 |
 |
| Help remove trojan!!!! my computer became slower 5x than usual |
| 
bladers maniac
New Member
Date Joined Apr 2008
Total Posts : 11
| Posted 8-29-2008 4:09 (GMT +1) |   | help me please, my computer got slower 5x
here's my hijackthis logfile
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\RTPSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
D:\My Files\Application\idm\Cracked EXE\IDMan.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
D:\My Files\Application\PCMAV 1.6\PCMAV-CLN.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://c:/rapidhacker.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll (file missing)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\My Files\Application\idm\Cracked EXE\IDMIECC.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\VistaMagicPack\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IDMan] D:\My Files\Application\idm\Cracked EXE\IDMan.exe /onboot
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links with IDM - D:\My Files\Application\idm\Cracked EXE\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\My Files\Application\idm\Cracked EXE\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\My Files\Application\idm\Cracked EXE\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{4183AF58-29AD-4DD7-A9B0-F7E462E8E09B}: NameServer = 203.130.193.74,202.134.0.155
O17 - HKLM\System\CS1\Services\Tcpip\..\{4183AF58-29AD-4DD7-A9B0-F7E462E8E09B}: NameServer = 203.130.193.74,202.134.0.155
O17 - HKLM\System\CS2\Services\Tcpip\..\{4183AF58-29AD-4DD7-A9B0-F7E462E8E09B}: NameServer = 203.130.193.74,202.134.0.155
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: PCMAV RealTime Protector Service (PCMAVRTPService) - Unknown owner - C:\WINNT\system32\RTPSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7826 bytes
please anybody help me!!!! | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13812
| Posted 8-29-2008 4:26 (GMT +1) | | Hello 
Please download Malwarebytes' Anti-Malware:
to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with fresh hijackthis log.
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
bladers maniac
New Member
Date Joined Apr 2008
Total Posts : 11
| Posted 8-29-2008 7:22 (GMT +1) | | Thanks before bro Touch,
here's malwarebytes' log
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 201376
Time elapsed: 53 minute(s), 36 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 136
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 15
Files Infected: 67
Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINNT\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\WinRAR\SysTools\Plugins\SlySoft.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\oprBA.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
and here's hijackthis log
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\system32\RTPSvc.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
D:\My Files\Application\idm\Cracked EXE\IDMan.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://c:/rapidhacker.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\My Files\Application\idm\Cracked EXE\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\VistaMagicPack\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IDMan] D:\My Files\Application\idm\Cracked EXE\IDMan.exe /onboot
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links with IDM - D:\My Files\Application\idm\Cracked EXE\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\My Files\Application\idm\Cracked EXE\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\My Files\Application\idm\Cracked EXE\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4183AF58-29AD-4DD7-A9B0-F7E462E8E09B}: NameServer = 203.130.193.74,202.134.0.155
O17 - HKLM\System\CS1\Services\Tcpip\..\{4183AF58-29AD-4DD7-A9B0-F7E462E8E09B}: NameServer = 203.130.193.74,202.134.0.155
O17 - HKLM\System\CS2\Services\Tcpip\..\{4183AF58-29AD-4DD7-A9B0-F7E462E8E09B}: NameServer = 203.130.193.74,202.134.0.155
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCMAV RealTime Protector Service (PCMAVRTPService) - Unknown owner - C:\WINNT\system32\RTPSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7049 bytes
Thanks again then | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13812
| Posted 8-30-2008 6:01 (GMT +1) | | You´ve certainly got rid of some stuff there 
Please download Combofix:
And save to the desktop.
Close all other browser windows.
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Post the contents of that log in your next reply
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
bladers maniac
New Member
Date Joined Apr 2008
Total Posts : 11
| Posted 8-30-2008 10:51 (GMT +1) | | thanks before
i forgot to mention that after i do the malwarebytes scan, i can't use my yahoo messenger
could you please tell me why did that happen, and how to restore it back???
and here's my combofix log
ComboFix 08-08-29.02 - MN 2008-08-30 16:41:41.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.64 [GMT 7:00]
Running from: D:\My Files\Application\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\LLWTJLSX\bin.clearspring.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\LLWTJLSX\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Administrator\Cookies\administrator@playboygirls.txt
C:\Documents and Settings\MN\Application Data\.#
C:\Documents and Settings\User.MICROSOF-B9CC15.000\Application Data\macromedia\Flash Player\#SharedObjects\V476RTQA\bin.clearspring.com
C:\Documents and Settings\User.MICROSOF-B9CC15.000\Application Data\macromedia\Flash Player\#SharedObjects\V476RTQA\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\User.MICROSOF-B9CC15.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\User.MICROSOF-B9CC15.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Program Files\internet explorer\msimg32.dll
C:\WINNT\system32\MSINET.oca
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.
