48 --------- d-----w C:\Program Files\Multi_Media
2008-01-08 00:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-06 17:34 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-06 17:11 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-06 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-06 05:40 --------- d-----w C:\Program Files\Symantec
2008-01-06 00:33 --------- d-----w C:\Documents and Settings\user\Application Data\Babylon
2008-01-02 04:01 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-02 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-01-02 03:56 --------- d-----w C:\Program Files\Common Files\Research In Motion
2007-12-30 23:27 --------- d-----w C:\Program Files\MSECache
2007-12-29 20:46 --------- d-----w C:\Program Files\Yahoo!
2007-12-27 03:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 04:13 --------- d-----w C:\Documents and Settings\user\Application Data\Roxio
2007-12-24 03:50 10 ----a-w C:\Program Files\.autoreg
2007-12-19 12:40 256 ----a-w C:\Documents and Settings\user\pool.bin
2007-12-13 18:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-11 18:53 --------- d-----w C:\Documents and Settings\user\Application Data\dvdcss
2007-11-30 06:09 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:02 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-22 06:09 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-22 06:02 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-19 01:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2007-11-19 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-19 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-19 00:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-06-25 04:15 92,064 ----a-w C:\Documents and Settings\user\mqdmmdm.sys
2007-06-25 04:15 9,232 ----a-w C:\Documents and Settings\user\mqdmmdfl.sys
2007-06-25 04:15 79,328 ----a-w C:\Documents and Settings\user\mqdmserd.sys
2007-06-25 04:15 66,656 ----a-w C:\Documents and Settings\user\mqdmbus.sys
2007-06-25 04:15 6,208 ----a-w C:\Documents and Settings\user\mqdmcmnt.sys
2007-06-25 04:15 5,936 ----a-w C:\Documents and Settings\user\mqdmwhnt.sys
2007-06-25 04:15 4,048 ----a-w C:\Documents and Settings\user\mqdmcr.sys
2007-06-25 04:15 25,600 ----a-w C:\Documents and Settings\user\usbsermptxp.sys
2007-06-25 04:15 22,768 ----a-w C:\Documents and Settings\user\usbsermpt.sys
2007-02-27 23:33 1,488 ----a-w C:\Program Files\QuickTax 2006 Standard.lnk
2007-02-27 23:33 1,470 ----a-w C:\Program Files\QuickTax 2006 Help.lnk
2006-11-08 01:50 20,265,160 ----a-w C:\Program Files\GoogleEarthWinProSetup.exe
2006-09-01 10:32 3,169,768 ----a-w C:\Program Files\bab_ttsm.exe
2006-09-01 03:23 2,923,034 ----a-w C:\Program Files\Babylon_Hebrew_English.BGL
2006-09-01 03:21 6,997,210 ----a-w C:\Program Files\Babylon_English.BGL
2006-09-01 03:16 12,444,712 ----a-w C:\Program Files\eng_heb_eng.exe
2006-09-01 03:07 3,271,144 ----a-w C:\Program Files\Babylon50_setup.exe
2006-09-01 02:54 11,633,640 ----a-w C:\Program Files\Babylon6_setup_eng_eng_oxford.exe
2006-08-31 11:21 16,451,776 ----a-w C:\Program Files\GoogleEarthPro.exe
2006-08-31 10:55 710,672 ----a-w C:\Program Files\Radio_Israel.exe
2006-08-31 01:35 10,332,640 ----a-w C:\Program Files\SkypeSetup.exe
2003-01-02 17:01 53 ----a-w C:\Program Files\QUICKBOOKS PRO 2003 RETAIL.TXT
2002-11-18 14:05 201 ----a-w C:\Program Files\CD.DAT
2002-11-13 15:36 26,287 ----a-w C:\Program Files\LICENSE AGREEMENT.TXT
2002-11-04 14:39 5,071 ----a-w C:\Program Files\README.TXT
2002-09-27 17:03 40,960 ----a-w C:\Program Files\SETUP.EXE
2002-09-27 17:03 299,008 ----a-w C:\Program Files\AUTORUN.EXE
.
