 |  |  |  |  |  |  |  |
Boot up problem
 |
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
Okay, let's try a tool which targets other malware. You did have quite a variety there.
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file to install the application and ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything is checked, and click Remove Selected.
Post the Notepad log [it is also saved under Logs tab in MBAM].
And now re-run Combofix, please, and post that log also.
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file to install the application and ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything is checked, and click Remove Selected.
Post the Notepad log [it is also saved under Logs tab in MBAM].
And now re-run Combofix, please, and post that log also.
Last edited by gerbil; May 24th, 2008 at 6:51 am.
Deep, deep in the woods, but walking about.
Malwarebytes' Anti-Malware 1.12
Database version: 794
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 283284
Time elapsed: 2 hour(s), 26 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8cb0d898-a6a2-48c3-bbd7-862f85b18d46} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{431d251c-b43a-47d7-b4f4-07a101b432d6} (Adware.BHO) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\ConnectionServices (Adware.BHO) -> No action taken.
Files Infected:
C:\Documents and Settings\Green\Desktop\New Folder\Rars\crle_1.91 by www.ewares.org\Craagle.exe (Adware.Craagle) -> No action taken.
C:\Program Files\Common Files\fmmm\fmmmd\class-barrel (Malware.Trace) -> No action taken.
C:\Program Files\Common Files\fmmm\fmmmd\vocabulary (Malware.Trace) -> No action taken.
C:\Program Files\ConnectionServices\Uninstall.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> No action taken.
Start Time= Wed 05/28/2008 22:07:46.25
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-05-28 21:01:08 ( .D... ) "C:\Program Files\RM-X Player V5.2"
2008-05-28 14:19:18 ( .D... ) "C:\Documents and Settings\Green\Application Data\Malwarebytes"
2008-05-28 14:18:56 ( .D... ) "C:\Program Files\Malwarebytes' Anti-Malware"
2008-05-26 22:00:42 51 ( A.... ) "C:\smp.bat"
2008-05-26 21:32:16 ( .D... ) "C:\Program Files\AllToAVI"
2008-05-26 21:27:46 34308 ( A.... ) "C:\WINDOWS\system32\BASSMOD.dll"
2008-05-26 17:05:14 107888 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll"
2008-05-26 17:05:14 ( .D.HR ) "C:\Documents and Settings\Green\Application Data\SecuROM"
2008-05-25 20:29:20 ( .D... ) "C:\Documents and Settings\Green\Application Data\DVD Flick"
2008-05-25 19:58:54 ( .D... ) "C:\Program Files\DVD Flick"
2008-05-20 17:00:10 ( .D... ) "C:\Program Files\Orange Box"
2008-05-18 21:40:22 ( .D... ) "C:\Program Files\Panda Security"
2008-05-15 18:59:04 ( .D... ) "C:\Program Files\Grisoft"
2008-05-13 18:02:02 ( .D... ) "C:\Program Files\Trend Micro"
2008-05-12 20:53:20 524288 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe"
2008-05-12 20:53:16 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2008-05-12 20:51:10 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2008-05-12 20:51:10 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2008-05-12 20:50:16 196608 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2008-05-12 20:50:16 81920 ( A.... ) "C:\WINDOWS\system32\dpl100.dll"
2008-05-12 20:50:12 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll"
2008-05-12 20:50:12 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll"
2008-05-12 20:50:12 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll"
2008-05-12 20:50:12 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll"
2008-05-12 20:50:10 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll"
2008-05-12 20:50:10 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll"
2008-05-12 20:50:08 831488 ( A.... ) "C:\WINDOWS\system32\divx_xx0a.dll"
2008-05-12 20:50:08 823296 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
2008-05-12 20:50:08 823296 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
2008-05-12 20:50:08 802816 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
2008-05-12 20:50:06 682496 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
2008-05-12 20:49:28 161096 ( A.... ) "C:\WINDOWS\system32\DivXCodecVersionChecker.exe"
2008-05-12 20:49:02 12288 ( A.... ) "C:\WINDOWS\system32\DivXWMPExtType.dll"
2008-05-09 16:35:04 16863864 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2008-05-07 22:54:34 103736 ( A.... ) "C:\WINDOWS\system32\PnkBstrB.exe"
2008-04-20 22:26:58 ( .D... ) "C:\Program Files\CCleaner"
2008-04-20 12:31:46 ( .D... ) "C:\Program Files\ABC Amber Text Converter"
2008-04-19 23:54:10 ( .D... ) "C:\Documents and Settings\Green\Application Data\ATI"
2008-04-19 19:39:34 ( .D... ) "C:\Documents and Settings\Green\Application Data\Gearbox Software"
2008-04-19 19:11:00 ( .D... ) "C:\Program Files\Ubisoft"
2008-04-16 17:14:02 233472 ( A.... ) "C:\WINDOWS\system32\viscomdvdimg.dll"
2008-04-15 19:54:50 ( .D... ) "C:\Program Files\Cheetah Burner"
2008-04-15 19:43:10 ( .D... ) "C:\Program Files\Blaze Media Pro"
2008-04-15 19:15:44 ( .D... ) "C:\Documents and Settings\Green\Application Data\CDBurnerXP_Soft"
2008-04-14 22:00:32 ( .D... ) "C:\Program Files\EasyBurning"