2008-08-30 05:45 . 2008-08-30 05:45 <DIR> d-------- C:\Program Files\Intelore
2008-08-30 05:37 . 2008-08-30 05:37 <DIR> d-------- C:\Program Files\ElcomSoft
2008-08-30 05:37 . 2008-08-30 05:40 1,117 --a------ C:\WINNT\ARPR.INI
2008-08-29 12:27 . 2008-08-29 12:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 12:27 . 2008-08-29 12:27 <DIR> d-------- C:\Documents and Settings\MN\Application Data\Malwarebytes
2008-08-29 12:27 . 2008-08-29 12:27 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
2008-08-29 12:27 . 2008-08-17 15:01 38,472 --a------ C:\WINNT\system32\drivers\mbamswissarmy.sys
2008-08-29 12:27 . 2008-08-17 15:01 17,144 --a------ C:\WINNT\system32\drivers\mbam.sys
2008-08-29 10:23 . 2008-08-29 10:23 <DIR> d-------- C:\Program Files\CCleaner
2008-08-29 09:28 . 2008-08-29 09:28 <DIR> d--hs---- C:\FOUND.002
2008-08-29 09:22 . 2008-08-29 09:22 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Ashampoo
2008-08-29 07:18 . 2008-08-29 07:18 <DIR> d--hs---- C:\FOUND.001
2008-08-29 00:40 . 2008-08-29 00:44 1,672 --a------ C:\WINNT\BricoPackFoldersDelete.cmd
2008-08-29 00:20 . 2008-08-29 00:20 <DIR> d-------- C:\Documents and Settings\MN\Application Data\ViStart
2008-08-29 00:17 . 2008-08-29 00:17 <DIR> d-------- C:\Documents and Settings\MN\Application Data\Styler
2008-08-29 00:12 . 2006-12-08 06:01 20,480 --a------ C:\WINNT\system32\DreamSaver.scr
2008-08-29 00:00 . 2008-08-29 00:00 <DIR> d-------- C:\Program Files\VistaMagicPack
2008-08-28 19:56 . 2008-08-28 19:57 156 --a------ C:\rapidhacker.dll
2008-08-27 17:17 . 2007-11-27 16:32 140,096 --a------ C:\WINNT\system32\comdlg32.ocx
2008-08-27 17:17 . 2007-11-27 16:32 108,336 --a------ C:\WINNT\system32\MSWINSCK.OCX
2008-08-24 18:37 . 2008-08-24 18:37 <DIR> d--hs---- C:\FOUND.000
2008-08-15 15:11 . 2008-08-15 15:11 <DIR> d-------- C:\Program Files\Google Hacks
2008-08-14 21:22 . 2008-08-14 21:22 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-08-14 20:49 . 2008-08-14 20:49 <DIR> d-------- C:\Documents and Settings\MN\Application Data\IDM
2008-08-10 18:08 . 2008-08-10 18:08 <DIR> d-------- C:\Program Files\Download Direct
2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\Program Files\AlienWorks
2008-08-10 14:21 . 2008-08-10 14:21 <DIR> d-------- C:\WINNT\'Full Speed' Internet Booster + Performance Tests
2008-08-10 14:21 . 2008-08-10 14:21 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-08-10 13:46 . 2008-08-10 13:46 <DIR> d-------- C:\aidualc3
2008-08-10 13:06 . 2008-08-10 13:06 <DIR> d-------- C:\Documents and Settings\MN\Application Data\Thinstall
2008-08-09 10:06 . 2008-08-09 10:06 <DIR> d-------- C:\Program Files\uTorrent
2008-08-09 10:06 . 2008-08-09 10:06 <DIR> d-------- C:\Documents and Settings\MN\Application Data\uTorrent
2008-08-07 22:20 . 2008-08-07 22:20 <DIR> d-------- C:\Program Files\Opera
2008-08-06 17:00 . 2003-01-30 06:04 1,500,160 --a------ C:\WINNT\system32\cc3260mt.dll
2008-08-06 17:00 . 2002-01-05 03:40 487,424 --a------ C:\WINNT\system32\Msvcp70.dll
2008-08-06 17:00 . 2004-08-18 12:34 442,368 --a------ C:\WINNT\system32\vp6vfw.dll
2008-08-06 17:00 . 2002-01-05 06:37 344,064 --a------ C:\WINNT\system32\Msvcr70.dll