eitan
01-19-2008, 01:11 AM
post 3:
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{889EB3F6-F16B-4BC0-BC81-9C407C8A3240}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{B5146C40-189A-4311-BDA9-FBAE3E023187}
{1017A80C-6F09-4548-A84D-EDD6AC9525F0}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2913D3DD-9363-4C21-B205-C19A584A0674}
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1 ]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2913D3DD-9363-4C21-B205-C19A584A0674}"= C:\Program Files\Spb Wallet\SpbWalletToolbar.dll [2007-07-03 14:53 114688]
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1 ]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 02:06 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 02:06 86016]
"Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [2006-08-13 11:16 2441281]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48 286720]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 00:10 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-30 22:36 180269]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-13 15:43 1838592]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 16:46 709992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-04 17:34 282624]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 16:45 279912]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll" [2006-02-24 06:54 65536]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
path=
backup=
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 16:24 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-01-11 02:08 577536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 16:45]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);C:\WINDOWS\system32\Drivers\grmn0200.sys [2006-02-20 13:25]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;C:\WINDOWS\system32\Drivers\grmn1200.sys [2005-12-12 16:27]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRI VERS\motccgpfl.sys [2007-01-23 18:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 16:04]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 14:18]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 22:00:03 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-12 13:25:55 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-01-14 19:12:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-01-14 19:16:51
ComboFix-quarantined-files.txt 2008-01-15 00:16:22
ComboFix2.txt 2008-01-09 03:11:19
.
2008-01-11 05:59:36 --- E O F ---
eitan
01-23-2008, 11:50 PM
Hi
As any chance (I know you busy)that you can take a look on my last post
Thanks
classicsoftware
01-24-2008, 12:57 AM
You have a real mess here:
Uninstall Reg cure
Open Notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\utsvyb.ini
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt12.sqm
C:\sqmdata12.sqm
C:\sqmnoopt11.sqm
C:\sqmdata11.sqm
C:\sqmnoopt10.sqm
C:\sqmdata10.sqm
Folder::
C:\Program Files\XoftSpySE
C:\Documents and Settings\user\Application Data\ParetoLogic
C:\Program Files\ParetoLogic
C:\Program Files\Common Files\ParetoLogic
C:\Documents and Settings\All Users\Application Data\Downloaded Installations
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Referring to the picture above, drag CFScript.txt into ComboFix.exe
Post the log in your next response... We'll see if this clears most of it out...
eitan
01-24-2008, 11:14 PM
Hi
the new post after copy the CFSCRIPT.TXT to Combofix ( after uninstall
Reg cure)
POST 1:
ComboFix 08-01-23.2 - user 2008-01-24 21:27:20.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.972.1033.18.126 [GMT -5:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\WINDOWS\utsvyb.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\WINDOWS\utsvyb.ini
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Downloaded Installations
C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{B41F39A6-FD43-4EA4-8693-6678110401DD}\ParetoLogic Privacy Controls.msi
C:\Documents and Settings\user\Application Data\ParetoLogic
C:\Program Files\Common Files\ParetoLogic
C:\Program Files\Common Files\ParetoLogic\UUS2\Images\Logo.png
C:\Program Files\Common Files\ParetoLogic\UUS2\LiteUnzip.dll
C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
C:\Program Files\Common Files\ParetoLogic\UUS2\ParetoLogic Update.chm
C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
C:\Program Files\ParetoLogic
C:\Program Files\ParetoLogic\Privacy Controls\html\0_days.htm
C:\Program Files\ParetoLogic\Privacy Controls\html\1_days.htm
C:\Program Files\ParetoLogic\Privacy Controls\html\15_days.htm
C:\Program Files\ParetoLogic\Privacy Controls\html\2_days.htm
C:\Program Files\ParetoLogic\Privacy Controls\html\30_days.htm
C:\Program Files\ParetoLogic\Privacy Controls\html\5_days.htm
C:\Program Files\ParetoLogic\Privacy Controls\html\email.htm
C:\Program Files\ParetoLogic\Privacy Controls\html\images\10x10.gif
C:\Program Files\ParetoLogic\Privacy Controls\html\images\10x10tile.gif
C:\Program Files\ParetoLogic\Privacy Controls\html\images\contentwrapper.gif
C:\Program Files\ParetoLogic\Privacy Controls\html\images\footerbarfill.gif
C:\Program Files\ParetoLogic\Privacy Controls\html\images\info_bubble.jpg
C:\Program Files\ParetoLogic\Privacy Controls\html\images\privacycontrols2.jpg
C:\Program Files\ParetoLogic\Privacy Controls\html\images\tile_footerbarbase.jpg
C:\Program Files\ParetoLogic\Privacy Controls\html\images\tile_titlebarbase.jpg
C:\Program Files\ParetoLogic\Privacy Controls\html\images\tile_titlebarend.jpg
C:\Program Files\ParetoLogic\Privacy Controls\html\images\tile_titlebarfloat.jpg
C:\Program Files\ParetoLogic\Privacy Controls\html\main.css
C:\Program Files\ParetoLogic\Privacy Controls\images\about-large.png
C:\Program Files\ParetoLogic\Privacy Controls\images\about-small.png