2008-04-09 19:35:44 ( .D... ) "C:\Documents and Settings\Green\Application Data\Nero"
2008-04-09 19:30:58 ( .D... ) "C:\Program Files\Common Files\Nero"
2008-03-30 19:24:46 ( .D... ) "C:\Documents and Settings\Green\Application Data\Mozilla"
2008-03-27 03:12:54 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-03-24 23:50:58 838432 ( A.... ) "C:\WINDOWS\system32\mswdat10.dll"
2008-03-24 23:50:58 621344 ( A.... ) "C:\WINDOWS\system32\mswstr10.dll"
2008-03-24 23:50:58 355104 ( A.... ) "C:\WINDOWS\system32\msxbde40.dll"
2008-03-24 23:50:56 264992 ( A.... ) "C:\WINDOWS\system32\mstext40.dll"
2008-03-24 23:50:52 559904 ( A.... ) "C:\WINDOWS\system32\msrepl40.dll"
2008-03-24 23:50:50 322336 ( A.... ) "C:\WINDOWS\system32\msrd3x40.dll"
2008-03-24 23:50:48 432928 ( A.... ) "C:\WINDOWS\system32\msrd2x40.dll"
2008-03-24 23:50:46 355104 ( A.... ) "C:\WINDOWS\system32\mspbde40.dll"
2008-03-24 23:50:44 219936 ( A.... ) "C:\WINDOWS\system32\msltus40.dll"
2008-03-24 23:50:42 248608 ( A.... ) "C:\WINDOWS\system32\msjtes40.dll"
2008-03-24 23:50:42 60192 ( A.... ) "C:\WINDOWS\system32\msjter40.dll"
2008-03-24 23:50:40 355112 ( A.... ) "C:\WINDOWS\system32\msjetoledb40.dll"
2008-03-24 23:50:34 1516568 ( A.... ) "C:\WINDOWS\system32\msjet40.dll"
2008-03-24 23:50:30 326432 ( A.... ) "C:\WINDOWS\system32\msexcl40.dll"
2008-03-24 23:50:28 518944 ( A.... ) "C:\WINDOWS\system32\msexch40.dll"
2008-03-19 04:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"
2008-03-17 15:07:38 139264 ( A.... ) "C:\WINDOWS\War3Unin.exe"
2008-03-01 18:36:30 3591680 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2008-03-01 08:06:32 826368 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2008-03-01 08:06:30 1159680 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2008-03-01 08:06:30 671232 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2008-03-01 08:06:30 233472 ( A.... ) "C:\WINDOWS\system32\webcheck.dll"
2008-03-01 08:06:30 105984 ( A.... ) "C:\WINDOWS\system32\url.dll"
2008-03-01 08:06:30 102912 ( A.... ) "C:\WINDOWS\system32\occache.dll"
2008-03-01 08:06:30 44544 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2008-03-01 08:06:28 478208 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2008-03-01 08:06:28 193024 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2008-03-01 08:06:26 459264 ( A.... ) "C:\WINDOWS\system32\msfeeds.dll"
2008-03-01 08:06:26 267776 ( A.... ) "C:\WINDOWS\system32\iertutil.dll"
2008-03-01 08:06:26 52224 ( A.... ) "C:\WINDOWS\system32\msfeedsbs.dll"
2008-03-01 08:06:26 27648 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2008-03-01 08:06:24 6066176 ( A.... ) "C:\WINDOWS\system32\ieframe.dll"
2008-03-01 08:06:24 44544 ( A.... ) "C:\WINDOWS\system32\iernonce.dll"
2008-03-01 08:06:22 384512 ( A.... ) "C:\WINDOWS\system32\iedkcs32.dll"
2008-03-01 08:06:22 383488 ( A.... ) "C:\WINDOWS\system32\ieapfltr.dll"
2008-03-01 08:06:22 347136 ( A..H. ) "C:\WINDOWS\system32\dxtmsft.dll"
2008-03-01 08:06:22 230400 ( A.... ) "C:\WINDOWS\system32\ieaksie.dll"
2008-03-01 08:06:22 214528 ( A..H. ) "C:\WINDOWS\system32\dxtrans.dll"
2008-03-01 08:06:22 153088 ( A.... ) "C:\WINDOWS\system32\ieakeng.dll"
2008-03-01 08:06:22 133120 ( A..H. ) "C:\WINDOWS\system32\extmgr.dll"
2008-03-01 08:06:22 63488 ( A.... ) "C:\WINDOWS\system32\icardie.dll"
2008-03-01 08:06:20 124928 ( A..H. ) "C:\WINDOWS\system32\advpack.dll"
2008-02-29 03:55:24 70656 ( A.... ) "C:\WINDOWS\system32\ie4uinit.exe"
2007-09-26 20:40:04 458752 ( A.... ) "C:\Program Files\AVSVideoToolsTrial.exe"
((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"SoundMan"="SOUNDMAN.EXE"
"StormCodec_Helper"="\"C:\\Program Files\\Ringz Studio\\Storm Codec\\StormSet.exe\" /S /opti"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AdobeUpdater"="C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000001
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
"backup"="C:\\WINDOWS\\pss\\Orbit.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ORBITD~1\\orbitdm.exe /H"
"item"="Orbit"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Green^Start Menu^Programs^Startup^Think-Adz.lnk]
"backup"="C:\\WINDOWS\\pss\\Think-Adz.lnkStartup"
"location"="Startup"
"item"="Think-Adz"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSyncU"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DTProAgent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLD"
"hkey"="HKCU"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1148587091\\ee\\AOLSoftware.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeInSystray"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QTTask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VeohClient"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=dword:00000002
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
Completion time: Wed 05/28/2008 22:14:34.28
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt
Database version: 794
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 283284
Time elapsed: 2 hour(s), 26 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8cb0d898-a6a2-48c3-bbd7-862f85b18d46} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{431d251c-b43a-47d7-b4f4-07a101b432d6} (Adware.BHO) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\ConnectionServices (Adware.BHO) -> No action taken.