2008-08-06 17:00 . 2004-08-06 13:49 265,785 --a------ C:\WINNT\system32\pixomatic.dll
2008-08-06 17:00 . 2004-01-06 10:43 188,416 --a------ C:\WINNT\system32\eax.dll
2008-08-06 17:00 . 2004-10-18 14:04 161,280 --a------ C:\WINNT\system32\fmod.dll
2008-08-06 17:00 . 2002-01-05 03:38 54,784 --a------ C:\WINNT\system32\msvci70.dll
2008-08-06 17:00 . 2002-02-01 07:00 22,016 --a------ C:\WINNT\system32\borlndmm.dll
2008-08-05 00:09 . 2008-08-05 00:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-03 09:09 . 2008-08-03 09:09 <DIR> d-------- C:\WINNT\system32\drivers\Avg
2008-08-03 09:09 . 2008-08-03 15:37 97,928 --a------ C:\WINNT\system32\drivers\avgldx86.sys
2008-08-03 09:09 . 2008-08-03 09:09 76,040 --a------ C:\WINNT\system32\drivers\avgtdix.sys
2008-08-03 09:09 . 2008-08-03 09:09 12,936 --a------ C:\WINNT\system32\drivers\avgrkx86.sys
2008-08-03 09:09 . 2008-08-03 15:37 10,520 --a------ C:\WINNT\system32\avgrsstx.dll
2008-08-03 08:27 . 2008-08-03 08:27 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Kaspersky Lab Setup Files
2008-08-03 07:42 . 2008-08-03 07:42 <DIR> d-------- C:\Program Files\Folder Lock
2008-08-03 07:42 . 2004-05-10 12:42 110,592 --a------ C:\WINNT\system32\suppdll.dll
2008-08-03 07:42 . 2008-08-03 07:42 35,363 --a------ C:\WINNT\system32\windrvNT.sys
2008-08-02 19:09 . 2008-08-02 19:09 <DIR> d-------- C:\Program Files\CAPCOM
2008-08-02 14:59 . 2008-08-02 14:59 <DIR> d-------- C:\WINNT\system32\XPSViewer
2008-08-02 14:59 . 2008-08-02 14:59 <DIR> d-------- C:\Program Files\The Exchange Student - Episode 2
2008-08-02 14:59 . 2008-08-02 14:59 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-08-02 14:57 . 2006-06-29 13:07 14,048 --------- C:\WINNT\system32\spmsg2.dll
2008-08-02 14:52 . 2008-08-02 14:52 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-08-01 18:24 . 2008-08-01 18:24 <DIR> d-------- C:\Documents and Settings\MN\Application Data\Media Player Classic
2008-08-01 18:22 . 2008-08-01 18:22 <DIR> d-------- C:\Program Files\Real Alternative
2008-08-01 14:39 . 2008-08-01 14:39 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
2008-08-01 14:38 . 2008-08-01 14:38 <DIR> d-------- C:\Program Files\Invisible Secrets 4
2008-07-31 15:19 . 2008-07-31 15:19 <DIR> d-------- C:\WINNT\system32\dumps
2008-07-28 17:24 . 2008-07-28 17:24 <DIR> d-------- C:\Documents and Settings\MN\Application Data\DMCache
2008-07-24 19:21 . 2008-07-24 19:21 <DIR> d--hs---- C:\WINNT\ftpcache
2008-07-23 17:17 . 2008-07-23 17:17 0 --a------ C:\WINNT\MOTO.INI
2008-07-14 17:37 . 2008-07-09 21:34 206,256 --a------ C:\WINNT\system32\idmmbc.dll
2008-07-09 18:18 . 2008-07-09 18:18 <DIR> d-------- C:\EMPIRE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 17:44 46,722 ----a-w C:\WINNT\BricoPackUninst.cmd
2007-11-07 14:30 119,928 ----a-w C:\Documents and Settings\User.MICROSOF-B9CC15.000\Application Data\GDIPFONTCACHEV1.DAT
2007-06-15 07:25 119,928 ----a-w C:\Documents and Settings\User.MICROSOF-B9CC15\Application Data\GDIPFONTCACHEV1.DAT
2007-04-08 10:40 41,072 ----a-w C:\Documents and Settings\gLaNg-mo_MeROs\Application Data\GDIPFONTCACHEV1.DAT
.