C:\Program Files\ParetoLogic\Privacy Controls\images\AppTitle.png
C:\Program Files\ParetoLogic\Privacy Controls\images\arrow.png
C:\Program Files\ParetoLogic\Privacy Controls\images\bg.png
C:\Program Files\ParetoLogic\Privacy Controls\images\close.png
C:\Program Files\ParetoLogic\Privacy Controls\images\dummy_small.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0001.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0002.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0003.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0004.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0005.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0006.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0007.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0008.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0009.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0010.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0011.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0012.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0013.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0014.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0015.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0016.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0017.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0018.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0019.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0020.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0021.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0022.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0023.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0024.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0025.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0026.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0027.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0028.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0029.png
C:\Program Files\ParetoLogic\Privacy Controls\images\erase0030.png
C:\Program Files\ParetoLogic\Privacy Controls\images\Intro.png
C:\Program Files\ParetoLogic\Privacy Controls\images\Logo.png
C:\Program Files\ParetoLogic\Privacy Controls\images\max-g.png
C:\Program Files\ParetoLogic\Privacy Controls\images\max.png
C:\Program Files\ParetoLogic\Privacy Controls\images\min-g.png
C:\Program Files\ParetoLogic\Privacy Controls\images\min.png
C:\Program Files\ParetoLogic\Privacy Controls\images\nav-about-lg.png
C:\Program Files\ParetoLogic\Privacy Controls\images\nav-scan-lg.png
C:\Program Files\ParetoLogic\Privacy Controls\images\nav-settings-lg.png
C:\Program Files\ParetoLogic\Privacy Controls\images\nav-shred-lg.png
C:\Program Files\ParetoLogic\Privacy Controls\images\privacycontrols_logo.png
C:\Program Files\ParetoLogic\Privacy Controls\images\saw.png
C:\Program Files\ParetoLogic\Privacy Controls\images\scan-categories.png
eitan
01-24-2008, 11:15 PM
POST 2
C:\Program Files\ParetoLogic\Privacy Controls\images\scan-large.png
C:\Program Files\ParetoLogic\Privacy Controls\images\scan-small.png
C:\Program Files\ParetoLogic\Privacy Controls\images\scan-splash.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0001.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0002.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0003.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0004.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0005.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0006.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0007.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0008.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0009.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0010.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0011.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0012.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0013.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0014.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0015.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0016.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0017.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0018.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0019.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0020.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0021.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0022.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0023.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0024.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0025.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0026.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0027.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0028.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0029.png
C:\Program Files\ParetoLogic\Privacy Controls\images\search0030.png
C:\Program Files\ParetoLogic\Privacy Controls\images\settings-large.png
C:\Program Files\ParetoLogic\Privacy Controls\images\settings-small.png
C:\Program Files\ParetoLogic\Privacy Controls\images\shred-large.png
C:\Program Files\ParetoLogic\Privacy Controls\images\shred-small.png
C:\Program Files\ParetoLogic\Privacy Controls\Pareto_PC.exe
C:\Program Files\ParetoLogic\Privacy Controls\Pareto_PC.ico
C:\Program Files\ParetoLogic\Privacy Controls\ParetoLogic PrivacyControls.chm
C:\Program Files\ParetoLogic\Privacy Controls\resources.dll
C:\Program Files\ParetoLogic\Privacy Controls\settings.xml
C:\Program Files\ParetoLogic\Privacy Controls\UNS.xml
C:\Program Files\ParetoLogic\Privacy Controls\Update.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.