Files Infected:
C:\Documents and Settings\Green\Desktop\New Folder\Rars\crle_1.91 by www.ewares.org\Craagle.exe (Adware.Craagle) -> No action taken.
C:\Program Files\Common Files\fmmm\fmmmd\class-barrel (Malware.Trace) -> No action taken.
C:\Program Files\Common Files\fmmm\fmmmd\vocabulary (Malware.Trace) -> No action taken.
C:\Program Files\ConnectionServices\Uninstall.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> No action taken.
Start Time= Wed 05/28/2008 22:07:46.25
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-05-28 21:01:08 ( .D... ) "C:\Program Files\RM-X Player V5.2"
2008-05-28 14:19:18 ( .D... ) "C:\Documents and Settings\Green\Application Data\Malwarebytes"
2008-05-28 14:18:56 ( .D... ) "C:\Program Files\Malwarebytes' Anti-Malware"
2008-05-26 22:00:42 51 ( A.... ) "C:\smp.bat"
2008-05-26 21:32:16 ( .D... ) "C:\Program Files\AllToAVI"
2008-05-26 21:27:46 34308 ( A.... ) "C:\WINDOWS\system32\BASSMOD.dll"
2008-05-26 17:05:14 107888 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll"
2008-05-26 17:05:14 ( .D.HR ) "C:\Documents and Settings\Green\Application Data\SecuROM"
2008-05-25 20:29:20 ( .D... ) "C:\Documents and Settings\Green\Application Data\DVD Flick"
2008-05-25 19:58:54 ( .D... ) "C:\Program Files\DVD Flick"
2008-05-20 17:00:10 ( .D... ) "C:\Program Files\Orange Box"
2008-05-18 21:40:22 ( .D... ) "C:\Program Files\Panda Security"
2008-05-15 18:59:04 ( .D... ) "C:\Program Files\Grisoft"
2008-05-13 18:02:02 ( .D... ) "C:\Program Files\Trend Micro"
2008-05-12 20:53:20 524288 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe"
2008-05-12 20:53:16 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2008-05-12 20:51:10 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2008-05-12 20:51:10 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2008-05-12 20:50:16 196608 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2008-05-12 20:50:16 81920 ( A.... ) "C:\WINDOWS\system32\dpl100.dll"
2008-05-12 20:50:12 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll"
2008-05-12 20:50:12 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll"
2008-05-12 20:50:12 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll"
2008-05-12 20:50:12 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll"
2008-05-12 20:50:10 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll"
2008-05-12 20:50:10 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll"
2008-05-12 20:50:08 831488 ( A.... ) "C:\WINDOWS\system32\divx_xx0a.dll"
2008-05-12 20:50:08 823296 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
2008-05-12 20:50:08 823296 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
2008-05-12 20:50:08 802816 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
2008-05-12 20:50:06 682496 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
2008-05-12 20:49:28 161096 ( A.... ) "C:\WINDOWS\system32\DivXCodecVersionChecker.exe"
2008-05-12 20:49:02 12288 ( A.... ) "C:\WINDOWS\system32\DivXWMPExtType.dll"
2008-05-09 16:35:04 16863864 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2008-05-07 22:54:34 103736 ( A.... ) "C:\WINDOWS\system32\PnkBstrB.exe"
2008-04-20 22:26:58 ( .D... ) "C:\Program Files\CCleaner"
2008-04-20 12:31:46 ( .D... ) "C:\Program Files\ABC Amber Text Converter"
2008-04-19 23:54:10 ( .D... ) "C:\Documents and Settings\Green\Application Data\ATI"
2008-04-19 19:39:34 ( .D... ) "C:\Documents and Settings\Green\Application Data\Gearbox Software"
2008-04-19 19:11:00 ( .D... ) "C:\Program Files\Ubisoft"
2008-04-16 17:14:02 233472 ( A.... ) "C:\WINDOWS\system32\viscomdvdimg.dll"
2008-04-15 19:54:50 ( .D... ) "C:\Program Files\Cheetah Burner"
2008-04-15 19:43:10 ( .D... ) "C:\Program Files\Blaze Media Pro"
2008-04-15 19:15:44 ( .D... ) "C:\Documents and Settings\Green\Application Data\CDBurnerXP_Soft"
2008-04-14 22:00:32 ( .D... ) "C:\Program Files\EasyBurning"
2008-04-09 19:35:44 ( .D... ) "C:\Documents and Settings\Green\Application Data\Nero"
2008-04-09 19:30:58 ( .D... ) "C:\Program Files\Common Files\Nero"
2008-03-30 19:24:46 ( .D... ) "C:\Documents and Settings\Green\Application Data\Mozilla"
2008-03-27 03:12:54 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-03-24 23:50:58 838432 ( A.... ) "C:\WINDOWS\system32\mswdat10.dll"
2008-03-24 23:50:58 621344 ( A.... ) "C:\WINDOWS\system32\mswstr10.dll"
2008-03-24 23:50:58 355104 ( A.... ) "C:\WINDOWS\system32\msxbde40.dll"
2008-03-24 23:50:56 264992 ( A.... ) "C:\WINDOWS\system32\mstext40.dll"
2008-03-24 23:50:52 559904 ( A.... ) "C:\WINDOWS\system32\msrepl40.dll"
2008-03-24 23:50:50 322336 ( A.... ) "C:\WINDOWS\system32\msrd3x40.dll"
2008-03-24 23:50:48 432928 ( A.... ) "C:\WINDOWS\system32\msrd2x40.dll"