<pre>
----a-w 524,288 2007-06-19 13:24:54 C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
</pre>
------- Sigcheck -------
2004-01-01 00:00 1216000 072b2dd3b51da4ba4969cbf57b58fb10 C:\WINNT\system32\wininet.dll
2004-01-01 00:00 1216000 072b2dd3b51da4ba4969cbf57b58fb10 C:\WINNT\system32\dllcache\wininet.dll
2007-12-07 08:07 659456 57d1b5150cf6331fac6b3e04c1fcb966 C:\WINNT\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\sp2gdr\wininet.dll
2007-12-07 07:44 666112 085a7c37f9c6ede1ba870b7dbec06399 C:\WINNT\$hf_mig$\KB944533\SP2QFE\wininet.dll
2004-01-01 00:00 1880576 a060c835391f626bd37679d6fa701261 C:\WINNT\explorer.exe
2004-01-01 00:00 1880576 a060c835391f626bd37679d6fa701261 C:\WINNT\system32\dllcache\explorer.exe
2007-06-13 17:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINNT\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2007-06-13 18:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINNT\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-01-01 00:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 16:39 486856]
"IDMan"="D:\My Files\Application\idm\Cracked EXE\IDMan.exe" [2008-07-15 08:39 931248]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 21:58 4269296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-03 15:37 1235736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
C:\Documents and Settings\User.MICROSOF-B9CC15\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-02-25 12:05:52 225280]
C:\Documents and Settings\User.MICROSOF-B9CC15.000\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 20:56:00 1826885]
Y'z ToolBar.lnk - C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 20:41:00 90112]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-03-07 16:36:48 225280]
Stardock ObjectDock.lnk - C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 20:56:00 1826885]
Y'z ToolBar.lnk - C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 20:41:00 90112]
C:\Documents and Settings\MN\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
Stardock ObjectDock.lnk - C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 20:56:00 1826885]
Y'z ToolBar.lnk - C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 20:41:00 90112]
C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-02-27 12:17:15 589824]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-27 12:30:11 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINNT\system32\Drivers\avgrkx86.sys [2008-08-03 09:09]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [2008-08-03 15:37]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-03 15:37]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-03 15:37]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINNT\system32\Drivers\avgtdix.sys [2008-08-03 09:09]
R2 PCMAVRTPService;PCMAV RealTime Protector Service;C:\WINNT\system32\RTPSvc.exe [2008-03-02 10:00]
S2 nvmini;NVIDIA Compatible Windows Miniport Driver;C:\WINNT\system32\DRIVERS\nvmini.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINNT\system32\drivers\npf.sys [2007-11-07 03:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - Who is Administrator.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - Who is Administrator.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cd72386-e869-11dc-8b0b-0011d884b304}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5cd5b52-e534-11dc-8af2-0011d884b304}]
\shell\explore\Command - F:\boot.exe
\shell\open\Command - F:\boot.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2629f12-f546-11dc-8b40-0011d884b304}]
\Shell\AutoRun\command - tati.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efbf2dec-6e9d-11dd-8bfe-0011d884b304}]
\Shell\AutoRun\command - C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ctfmon.exe.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efbf2ded-6e9d-11dd-8bfe-0011d884b304}]
\shell\explore\Command - boot.exe
\shell\open\Command - boot.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-27 C:\WINNT\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\MN\Application Data\Mozilla\Firefox\Profiles\8dzh1etg.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nppdf32.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 16:48:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\sccfg.sys 16384 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\explorer.exe
-> C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRAM FILES\AVG\AVG8\AVGAM.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGNSX.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-30 16:54:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 09:53:44
Pre-Run: 8,586,362,880 bytes free
Post-Run: 8,973,746,176 bytes free
248 --- E O F --- 2008-04-01 16:26:36
thanks again then | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13812
| Posted 8-31-2008 6:15 (GMT +1) | | |
Open notepad and copy/paste the text in the quotebox below into it:
Quote:
|
Killall::
Snapshot::
RenV::
C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
|
Save this as:
CFScript
Refering to the picture above, drag CFScript into ComboFix.exe
Then post fresh combofix log, and tell if you can use yahoo messenger ?