2008-01-24 08:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-13 18:42 . 2008-01-13 18:42 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-13 18:42 . 2008-01-13 18:42 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-13 18:41 . 2008-01-13 18:41 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-13 17:44 . 2008-01-13 18:17 <DIR> d-------- C:\kav
2008-01-12 15:38 . 2008-01-12 15:38 <DIR> d-------- C:\fsaua.data
2008-01-09 22:23 . 2008-01-09 22:23 1,207,893 --a------ C:\Program Files\SDFix.exe
2008-01-09 19:52 . 2008-01-09 19:52 14,113,576 --a------ C:\Program Files\avgas-setup-7.5.1.43-3339.exe
2008-01-09 19:52 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 08:01 . 2008-01-09 08:01 <DIR> d---s---- C:\WINDOWS\Cookies
2008-01-09 08:01 . 2007-11-04 18:54 <DIR> d-------- C:\Do
2008-01-08 18:42 . 2008-01-18 23:52 <DIR> d-------- C:\HJT
2008-01-08 00:09 . 2008-01-08 00:09 <DIR> d-------- C:\Program Files\Support Tools
2008-01-07 22:25 . 2008-01-07 22:33 <DIR> d-------- C:\Program Files\RegistryFix
2008-01-07 21:23 . 2008-01-07 21:23 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-01-06 14:29 . 2008-01-06 14:29 <DIR> d-------- C:\Program Files\SymplisIT
2008-01-06 12:57 . 2008-01-06 23:24 <DIR> d-------- C:\Program Files\Registry Defender
2008-01-06 09:12 . 2008-01-24 21:37 34,736,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-06 09:12 . 2008-01-24 19:49 467,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-06 09:12 . 2008-01-24 21:36 144,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-06 09:12 . 2008-01-24 19:49 17,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-06 08:03 . 2008-01-06 08:03 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-06 01:48 . 2008-01-06 14:59 40,776 ---hs---- C:\himem.ram
2008-01-06 01:27 . 2007-02-28 04:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-01-06 01:27 . 2007-02-28 04:10 2,180,352 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-06 00:30 . 2008-01-07 22:19 365 --a------ C:\WINDOWS\Ya.com
2008-01-05 23:14 . 2001-07-28 07:37 650,208 --a------ C:\NDD.EXE
2008-01-05 23:14 . 2005-10-03 14:49 144,984 --a------ C:\n32dlist.dll
2008-01-05 23:14 . 2005-10-03 14:52 104,024 --a------ C:\lnkcom.dll
2008-01-05 23:14 . 2005-10-03 14:52 87,640 --a------ C:\mdscan.dll
2008-01-05 23:14 . 2005-10-03 14:48 75,352 --a------ C:\coregtst.dll
2008-01-05 23:14 . 2005-10-03 14:49 54,872 --a------ C:\ncomcat.dll
2008-01-05 23:14 . 2000-02-24 15:07 50,176 --a------ C:\csh.dll
2008-01-05 23:14 . 2005-10-03 14:49 34,392 --a------ C:\n32userl.dll
2008-01-05 23:14 . 2005-10-03 14:49 30,296 --a------ C:\eventlg.dll
2008-01-05 23:14 . 2000-06-07 18:47 8,192 --a------ C:\NDD32.DAT
2008-01-05 18:50 . 2008-01-05 18:50 <DIR> d-------- C:\Program Files\CCleaaner new
2008-01-05 18:04 . 2008-01-06 14:33 <DIR> d-------- C:\Program Files\Neoload
2008-01-05 16:52 . 2004-08-04 00:56 290,816 --a------ C:\WINDOWS\system32\adsiis.dll
2008-01-05 16:52 . 2004-08-04 00:56 133,632 --a------ C:\WINDOWS\system32\iisRtl.dll
2008-01-05 16:52 . 2004-08-04 00:56 68,608 --a------ C:\WINDOWS\system32\iisext.dll
2008-01-05 16:52 . 2004-08-04 00:56 64,512 --a------ C:\WINDOWS\system32\iismap.dll
2008-01-05 16:52 . 2004-08-04 00:56 43,520 --a------ C:\WINDOWS\system32\admwprox.dll
2008-01-05 16:52 . 2004-08-04 00:56 14,336 --a------ C:\WINDOWS\system32\exstrace.dll
2008-01-05 16:52 . 2004-08-04 00:56 13,312 --a------ C:\WINDOWS\system32\infoadmn.dll
2008-01-05 16:52 . 2004-08-04 00:56 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll
2008-01-05 16:52 . 2004-08-04 00:56 9,728 --a------ C:\WINDOWS\system32\rwnh.dll