2008-03-24 23:50:46 355104 ( A.... ) "C:\WINDOWS\system32\mspbde40.dll"
2008-03-24 23:50:44 219936 ( A.... ) "C:\WINDOWS\system32\msltus40.dll"
2008-03-24 23:50:42 248608 ( A.... ) "C:\WINDOWS\system32\msjtes40.dll"
2008-03-24 23:50:42 60192 ( A.... ) "C:\WINDOWS\system32\msjter40.dll"
2008-03-24 23:50:40 355112 ( A.... ) "C:\WINDOWS\system32\msjetoledb40.dll"
2008-03-24 23:50:34 1516568 ( A.... ) "C:\WINDOWS\system32\msjet40.dll"
2008-03-24 23:50:30 326432 ( A.... ) "C:\WINDOWS\system32\msexcl40.dll"
2008-03-24 23:50:28 518944 ( A.... ) "C:\WINDOWS\system32\msexch40.dll"
2008-03-19 04:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"
2008-03-17 15:07:38 139264 ( A.... ) "C:\WINDOWS\War3Unin.exe"
2008-03-01 18:36:30 3591680 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2008-03-01 08:06:32 826368 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2008-03-01 08:06:30 1159680 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2008-03-01 08:06:30 671232 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2008-03-01 08:06:30 233472 ( A.... ) "C:\WINDOWS\system32\webcheck.dll"
2008-03-01 08:06:30 105984 ( A.... ) "C:\WINDOWS\system32\url.dll"
2008-03-01 08:06:30 102912 ( A.... ) "C:\WINDOWS\system32\occache.dll"
2008-03-01 08:06:30 44544 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2008-03-01 08:06:28 478208 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2008-03-01 08:06:28 193024 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2008-03-01 08:06:26 459264 ( A.... ) "C:\WINDOWS\system32\msfeeds.dll"
2008-03-01 08:06:26 267776 ( A.... ) "C:\WINDOWS\system32\iertutil.dll"
2008-03-01 08:06:26 52224 ( A.... ) "C:\WINDOWS\system32\msfeedsbs.dll"
2008-03-01 08:06:26 27648 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2008-03-01 08:06:24 6066176 ( A.... ) "C:\WINDOWS\system32\ieframe.dll"
2008-03-01 08:06:24 44544 ( A.... ) "C:\WINDOWS\system32\iernonce.dll"
2008-03-01 08:06:22 384512 ( A.... ) "C:\WINDOWS\system32\iedkcs32.dll"
2008-03-01 08:06:22 383488 ( A.... ) "C:\WINDOWS\system32\ieapfltr.dll"
2008-03-01 08:06:22 347136 ( A..H. ) "C:\WINDOWS\system32\dxtmsft.dll"
2008-03-01 08:06:22 230400 ( A.... ) "C:\WINDOWS\system32\ieaksie.dll"
2008-03-01 08:06:22 214528 ( A..H. ) "C:\WINDOWS\system32\dxtrans.dll"
2008-03-01 08:06:22 153088 ( A.... ) "C:\WINDOWS\system32\ieakeng.dll"
2008-03-01 08:06:22 133120 ( A..H. ) "C:\WINDOWS\system32\extmgr.dll"
2008-03-01 08:06:22 63488 ( A.... ) "C:\WINDOWS\system32\icardie.dll"
2008-03-01 08:06:20 124928 ( A..H. ) "C:\WINDOWS\system32\advpack.dll"
2008-02-29 03:55:24 70656 ( A.... ) "C:\WINDOWS\system32\ie4uinit.exe"
2007-09-26 20:40:04 458752 ( A.... ) "C:\Program Files\AVSVideoToolsTrial.exe"
((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"SoundMan"="SOUNDMAN.EXE"
"StormCodec_Helper"="\"C:\\Program Files\\Ringz Studio\\Storm Codec\\StormSet.exe\" /S /opti"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AdobeUpdater"="C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000001
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
"backup"="C:\\WINDOWS\\pss\\Orbit.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ORBITD~1\\orbitdm.exe /H"
"item"="Orbit"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Green^Start Menu^Programs^Startup^Think-Adz.lnk]
"backup"="C:\\WINDOWS\\pss\\Think-Adz.lnkStartup"
"location"="Startup"
"item"="Think-Adz"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSyncU"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DTProAgent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLD"
"hkey"="HKCU"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1148587091\\ee\\AOLSoftware.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeInSystray"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QTTask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VeohClient"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=dword:00000002
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
Completion time: Wed 05/28/2008 22:14:34.28
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Hello, JG... a couple of problems with those logs:
MBAM - this step was missed: "Make sure that everything is checked, and click Remove Selected." Malware and adware were detected but not quarantined.
Combofix - the top half of the log is missing.
MBAM - this step was missed: "Make sure that everything is checked, and click Remove Selected." Malware and adware were detected but not quarantined.
Combofix - the top half of the log is missing.
Deep, deep in the woods, but walking about.
Sorry for the previous mistakes. I re-did the malware scan again and deleted the files then I re-did the combofix and posted it, I also attached the log file incase its hard to read.