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
bladers maniac
New Member
Date Joined Apr 2008
Total Posts : 11
| Posted 8-31-2008 11:39 (GMT +1) | | still can't use it
anyway, here's combofix log
ComboFix 08-08-29.02 - MN 2008-08-31 17:29:00.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.94 [GMT 7:00]
Running from: D:\My Files\Application\ComboFix.exe
Command switches used :: C:\Documents and Settings\MN\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\MN\Application Data\macromedia\Flash Player\#SharedObjects\N67HSRAQ\bin.clearspring.com
C:\Documents and Settings\MN\Application Data\macromedia\Flash Player\#SharedObjects\N67HSRAQ\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\MN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\MN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.
2008-08-30 19:00 . 2008-08-30 19:02 1,374 --a------ C:\WINNT\imsins.BAK
2008-08-30 17:22 . 2008-06-13 20:10 272,128 --------- C:\WINNT\system32\drivers\bthport.sys
2008-08-30 17:22 . 2008-06-13 20:10 272,128 --------- C:\WINNT\system32\dllcache\bthport.sys
2008-08-30 05:45 . 2008-08-30 05:45 <DIR> d-------- C:\Program Files\Intelore
2008-08-30 05:37 . 2008-08-30 05:37 <DIR> d-------- C:\Program Files\ElcomSoft
2008-08-30 05:37 . 2008-08-30 05:40 1,117 --a------ C:\WINNT\ARPR.INI
2008-08-29 12:27 . 2008-08-29 12:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 12:27 . 2008-08-29 12:27 <DIR> d-------- C:\Documents and Settings\MN\Application Data\Malwarebytes
2008-08-29 12:27 . 2008-08-29 12:27 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
2008-08-29 12:27 . 2008-08-17 15:01 38,472 --a------ C:\WINNT\system32\drivers\mbamswissarmy.sys
2008-08-29 12:27 . 2008-08-17 15:01 17,144 --a------ C:\WINNT\system32\drivers\mbam.sys
2008-08-29 10:23 . 2008-08-29 10:23 <DIR> d-------- C:\Program Files\CCleaner
2008-08-29 09:28 . 2008-08-29 09:28 <DIR> d--hs---- C:\FOUND.002
2008-08-29 09:22 . 2008-08-29 09:22 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Ashampoo
2008-08-29 07:18 . 2008-08-29 07:18 <DIR> d--hs---- C:\FOUND.001
2008-08-29 00:40 . 2008-08-29 00:44 1,672 --a------ C:\WINNT\BricoPackFoldersDelete.cmd
2008-08-29 00:20 . 2008-08-29 00:20 <DIR> d-------- C:\Documents and Settings\MN\Application Data\ViStart
2008-08-29 00:17 . 2008-08-29 00:17 <DIR> d-------- C:\Documents and Settings\MN\Application Data\Styler
2008-08-29 00:12 . 2006-12-08 06:01 20,480 --a------ C:\WINNT\system32\DreamSaver.scr
2008-08-29 00:00 . 2008-08-29 00:00 <DIR> d-------- C:\Program Files\VistaMagicPack
2008-08-28 19:56 . 2008-08-28 19:57 156 --a------ C:\rapidhacker.dll
2008-08-27 17:17 . 2007-11-27 16:32 140,096 --a------ C:\WINNT\system32\comdlg32.ocx
2008-08-27 17:17 . 2007-11-27 16:32 108,336 --a------ C:\WINNT\system32\MSWINSCK.OCX
2008-08-24 18:37 . 2008-08-24 18:37 <DIR> d--hs---- C:\FOUND.000
2008-08-15 15:11 . 2008-08-15 15:11 <DIR> d-------- C:\Program Files\Google Hacks
2008-08-14 21:22 . 2008-08-14 21:22 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-08-14 20:49 . 2008-08-14 20:49 <DIR> d-------- C:\Documents and Settings\MN\Application Data\IDM
2008-08-10 18:08 . 2008-08-10 18:08 <DIR> d-------- C:\Program Files\Download Direct
2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\Program Files\AlienWorks
2008-08-10 14:21 . 2008-08-10 14:21 <DIR> d-------- C:\WINNT\'Full Speed' Internet Booster + Performance Tests
2008-08-10 14:21 . 2008-08-10 14:21 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-08-10 13:46 . 2008-08-10 13:46 <DIR> d-------- C:\aidualc3
2008-08-10 13:06 . 2008-08-10 13:06 <DIR> d-------- C:\Documents and Settings\MN\Application Data\Thinstall