2008-01-05 16:52 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2008-01-05 16:50 . 2008-01-05 16:50 <DIR> d-------- C:\Inetpub
2008-01-04 22:51 . 2008-01-08 22:28 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-02 23:26 . 2008-01-17 19:34 268 --ah----- C:\sqmdata19.sqm
2008-01-02 23:26 . 2008-01-14 19:30 244 --ah----- C:\sqmnoopt19.sqm
2008-01-02 08:07 . 2008-01-14 07:18 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-02 07:42 . 2008-01-07 00:09 <DIR> d-------- C:\Program Files\AdwareAlert
2008-01-01 13:53 . 2008-01-14 19:30 268 --ah----- C:\sqmdata18.sqm
2008-01-01 13:53 . 2008-01-14 19:26 244 --ah----- C:\sqmnoopt18.sqm
2008-01-01 13:44 . 2008-01-09 22:00 1,368,504 ---hs---- C:\WINDOWS\ybehkj.ini
2008-01-01 09:23 . 2008-01-14 19:26 268 --ah----- C:\sqmdata17.sqm
2008-01-01 09:23 . 2008-01-13 18:47 244 --ah----- C:\sqmnoopt17.sqm
2008-01-01 09:15 . 2008-01-13 18:47 268 --ah----- C:\sqmdata16.sqm
2008-01-01 09:15 . 2008-01-13 18:43 244 --ah----- C:\sqmnoopt16.sqm
2007-12-29 20:29 . 2007-12-29 20:29 <DIR> d-------- C:\Program Files\Ilium Software
2007-12-29 15:46 . 2007-12-29 15:46 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-12-29 12:29 . 2007-12-29 12:29 <DIR> d-------- C:\Program Files\DeepNight
2007-12-29 12:05 . 2007-12-29 12:07 <DIR> d-------- C:\Program Files\Spb Wallet
2007-12-28 19:55 . 2008-01-17 19:59 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-28 19:55 . 2008-01-17 19:59 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-27 23:27 . 2007-12-27 23:27 <DIR> d-------- C:\Program Files\MobiMate
2007-12-26 23:08 . 2007-12-26 23:08 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-26 21:41 . 2007-12-26 21:41 <DIR> d-------- C:\Ectaco
2007-12-26 13:17 . 2007-12-28 19:41 <DIR> d-------- C:\Program Files\Applian
2007-12-26 13:17 . 2007-12-26 13:24 286,720 --a------ C:\WINDOWS\iun506.exe
2007-12-26 13:15 . 2007-12-26 13:15 <DIR> d-------- C:\Program Files\Pocket CurEx
2007-12-26 10:53 . 2007-12-26 10:53 <DIR> d-------- C:\WINDOWS\ASTULogTemp
2007-12-26 10:53 . 2007-12-30 19:21 93,232 --a------ C:\WINDOWS\system32\ASTULog.cab
2007-12-26 10:53 . 2007-12-30 19:21 1,049 --a------ C:\WINDOWS\system32\setup.inf
2007-12-26 10:53 . 2007-12-30 19:21 283 --a------ C:\WINDOWS\system32\setup.rpt
2007-12-26 10:35 . 2008-01-11 17:29 244 --ah----- C:\sqmnoopt09.sqm
2007-12-26 10:35 . 2008-01-11 17:29 232 --ah----- C:\sqmdata09.sqm
2007-12-26 09:55 . 2007-12-26 09:55 <DIR> d-------- C:\Program Files\Windows Mobile Device Handbook
2007-12-26 09:24 . 2007-12-26 09:24 <DIR> d-------- C:\HTC]support hebrew
2007-12-25 20:52 . 2007-12-29 12:25 <DIR> d-------- C:\HTC WIFI SNIFFER
2007-12-25 19:30 . 2007-12-25 19:30 <DIR> d-------- C:\Program Files\Paragon Software
2007-12-25 19:27 . 2000-07-17 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
eitan
01-24-2008, 11:18 PM
POST 3:
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-25 01:00 --------- d-----w C:\Program Files\lx_cats
2008-01-20 00:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-18 00:30 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-12 21:54 --------- d-----w C:\Program Files\eMule
2008-01-10 00:48 --------- d-----w C:\Program Files\Multi_Media
2008-01-08 00:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-06 17:11 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-06 05:40 --------- d-----w C:\Program Files\Symantec
2008-01-02 04:01 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-02 03:56 --------- d-----w C:\Program Files\Common Files\Research In Motion
2007-12-30 23:27 --------- d-----w C:\Program Files\MSECache
2007-12-29 20:46 --------- d-----w C:\Program Files\Yahoo!