ComboFix 08-05-29.1 - Green 2008-05-31 17:09:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015 [GMT -5:00]
Running from: C:\Documents and Settings\Green\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\smp.bat
C:\WINDOWS\system32\mdm.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.
2008-05-29 12:16 . 2008-05-29 12:16 <DIR> d-------- C:\sUBs
2008-05-29 12:16 . 2008-05-29 12:16 683 --a------ C:\Combo.bat
2008-05-28 21:01 . 2008-05-28 21:07 <DIR> d-------- C:\Program Files\RM-X Player V5.2
2008-05-28 14:19 . 2008-05-28 14:19 <DIR> d-------- C:\Documents and Settings\Green\Application Data\Malwarebytes
2008-05-28 14:18 . 2008-05-28 14:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 14:18 . 2008-05-28 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 14:18 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 14:18 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 00:32 . 2008-05-27 00:32 <DIR> d-------- C:\Documents and Settings\Freeloader
2008-05-26 22:09 . 2008-05-26 22:11 0 --a------ C:\output.avi
2008-05-26 21:32 . 2008-05-27 10:00 <DIR> d-------- C:\Program Files\AllToAVI
2008-05-26 17:05 . 2008-05-26 17:05 <DIR> dr-h----- C:\Documents and Settings\Green\Application Data\SecuROM
2008-05-25 20:29 . 2008-05-28 10:46 <DIR> d-------- C:\Documents and Settings\Green\Application Data\DVD Flick
2008-05-25 19:58 . 2008-05-25 19:58 <DIR> d-------- C:\Program Files\DVD Flick
2008-05-25 19:58 . 2000-05-19 17:56 81,920 --a------ C:\WINDOWS\system32\mbmouse.ocx
2008-05-25 19:58 . 2000-11-05 15:27 36,864 --a------ C:\WINDOWS\system32\trayicon.ocx
2008-05-20 17:00 . 2008-05-20 17:00 <DIR> d-------- C:\Program Files\Orange Box
2008-05-20 15:53 . 2008-05-20 17:27 <DIR> d-------- C:\!KillBox
2008-05-19 16:33 . 2008-05-19 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-18 21:40 . 2008-05-18 21:41 <DIR> d-------- C:\Program Files\Panda Security
2008-05-15 17:58 . 2008-05-15 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-14 19:32 . 2008-05-14 19:43 <DIR> d-------- C:\fixwareout
2008-05-13 18:02 . 2008-05-13 18:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-12 20:53 . 2008-05-12 20:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-12 20:51 . 2008-05-12 20:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-12 20:51 . 2008-05-12 20:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-12 20:49 . 2008-05-12 20:49 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-12 20:49 . 2008-05-12 20:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-12 20:49 . 2008-05-12 20:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-04-23 18:32 . 2008-04-23 18:33 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{C7F18430-E561-4213-B311-85908A54007B}
2008-04-20 22:26 . 2008-04-20 22:26 <DIR> d-------- C:\Program Files\CCleaner
2008-04-20 12:31 . 2008-04-20 12:36 <DIR> d-------- C:\Program Files\ABC Amber Text Converter
2008-04-20 12:21 . 2008-04-20 12:21 327,680 --a------ C:\WINDOWS\system32\dvdauthor.ocx
2008-04-19 23:54 . 2008-04-19 23:54 <DIR> d-------- C:\Documents and Settings\Green\Application Data\ATI
2008-04-19 20:44 . 2008-04-19 20:44 <DIR> d-------- C:\ATI
2008-04-19 19:39 . 2008-04-19 19:39 <DIR> d-------- C:\Documents and Settings\Green\Application Data\Gearbox Software
2008-04-19 19:10 . 2008-04-19 19:10 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-16 17:14 . 2008-04-16 17:14 233,472 --a------ C:\WINDOWS\system32\viscomdvdimg.dll
2008-04-15 20:23 . 2008-04-15 20:23 0 --a------ C:\WINDOWS\Irremote.ini
2008-04-15 20:00 . 2008-04-15 20:06 <DIR> d-------- C:\temp\CheetahAudio
2008-04-15 20:00 . 2008-04-15 20:00 <DIR> d-------- C:\temp
2008-04-15 19:54 . 2008-04-15 19:54 <DIR> d-------- C:\Program Files\Cheetah Burner
2008-04-15 19:54 . 2005-11-14 05:23 1,228,800 --a------ C:\WINDOWS\system32\FoxBurner.ocx
2008-04-15 19:54 . 2003-12-17 16:00 1,208,320 --a------ C:\WINDOWS\system32\PTxSCP.ocx
2008-04-15 19:54 . 2007-07-31 12:57 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2008-04-15 19:54 . 2004-02-08 15:53 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2008-04-15 19:54 . 2005-01-19 00:44 454,656 --a------ C:\WINDOWS\system32\FoxDVDImager.ocx
2008-04-15 19:54 . 2002-03-25 03:03 380,928 --a------ C:\WINDOWS\system32\CDRipperX.ocx
2008-04-15 19:54 . 2005-01-19 00:18 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2008-04-15 19:54 . 2007-04-06 00:08 196,608 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2008-04-15 19:54 . 2003-08-19 04:31 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2008-04-15 19:43 . 2008-04-23 19:22 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-04-15 19:15 . 2008-04-15 19:15 <DIR> d-------- C:\Documents and Settings\Green\Application Data\CDBurnerXP_Soft
2008-04-15 18:57 . 2008-04-23 19:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 22:00 . 2008-05-15 19:06 <DIR> d-------- C:\Program Files\EasyBurning
2008-04-10 21:48 . 2008-04-10 21:48 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-09 19:35 . 2008-04-09 19:35 <DIR> d-------- C:\Documents and Settings\Green\Application Data\Nero