2008-08-09 10:06 . 2008-08-09 10:06 <DIR> d-------- C:\Program Files\uTorrent
2008-08-09 10:06 . 2008-08-09 10:06 <DIR> d-------- C:\Documents and Settings\MN\Application Data\uTorrent
2008-08-07 22:20 . 2008-08-07 22:20 <DIR> d-------- C:\Program Files\Opera
2008-08-06 17:00 . 2003-01-30 06:04 1,500,160 --a------ C:\WINNT\system32\cc3260mt.dll
2008-08-06 17:00 . 2002-01-05 03:40 487,424 --a------ C:\WINNT\system32\Msvcp70.dll
2008-08-06 17:00 . 2004-08-18 12:34 442,368 --a------ C:\WINNT\system32\vp6vfw.dll
2008-08-06 17:00 . 2002-01-05 06:37 344,064 --a------ C:\WINNT\system32\Msvcr70.dll
2008-08-06 17:00 . 2004-08-06 13:49 265,785 --a------ C:\WINNT\system32\pixomatic.dll
2008-08-06 17:00 . 2004-01-06 10:43 188,416 --a------ C:\WINNT\system32\eax.dll
2008-08-06 17:00 . 2004-10-18 14:04 161,280 --a------ C:\WINNT\system32\fmod.dll
2008-08-06 17:00 . 2002-01-05 03:38 54,784 --a------ C:\WINNT\system32\msvci70.dll
2008-08-06 17:00 . 2002-02-01 07:00 22,016 --a------ C:\WINNT\system32\borlndmm.dll
2008-08-05 00:09 . 2008-08-05 00:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-03 09:09 . 2008-08-03 09:09 <DIR> d-------- C:\WINNT\system32\drivers\Avg
2008-08-03 09:09 . 2008-08-03 15:37 97,928 --a------ C:\WINNT\system32\drivers\avgldx86.sys
2008-08-03 09:09 . 2008-08-03 09:09 76,040 --a------ C:\WINNT\system32\drivers\avgtdix.sys
2008-08-03 09:09 . 2008-08-03 09:09 12,936 --a------ C:\WINNT\system32\drivers\avgrkx86.sys
2008-08-03 09:09 . 2008-08-03 15:37 10,520 --a------ C:\WINNT\system32\avgrsstx.dll
2008-08-03 08:27 . 2008-08-03 08:27 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Kaspersky Lab Setup Files
2008-08-03 07:42 . 2008-08-03 07:42 <DIR> d-------- C:\Program Files\Folder Lock
2008-08-03 07:42 . 2004-05-10 12:42 110,592 --a------ C:\WINNT\system32\suppdll.dll
2008-08-03 07:42 . 2008-08-03 07:42 35,363 --a------ C:\WINNT\system32\windrvNT.sys
2008-08-02 19:09 . 2008-08-02 19:09 <DIR> d-------- C:\Program Files\CAPCOM
2008-08-02 14:59 . 2008-08-02 14:59 <DIR> d-------- C:\WINNT\system32\XPSViewer
2008-08-02 14:59 . 2008-08-02 14:59 <DIR> d-------- C:\Program Files\The Exchange Student - Episode 2
2008-08-02 14:59 . 2008-08-02 14:59 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-08-02 14:57 . 2006-06-29 13:07 14,048 --------- C:\WINNT\system32\spmsg2.dll
2008-08-02 14:52 . 2008-08-02 14:52 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-08-01 18:24 . 2008-08-01 18:24 <DIR> d-------- C:\Documents and Settings\MN\Application Data\Media Player Classic
2008-08-01 18:22 . 2008-08-01 18:22 <DIR> d-------- C:\Program Files\Real Alternative
2008-08-01 14:39 . 2008-08-01 14:39 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
2008-08-01 14:38 . 2008-08-01 14:38 <DIR> d-------- C:\Program Files\Invisible Secrets 4
2008-07-31 15:19 . 2008-07-31 15:19 <DIR> d-------- C:\WINNT\system32\dumps
2008-07-28 17:24 . 2008-07-28 17:24 <DIR> d-------- C:\Documents and Settings\MN\Application Data\DMCache
2008-07-24 19:21 . 2008-07-24 19:21 <DIR> d--hs---- C:\WINNT\ftpcache
2008-07-23 17:17 . 2008-07-23 17:17 0 --a------ C:\WINNT\MOTO.INI
2008-07-14 17:37 . 2008-07-09 21:34 206,256 --a------ C:\WINNT\system32\idmmbc.dll
2008-07-09 18:18 . 2008-07-09 18:18 <DIR> d-------- C:\EMPIRE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 17:44 46,722 ----a-w C:\WINNT\BricoPackUninst.cmd
2008-07-07 20:32 253,952 ----a-w C:\WINNT\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINNT\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINNT\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINNT\system32\dllcache\mscms.dll