2007-12-27 03:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 03:50 10 ----a-w C:\Program Files\.autoreg
2007-12-18 05:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-18 05:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-13 18:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-11-30 06:09 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:02 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-02-27 23:33 1,488 ----a-w C:\Program Files\QuickTax 2006 Standard.lnk
2007-02-27 23:33 1,470 ----a-w C:\Program Files\QuickTax 2006 Help.lnk
2006-11-08 01:50 20,265,160 ----a-w C:\Program Files\GoogleEarthWinProSetup.exe
2006-09-01 10:32 3,169,768 ----a-w C:\Program Files\bab_ttsm.exe
2006-09-01 03:23 2,923,034 ----a-w C:\Program Files\Babylon_Hebrew_English.BGL
2006-09-01 03:21 6,997,210 ----a-w C:\Program Files\Babylon_English.BGL
2006-09-01 03:16 12,444,712 ----a-w C:\Program Files\eng_heb_eng.exe
2006-09-01 03:07 3,271,144 ----a-w C:\Program Files\Babylon50_setup.exe
2006-09-01 02:54 11,633,640 ----a-w C:\Program Files\Babylon6_setup_eng_eng_oxford.exe
2006-08-31 11:21 16,451,776 ----a-w C:\Program Files\GoogleEarthPro.exe
2006-08-31 10:55 710,672 ----a-w C:\Program Files\Radio_Israel.exe
2006-08-31 01:35 10,332,640 ----a-w C:\Program Files\SkypeSetup.exe
2003-01-02 17:01 53 ----a-w C:\Program Files\QUICKBOOKS PRO 2003 RETAIL.TXT
2002-11-18 14:05 201 ----a-w C:\Program Files\CD.DAT
2002-11-13 15:36 26,287 ----a-w C:\Program Files\LICENSE AGREEMENT.TXT
2002-11-04 14:39 5,071 ----a-w C:\Program Files\README.TXT
2002-09-27 17:03 40,960 ----a-w C:\Program Files\SETUP.EXE
2002-09-27 17:03 299,008 ----a-w C:\Program Files\AUTORUN.EXE
.
((((((((((((((((((((((((((((( snapshot@2008-01-24_19.38.14.80 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 00:24:13 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-25 02:27:06 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 00:24:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-25 02:27:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 00:24:13 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-25 02:27:06 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-25 00:24:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 02:27:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 00:24:13 7,036,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-25 02:27:07 7,036,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-25 00:24:13 303,104 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 02:27:07 303,104 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{889EB3F6-F16B-4BC0-BC81-9C407C8A3240}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{B5146C40-189A-4311-BDA9-FBAE3E023187}
{1017A80C-6F09-4548-A84D-EDD6AC9525F0}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2913D3DD-9363-4C21-B205-C19A584A0674}
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1 ]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2913D3DD-9363-4C21-B205-C19A584A0674}"= C:\Program Files\Spb Wallet\SpbWalletToolbar.dll [2007-07-03 14:53 114688]
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1 ]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
eitan
01-24-2008, 11:19 PM
post # 4 -last
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 02:06 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 02:06 86016]
"Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [2006-08-13 11:16 2441281]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48 286720]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 00:10 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-30 22:36 180269]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 16:46 709992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll" [2006-02-24 06:54 65536]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 16:45 279912]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08 257752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
path=
backup=
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-09-13 15:43 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 16:24 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-11-04 17:34 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-01-11 02:08 577536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 16:45]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);C:\WINDOWS\system32\Drivers\grmn0200.sys [2006-02-20 13:25]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;C:\WINDOWS\system32\Drivers\grmn1200.sys [2005-12-12 16:27]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRI VERS\motccgpfl.sys [2007-01-23 18:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 16:04]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 14:18]
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-01-24 21:37:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
. Please let me know when to insta;; Reg cure
Thanks
classicsoftware
01-25-2008, 12:18 AM
You don't ever want to install reg cure. It is from a less than reputable company and registry cleaners are pretty much worthless.