2008-04-09 19:30 . 2008-04-15 20:28 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-09 19:30 . 2008-04-15 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-02 20:56 . 2008-04-02 20:56 4,096 --a------ C:\WINDOWS\system32\crash
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 02:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-26 22:05 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-26 18:45 --------- d-----w C:\Program Files\MagicISO
2008-05-24 18:42 --------- d-----w C:\Program Files\DivX
2008-05-22 16:29 --------- d-----w C:\Documents and Settings\Green\Application Data\LimeWire
2008-05-16 04:44 --------- d-----w C:\Program Files\Common Files\fmmm
2008-05-13 22:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 22:42 --------- d-----w C:\Documents and Settings\Green\Application Data\AdobeUM
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 00:22 --------- d-----w C:\Program Files\mIRC
2008-05-08 03:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-08 03:54 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-06 01:00 --------- d-----w C:\Documents and Settings\Green\Application Data\Orbit
2008-04-29 03:47 --------- d-----w C:\Program Files\Opera
2008-04-21 23:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-20 01:47 --------- d-----w C:\Program Files\ATI Technologies
2008-03-30 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 20:07 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-17 20:07 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 11:59 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-21 01:57 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-02-20 06:51 282,624 ---ha-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ---ha-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-09 15:28 323,584 ----a-w C:\WINDOWS\system32\AudioGenie2.dll
2007-12-27 02:39 22,328 ----a-w C:\Documents and Settings\Green\Application Data\PnkBstrK.sys
2007-09-27 01:40 458,752 ----a-w C:\Program Files\AVSVideoToolsTrial.exe
2006-08-24 21:25 20,632 ----a-w C:\Documents and Settings\Green\Application Data\GDIPFONTCACHEV1.DAT
2006-10-12 21:32 3,072 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-10-12 21:32 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2005-05-13 23:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 17:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 03:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-07-14 18:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 16:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 19:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 13:30 97357]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-01-29 19:13 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\Brandon\Start Menu\Programs\Startup\
Killindex.lnk - C:\WINDOWS\system32\cmd.exe [2004-08-04 07:00:00 388608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Green^Start Menu^Programs^Startup^Think-Adz.lnk]
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-04-10 09:15 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\1148587091\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Documents and Settings\\Green\\Desktop\\New Folder\\Limewire\\LimeWire.exe"=
"F:\\Games\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"F:\\Games\\Unreal Tournament\\Unreal Tournament\\UnrealTournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\launch4j-tmp\\JDownloader.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19812:TCP"= 19812:TCP:BitComet 19812 TCP
"19812:UDP"= 19812:UDP:BitComet 19812 UDP
"1620:UDP"= 1620:UDP:Windows Media Format SDK (firefox.exe)
"1621:UDP"= 1621:UDP:Windows Media Format SDK (firefox.exe)
"6112:TCP"= 6112:TCP:6112
"6113:TCP"= 6113:TCP:6113
"6114:TCP"= 6114:TCP:6114
"3389:TCP"= 3389:TCP
isabled
xpsp2res.dll,-22009
R2 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2006-12-28 17:59]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 20:37]
S3 MaplomL;MaplomL;C:\WINDOWS\system32\drivers\MaplomL.sys [2008-01-04 16:05]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-10-16 00:11]
S3 psdriver;psdriver;C:\Program Files\psdriver\psdriver.sys []
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 20:19]
S3 XDva006;XDva006;C:\WINDOWS\system32\XDva006.sys []
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys []
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-19 21:14:59 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-21 17:24:34 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 17:13:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-31 17:24:57
ComboFix-quarantined-files.txt 2008-05-31 22:24:07
Pre-Run: 9,333,637,120 bytes free
Post-Run: 11,885,195,264 bytes free
243 --- E O F --- 2008-05-28 21:13:37
ComboFix 08-05-29.1 - Green 2008-05-31 17:09:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015 [GMT -5:00]
Running from: C:\Documents and Settings\Green\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\smp.bat
C:\WINDOWS\system32\mdm.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.