2008-06-20 17:41 245,248 ----a-w C:\WINNT\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINNT\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINNT\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINNT\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINNT\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINNT\system32\dllcache\tcpip6.sys
2008-05-08 12:28 202,752 ----a-w C:\WINNT\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINNT\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINNT\system32\dllcache\quartz.dll
2008-05-01 14:30 331,776 ----a-w C:\WINNT\system32\dllcache\msadce.dll
2007-11-07 14:30 119,928 ----a-w C:\Documents and Settings\User.MICROSOF-B9CC15.000\Application Data\GDIPFONTCACHEV1.DAT
2007-06-15 07:25 119,928 ----a-w C:\Documents and Settings\User.MICROSOF-B9CC15\Application Data\GDIPFONTCACHEV1.DAT
2007-04-08 10:40 41,072 ----a-w C:\Documents and Settings\gLaNg-mo_MeROs\Application Data\GDIPFONTCACHEV1.DAT
.
<pre>
----a-w 524,288 2007-06-19 13:24:54 C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
</pre>
------- Sigcheck -------
2004-01-01 00:00 1216000 072b2dd3b51da4ba4969cbf57b58fb10 C:\WINNT\system32\wininet.dll
2004-01-01 00:00 1216000 072b2dd3b51da4ba4969cbf57b58fb10 C:\WINNT\system32\dllcache\wininet.dll
2007-12-07 08:07 659456 57d1b5150cf6331fac6b3e04c1fcb966 C:\WINNT\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\sp2gdr\wininet.dll
2008-06-23 22:38 659456 9eea04bc4c3fa521d256d89940fab4db C:\WINNT\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2gdr\wininet.dll
2008-06-23 23:12 667136 611ace3f4201e9610af8452f7c268995 C:\WINNT\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2qfe\wininet.dll
2008-06-23 21:54 666624 972299b7241ec325d8c7e5638c884925 C:\WINNT\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp3qfe\wininet.dll
2008-06-23 22:09 666112 f12fbb673de9cc802c5dc518fe99aa2f C:\WINNT\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp3gdr\wininet.dll
2007-12-07 07:44 666112 085a7c37f9c6ede1ba870b7dbec06399 C:\WINNT\$hf_mig$\KB944533\SP2QFE\wininet.dll
2004-01-01 00:00 1880576 a060c835391f626bd37679d6fa701261 C:\WINNT\explorer.exe
2004-01-01 00:00 1880576 a060c835391f626bd37679d6fa701261 C:\WINNT\system32\dllcache\explorer.exe
2007-06-13 17:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINNT\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2007-06-13 18:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINNT\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-01-01 00:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 16:39 486856]
"IDMan"="D:\My Files\Application\idm\Cracked EXE\IDMan.exe" [2008-07-15 08:39 931248]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-03 15:37 1235736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
C:\Documents and Settings\User.MICROSOF-B9CC15\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-02-25 12:05:52 225280]
C:\Documents and Settings\User.MICROSOF-B9CC15.000\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 20:56:00 1826885]
Y'z ToolBar.lnk - C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 20:41:00 90112]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-03-07 16:36:48 225280]
Stardock ObjectDock.lnk - C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 20:56:00 1826885]
Y'z ToolBar.lnk - C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 20:41:00 90112]
C:\Documents and Settings\MN\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
Stardock ObjectDock.lnk - C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 20:56:00 1826885]
Y'z ToolBar.lnk - C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 20:41:00 90112]
C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Ralink | |
| |
