There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot bsod computer connection cpu crash css dell desktop dma driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware monitor motherboard network networking outlook outlook 2003 outlook 2007 outlook express pio problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
major spyware problem


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 2 of 2 < 1 2
 
Thread Tools
sean1604's Avatar
Computer Specs
Member with 64 posts.
  
Join Date: Sep 2007
Experience: Intermediate
30-Jun-2008, 07:47 PM #16
ok this is what she has figured out so far:
U=4 i=5 (bt doesnt work) O=6 p= - J=1 K=2 L=3 M=0
i should = 5 becuase 5=i which is how the others work but it doesn't, and she needs the i for her password, to get onto msn for remote assistance so i'm going to have to the logs myself the next time i see her becuase i should be able to do them just using the mouse.
can somone please remove the solved title from this, becuase it clearly isn't.
cybertech's Avatar
Computer Specs
Moderator with 58,414 posts.
  
Join Date: Apr 2002
Location: Washington State
01-Jul-2008, 01:41 PM #17
Have her use an external keyboard.
sean1604's Avatar
Computer Specs
Member with 64 posts.
  
Join Date: Sep 2007
Experience: Intermediate
01-Jul-2008, 02:41 PM #18
ok my girlfriend pressed the nmlk key on her laptop keyboard. but avg is still picking up virus's, trojans etc, what other software should i install along with avg? and there is still pop-ups coming up for anti virus software (obvious spyware) so i ran the logs:

combo fix:
ComboFix 08-06-30.2 - gemma McDonald 2008-07-01 19:19:18.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.28 [GMT 1:00]
Running from: C:\Documents and Settings\gemma McDonald\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\gemma McDonald\Application Data\macromedia\Flash Player\#SharedObjects\2WBJ58LP\iforex.com
C:\Documents and Settings\gemma McDonald\Application Data\macromedia\Flash Player\#SharedObjects\2WBJ58LP\iforex.com\Emerp\Events\flash_object.swf\use r_data.sol
C:\Documents and Settings\gemma McDonald\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\gemma McDonald\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtqrqnL.dll
C:\WINDOWS\system32\bmahprep.ini
C:\WINDOWS\system32\efcAPjkK.dll
C:\WINDOWS\system32\KkjPAcfe.ini
C:\WINDOWS\system32\KkjPAcfe.ini2
C:\WINDOWS\system32\kmcxndsx.dll
C:\WINDOWS\system32\mwerouvf.ini
C:\WINDOWS\system32\perphamb.dll
C:\WINDOWS\system32\qaxdwjxu.dll
C:\WINDOWS\system32\rsabccuk.dll
C:\WINDOWS\system32\uxjwdxaq.ini
C:\WINDOWS\system32\yybnusht.dll
C:\WINDOWS\Temp\log.txt
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-07-01 19:03 . 2008-07-01 19:03 106,240 --a------ C:\WINDOWS\system32\mvdvkf.dll
2008-07-01 19:03 . 2008-07-01 19:03 106,240 --a------ C:\WINDOWS\system32\mthfrhoc.dll
2008-06-30 11:54 . 2008-06-30 11:54 105,872 --a------ C:\WINDOWS\system32\vrgjxo.dll
2008-06-30 11:53 . 2008-06-30 11:54 105,872 --a------ C:\WINDOWS\system32\ilkvphra.dll
2008-06-29 10:39 . 2008-06-29 10:39 105,856 --a------ C:\WINDOWS\system32\dxbjkjmi.dll
2008-06-29 10:39 . 2008-06-29 10:39 105,856 --a------ C:\WINDOWS\system32\doghoc.dll
2008-06-26 18:52 . 2008-06-26 18:52 <DIR> d-------- C:\_OTMoveIt
2008-06-24 17:54 . 2008-06-24 17:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 17:50 . 2008-06-24 17:51 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-21 12:22 . 2008-06-21 12:22 <DIR> d-------- C:\Program Files\Nurb 32 delete
2008-06-17 21:05 . 2008-06-17 21:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-17 21:05 . 2008-06-17 21:05 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-17 21:05 . 2008-06-17 21:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-17 21:04 . 2008-06-17 21:04 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-17 21:04 . 2008-06-17 21:04 <DIR> d-------- C:\Program Files\AVG
2008-06-17 21:04 . 2008-06-17 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-17 20:07 . 2008-06-17 20:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 13:29 . 2008-06-15 13:29 <DIR> d--hs---- C:\FOUND.000
2008-06-15 13:25 . 2008-06-15 13:25 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-06-15 13:25 . 2008-06-15 13:25 <DIR> d-------- C:\Program Files\Samsung
2008-06-15 13:25 . 2007-05-02 11:11 109,704 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2008-06-15 13:25 . 2007-05-02 11:11 83,592 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2008-06-15 13:25 . 2007-05-02 11:11 15,112 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2008-06-15 13:25 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2008-06-15 13:25 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2008-06-15 13:25 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2008-06-15 13:25 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2008-06-15 13:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-06-15 13:22 . 2008-06-15 13:22 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-11 17:16 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 17:16 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-21 07:04 615,936 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-04-21 07:04 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-04-21 07:04 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-04-21 07:04 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-04-21 07:04 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-04-21 07:04 3,059,712 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-21 07:04 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-04-21 07:04 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-04-21 07:03 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-04-21 07:03 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-04-21 07:03 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-04-21 07:03 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-04-21 07:03 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-04-21 07:03 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-04-21 07:03 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-04-21 07:03 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-04-21 07:03 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd621ce4-5f88-46d4-b404-f1462f3b1604}]
2008-07-01 19:03 106240 --a------ C:\WINDOWS\system32\mvdvkf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-07 18:54 68856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 07:37 289088]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 10:31 397312]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59 77824]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-17 21:04 1177368]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-07 18:54:38 126136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-17 21:05]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-17 21:04]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-17 21:04]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-17 21:05]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 MioNet;MioNet Service;"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf" []
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 18:06:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-15681352 - C:\WINDOWS\system32\perphamb.dll
Notify-WgaLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 19:29:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\PROGRAM FILES\MIONET\MIONETMANAGER.EXE
C:\PROGRAM FILES\MIONET\JVM\BIN\MIONET.EXE
C:\PROGRAM FILES\CANON\CAL\CALMAIN.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRAM FILES\AVG\AVG8\AVGEMC.EXE
C:\WINDOWS\system32\LVComS.exe
.
**************************************************************************
.
Completion time: 2008-07-01 19:35:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 18:35:10