2008-05-29 12:16 . 2008-05-29 12:16 <DIR> d-------- C:\sUBs
2008-05-29 12:16 . 2008-05-29 12:16 683 --a------ C:\Combo.bat
2008-05-28 21:01 . 2008-05-28 21:07 <DIR> d-------- C:\Program Files\RM-X Player V5.2
2008-05-28 14:19 . 2008-05-28 14:19 <DIR> d-------- C:\Documents and Settings\Green\Application Data\Malwarebytes
2008-05-28 14:18 . 2008-05-28 14:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 14:18 . 2008-05-28 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 14:18 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 14:18 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 00:32 . 2008-05-27 00:32 <DIR> d-------- C:\Documents and Settings\Freeloader
2008-05-26 22:09 . 2008-05-26 22:11 0 --a------ C:\output.avi
2008-05-26 21:32 . 2008-05-27 10:00 <DIR> d-------- C:\Program Files\AllToAVI
2008-05-26 17:05 . 2008-05-26 17:05 <DIR> dr-h----- C:\Documents and Settings\Green\Application Data\SecuROM
2008-05-25 20:29 . 2008-05-28 10:46 <DIR> d-------- C:\Documents and Settings\Green\Application Data\DVD Flick
2008-05-25 19:58 . 2008-05-25 19:58 <DIR> d-------- C:\Program Files\DVD Flick
2008-05-25 19:58 . 2000-05-19 17:56 81,920 --a------ C:\WINDOWS\system32\mbmouse.ocx
2008-05-25 19:58 . 2000-11-05 15:27 36,864 --a------ C:\WINDOWS\system32\trayicon.ocx
2008-05-20 17:00 . 2008-05-20 17:00 <DIR> d-------- C:\Program Files\Orange Box
2008-05-20 15:53 . 2008-05-20 17:27 <DIR> d-------- C:\!KillBox
2008-05-19 16:33 . 2008-05-19 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-18 21:40 . 2008-05-18 21:41 <DIR> d-------- C:\Program Files\Panda Security
2008-05-15 17:58 . 2008-05-15 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-14 19:32 . 2008-05-14 19:43 <DIR> d-------- C:\fixwareout
2008-05-13 18:02 . 2008-05-13 18:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-12 20:53 . 2008-05-12 20:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-12 20:51 . 2008-05-12 20:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-12 20:51 . 2008-05-12 20:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-12 20:49 . 2008-05-12 20:49 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-12 20:49 . 2008-05-12 20:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-12 20:49 . 2008-05-12 20:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-04-23 18:32 . 2008-04-23 18:33 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{C7F18430-E561-4213-B311-85908A54007B}
2008-04-20 22:26 . 2008-04-20 22:26 <DIR> d-------- C:\Program Files\CCleaner
2008-04-20 12:31 . 2008-04-20 12:36 <DIR> d-------- C:\Program Files\ABC Amber Text Converter
2008-04-20 12:21 . 2008-04-20 12:21 327,680 --a------ C:\WINDOWS\system32\dvdauthor.ocx
2008-04-19 23:54 . 2008-04-19 23:54 <DIR> d-------- C:\Documents and Settings\Green\Application Data\ATI
2008-04-19 20:44 . 2008-04-19 20:44 <DIR> d-------- C:\ATI
2008-04-19 19:39 . 2008-04-19 19:39 <DIR> d-------- C:\Documents and Settings\Green\Application Data\Gearbox Software
2008-04-19 19:10 . 2008-04-19 19:10 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-16 17:14 . 2008-04-16 17:14 233,472 --a------ C:\WINDOWS\system32\viscomdvdimg.dll
2008-04-15 20:23 . 2008-04-15 20:23 0 --a------ C:\WINDOWS\Irremote.ini
2008-04-15 20:00 . 2008-04-15 20:06 <DIR> d-------- C:\temp\CheetahAudio
2008-04-15 20:00 . 2008-04-15 20:00 <DIR> d-------- C:\temp
2008-04-15 19:54 . 2008-04-15 19:54 <DIR> d-------- C:\Program Files\Cheetah Burner
2008-04-15 19:54 . 2005-11-14 05:23 1,228,800 --a------ C:\WINDOWS\system32\FoxBurner.ocx
2008-04-15 19:54 . 2003-12-17 16:00 1,208,320 --a------ C:\WINDOWS\system32\PTxSCP.ocx
2008-04-15 19:54 . 2007-07-31 12:57 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2008-04-15 19:54 . 2004-02-08 15:53 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2008-04-15 19:54 . 2005-01-19 00:44 454,656 --a------ C:\WINDOWS\system32\FoxDVDImager.ocx
2008-04-15 19:54 . 2002-03-25 03:03 380,928 --a------ C:\WINDOWS\system32\CDRipperX.ocx
2008-04-15 19:54 . 2005-01-19 00:18 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2008-04-15 19:54 . 2007-04-06 00:08 196,608 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2008-04-15 19:54 . 2003-08-19 04:31 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2008-04-15 19:43 . 2008-04-23 19:22 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-04-15 19:15 . 2008-04-15 19:15 <DIR> d-------- C:\Documents and Settings\Green\Application Data\CDBurnerXP_Soft
2008-04-15 18:57 . 2008-04-23 19:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 22:00 . 2008-05-15 19:06 <DIR> d-------- C:\Program Files\EasyBurning
2008-04-10 21:48 . 2008-04-10 21:48 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-09 19:35 . 2008-04-09 19:35 <DIR> d-------- C:\Documents and Settings\Green\Application Data\Nero
2008-04-09 19:30 . 2008-04-15 20:28 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-09 19:30 . 2008-04-15 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-02 20:56 . 2008-04-02 20:56 4,096 --a------ C:\WINDOWS\system32\crash
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 02:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-26 22:05 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-26 18:45 --------- d-----w C:\Program Files\MagicISO
2008-05-24 18:42 --------- d-----w C:\Program Files\DivX
2008-05-22 16:29 --------- d-----w C:\Documents and Settings\Green\Application Data\LimeWire
2008-05-16 04:44 --------- d-----w C:\Program Files\Common Files\fmmm
2008-05-13 22:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 22:42 --------- d-----w C:\Documents and Settings\Green\Application Data\AdobeUM
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 00:22 --------- d-----w C:\Program Files\mIRC
2008-05-08 03:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-08 03:54 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-06 01:00 --------- d-----w C:\Documents and Settings\Green\Application Data\Orbit
2008-04-29 03:47 --------- d-----w C:\Program Files\Opera
2008-04-21 23:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-20 01:47 --------- d-----w C:\Program Files\ATI Technologies