How is the system running?????
How about a new HJT log
eitan
01-26-2008, 01:50 AM
ok
1. the PC is runinng slow (it was faster before) the last Combofix
2. when I open Microsoft Outlook I have an error massege
"Error in registryfor extention"Exchenge Extentsiond:' The syntax or format of the registry entry is incorect. Check the registry setting and compare the registry for this extention to other extention in the regisrty' I have to prees Ok 3-4 time to open my outlook
I have the new HTJ LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:36, on 2008-01-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\HJT\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
R3 - URLSearchHook: (no name) - {889eb3f6-f16b-4bc0-bc81-9c407c8a3240} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {889eb3f6-f16b-4bc0-bc81-9c407c8a3240} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
eitan
01-26-2008, 01:51 AM
POST LOG II:
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?a8d2bf9800e24ef4a9ea1c8f82bc35ab
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?a8d2bf9800e24ef4a9ea1c8f82bc35ab
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=67633[/url]
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - [url]http://www1.snapfish.com/SnapfishOutlookImport.cab[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab[/url]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab[/url]
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - [url]https://support.microsoft.com/OAS/ActiveX/odc.cab[/url]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://www1.snapfish.com/SnapfishActivia.cab[/url]
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - [url]http://wwrex.com/download/AxLoader.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab[/url]
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - [url]http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190688151828[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [url]http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190688130796[/url]
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - [url]http://www.geni.com/ImageUploader4.cab[/url]
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - [url]http://205.232.177.18/activex/AMC.cab[/url]
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www.ca.com/ca/en/securityadvisor/virusinfo/webscan.cab[/url]
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - [url]https://213.8.57.101/sre/ICSScanner.cab[/url]
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - [url]http://www.shockwave.com/content/tumblebugs/sis/axhost.cab[/url]
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - [url]http://support.f-secure.com/ols3beta/fscax.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[/url]
O16 - DPF: {C276D404-5249-4BBD-A162-26754AE10CDD} (ClickToTalkAxObj Class) - [url]http://www.gipscorp.com/solutions/CTT/download/ClickToTalkAx.cab[/url]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5201/mcfscan.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BF87AB2-F371-41CB-BB26-7C67B71E4F37}: NameServer = 216.254.141.13 209.90.160.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 12257 bytes
classicsoftware
01-28-2008, 08:26 AM
I hate to admit defeat. Are you able to re-install the OS?
eitan
01-28-2008, 09:59 AM
What to install the windows???
No I can't
classicsoftware
01-28-2008, 11:36 PM
Do you have access to a Windows CD? You will need to get a hold of one to run the recovery console? If not I'll have to figure out the registry hack to get you into safe mode.
eitan
01-29-2008, 12:59 AM
Sorry
no I don't have the CD- I can try to find from somebody but I am not sure.
eitan
02-01-2008, 08:32 AM
Did You Gave Up ?
classicsoftware
02-01-2008, 09:32 AM
Still doing some research.....
eitan
02-01-2008, 07:45 PM
Thanks
Take your time
eitan
02-14-2008, 08:22 AM
Hi
Any news.
eitan
02-27-2008, 08:21 AM
Hi
Sorry but I would like to know if is any chance that You will consider in the problem again
classicsoftware
02-28-2008, 12:12 AM
Go here (http://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/)and follow the suggestions and let me know how it works. Do you get safe mode back?
eitan
03-02-2008, 10:44 AM
Thanks
"Safe mode" working
Thanks again
classicsoftware
03-02-2008, 12:46 PM
Now you have to go back and run the scans that required safe mode....
Osiyo
03-19-2008, 01:42 AM
This is a easy one there was a program installed to undelete file it adds a scheduled event to the scheduled task list. Delete the scheduled even and the problem goes away!
vBulletin v3.6.1, Copyright ©2000-2012, Jelsoft Enterprises Ltd.