Pre-Run: 11,072,684,032 bytes free
Post-Run: 11,435,458,560 bytes free

206 --- E O F --- 2008-06-21 11:28:56

HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:50, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {4061b3f2-641f-404b-4d64-88f54ec126db} - {bd621ce4-5f88-46d4-b404-f1462f3b1604} - C:\WINDOWS\system32\mvdvkf.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?7a3bc64ce373466ca8d14ab0f9d401fd
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?7a3bc64ce373466ca8d14ab0f9d401fd
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe

--
End of file - 8360 bytes
cybertech's Avatar
Computer Specs
Moderator with 58,414 posts.
  
Join Date: Apr 2002
Location: Washington State
02-Jul-2008, 01:51 PM #19
Open Notepad and copy and paste the text in the quote box below into it:
Quote:
KILLALL::

File::
C:\WINDOWS\system32\mvdvkf.dll
C:\WINDOWS\system32\mthfrhoc.dll
C:\WINDOWS\system32\vrgjxo.dll
C:\WINDOWS\system32\ilkvphra.dll
C:\WINDOWS\system32\dxbjkjmi.dll
C:\WINDOWS\system32\doghoc.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd621ce4-5f88-46d4-b404-f1462f3b1604}]

Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.



Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.



Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u6-windows-i586-p.exe and select "Run as an Administrator.")
__________________
Microsoft MVP/Windows - Consumer Security


If we have helped you, please consider making a donation to TSG!
sean1604's Avatar
Computer Specs
Member with 64 posts.
  