2008-03-30 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 20:07 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-17 20:07 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 11:59 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-21 01:57 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-02-20 06:51 282,624 ---ha-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ---ha-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-09 15:28 323,584 ----a-w C:\WINDOWS\system32\AudioGenie2.dll
2007-12-27 02:39 22,328 ----a-w C:\Documents and Settings\Green\Application Data\PnkBstrK.sys
2007-09-27 01:40 458,752 ----a-w C:\Program Files\AVSVideoToolsTrial.exe
2006-08-24 21:25 20,632 ----a-w C:\Documents and Settings\Green\Application Data\GDIPFONTCACHEV1.DAT
2006-10-12 21:32 3,072 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-10-12 21:32 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2005-05-13 23:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 17:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 03:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-07-14 18:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 16:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 19:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 13:30 97357]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-01-29 19:13 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\Brandon\Start Menu\Programs\Startup\
Killindex.lnk - C:\WINDOWS\system32\cmd.exe [2004-08-04 07:00:00 388608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Green^Start Menu^Programs^Startup^Think-Adz.lnk]
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-04-10 09:15 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\1148587091\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Documents and Settings\\Green\\Desktop\\New Folder\\Limewire\\LimeWire.exe"=
"F:\\Games\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"F:\\Games\\Unreal Tournament\\Unreal Tournament\\UnrealTournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\launch4j-tmp\\JDownloader.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19812:TCP"= 19812:TCP:BitComet 19812 TCP
"19812:UDP"= 19812:UDP:BitComet 19812 UDP
"1620:UDP"= 1620:UDP:Windows Media Format SDK (firefox.exe)
"1621:UDP"= 1621:UDP:Windows Media Format SDK (firefox.exe)
"6112:TCP"= 6112:TCP:6112
"6113:TCP"= 6113:TCP:6113
"6114:TCP"= 6114:TCP:6114
"3389:TCP"= 3389:TCP
isabledxpsp2res.dll,-22009R2 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2006-12-28 17:59]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 20:37]
S3 MaplomL;MaplomL;C:\WINDOWS\system32\drivers\MaplomL.sys [2008-01-04 16:05]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-10-16 00:11]
S3 psdriver;psdriver;C:\Program Files\psdriver\psdriver.sys []
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 20:19]
S3 XDva006;XDva006;C:\WINDOWS\system32\XDva006.sys []
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys []
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-19 21:14:59 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-21 17:24:34 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 17:13:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-31 17:24:57
ComboFix-quarantined-files.txt 2008-05-31 22:24:07
Pre-Run: 9,333,637,120 bytes free
Post-Run: 11,885,195,264 bytes free
243 --- E O F --- 2008-05-28 21:13:37
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
You might get rid of these files and folder...
D:\SETUP.EXE
E:\autoplay.exe
-these two were on plug-in media.
C:\Program Files\Common Files\fmmm
Does it start easily into Safe Mode?
D:\SETUP.EXE
E:\autoplay.exe
-these two were on plug-in media.
C:\Program Files\Common Files\fmmm
Does it start easily into Safe Mode?
Last edited by gerbil; Jun 2nd, 2008 at 2:25 am.
Deep, deep in the woods, but walking about.
well I booted it in safe mode and it started fine. Then I booted it normally and it started fine, but sometimes when i right click or use a shortcut key explorer still restarts 
Uh, nvm I restarted my computer again and it is still messed up when it boots up
Last edited by JGR; Jun 4th, 2008 at 7:45 pm.
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
JG, it is starting to look like a piece of your legitimate software has gone bad. Something needs to be reinstalled, most likely one of the softwares that appears in your rclick context menu, perhaps it also has some shortcut keys assigned to it.
I'd go offline and start with the AV service, and then move onto the others. Explorer reads the contextmeuhandler reg keys when it loads; a bad one could be stalling it.
I'd go offline and start with the AV service, and then move onto the others. Explorer reads the contextmeuhandler reg keys when it loads; a bad one could be stalling it.
Deep, deep in the woods, but walking about.
At work when computers take a long time to boot or load, then I use the following software and it cleans the computer up really good.
Ad-Aware 2008 home edition - http://www.lavasoft.com/index.php
Superantispyware - http://superantispyware.com/index.html
Spybot Search & Destroy - http://www.safer-networking.org/en/home/index.html
Trojan Remover - http://www.simplysup.com/
All these software is free. The trojan remover is a 30 day trial, but with all the functions of the full version. For cleaning your machine it's pretty good.
Ad-Aware 2008 home edition - http://www.lavasoft.com/index.php
Superantispyware - http://superantispyware.com/index.html
Spybot Search & Destroy - http://www.safer-networking.org/en/home/index.html
Trojan Remover - http://www.simplysup.com/
All these software is free. The trojan remover is a 30 day trial, but with all the functions of the full version. For cleaning your machine it's pretty good.
I only give advice. Make changes to your computer at your own risk. I only post what I know and what I have done.
|
Similar Threads
- Windows XP boot problem (Windows NT / 2000 / XP)
- Strange boot problem (Troubleshooting Dead Machines)
- Still Another Boot Problem (Troubleshooting Dead Machines)
- ASUS Flash Bios - Boot Problem (Motherboards, CPUs and RAM)
- Baaaaad Boot problem (Troubleshooting Dead Machines)
- windows 2003 server boot problem,,,, imdying here... (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Have a file and your not sure if its bad?
- Next Thread: Can’t Access HTTPS Sites
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos e-mafia education email europe exam exploit fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war windows worm yahoo zeroday