Join Date: Sep 2007
Experience: Intermediate
09-Jul-2008, 04:31 PM #20
Combofix the latest log i coud find :
ComboFix 08-06-30.2 - gemma McDonald 2008-07-01 19:19:18.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.28 [GMT 1:00]
Running from: C:\Documents and Settings\gemma McDonald\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\gemma McDonald\Application Data\macromedia\Flash Player\#SharedObjects\2WBJ58LP\iforex.com
C:\Documents and Settings\gemma McDonald\Application Data\macromedia\Flash Player\#SharedObjects\2WBJ58LP\iforex.com\Emerp\Events\flash_object.swf\use r_data.sol
C:\Documents and Settings\gemma McDonald\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\gemma McDonald\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtqrqnL.dll
C:\WINDOWS\system32\bmahprep.ini
C:\WINDOWS\system32\efcAPjkK.dll
C:\WINDOWS\system32\KkjPAcfe.ini
C:\WINDOWS\system32\KkjPAcfe.ini2
C:\WINDOWS\system32\kmcxndsx.dll
C:\WINDOWS\system32\mwerouvf.ini
C:\WINDOWS\system32\perphamb.dll
C:\WINDOWS\system32\qaxdwjxu.dll
C:\WINDOWS\system32\rsabccuk.dll
C:\WINDOWS\system32\uxjwdxaq.ini
C:\WINDOWS\system32\yybnusht.dll
C:\WINDOWS\Temp\log.txt
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-07-01 19:03 . 2008-07-01 19:03 106,240 --a------ C:\WINDOWS\system32\mvdvkf.dll
2008-07-01 19:03 . 2008-07-01 19:03 106,240 --a------ C:\WINDOWS\system32\mthfrhoc.dll
2008-06-30 11:54 . 2008-06-30 11:54 105,872 --a------ C:\WINDOWS\system32\vrgjxo.dll
2008-06-30 11:53 . 2008-06-30 11:54 105,872 --a------ C:\WINDOWS\system32\ilkvphra.dll
2008-06-29 10:39 . 2008-06-29 10:39 105,856 --a------ C:\WINDOWS\system32\dxbjkjmi.dll
2008-06-29 10:39 . 2008-06-29 10:39 105,856 --a------ C:\WINDOWS\system32\doghoc.dll
2008-06-26 18:52 . 2008-06-26 18:52 <DIR> d-------- C:\_OTMoveIt
2008-06-24 17:54 . 2008-06-24 17:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 17:50 . 2008-06-24 17:51 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-21 12:22 . 2008-06-21 12:22 <DIR> d-------- C:\Program Files\Nurb 32 delete
2008-06-17 21:05 . 2008-06-17 21:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-17 21:05 . 2008-06-17 21:05 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-17 21:05 . 2008-06-17 21:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-17 21:04 . 2008-06-17 21:04 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-17 21:04 . 2008-06-17 21:04 <DIR> d-------- C:\Program Files\AVG
2008-06-17 21:04 . 2008-06-17 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-17 20:07 . 2008-06-17 20:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 13:29 . 2008-06-15 13:29 <DIR> d--hs---- C:\FOUND.000
2008-06-15 13:25 . 2008-06-15 13:25 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-06-15 13:25 . 2008-06-15 13:25 <DIR> d-------- C:\Program Files\Samsung
2008-06-15 13:25 . 2007-05-02 11:11 109,704 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2008-06-15 13:25 . 2007-05-02 11:11 83,592 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2008-06-15 13:25 . 2007-05-02 11:11 15,112 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2008-06-15 13:25 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2008-06-15 13:25 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2008-06-15 13:25 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2008-06-15 13:25 . 2007-05-02 11:11 12,424 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2008-06-15 13:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-06-15 13:22 . 2008-06-15 13:22 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-11 17:16 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 17:16 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-21 07:04 615,936 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-04-21 07:04 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-04-21 07:04 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-04-21 07:04 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-04-21 07:04 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-04-21 07:04 3,059,712 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-21 07:04 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-04-21 07:04 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-04-21 07:03 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-04-21 07:03 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-04-21 07:03 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-04-21 07:03 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-04-21 07:03 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-04-21 07:03 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-04-21 07:03 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-04-21 07:03 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-04-21 07:03 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd621ce4-5f88-46d4-b404-f1462f3b1604}]
2008-07-01 19:03 106240 --a------ C:\WINDOWS\system32\mvdvkf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-07 18:54 68856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 07:37 289088]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 10:31 397312]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59 77824]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-17 21:04 1177368]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-07 18:54:38 126136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-17 21:05]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-17 21:04]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-17 21:04]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-17 21:05]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 MioNet;MioNet Service;"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf" []
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 18:06:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-15681352 - C:\WINDOWS\system32\perphamb.dll
Notify-WgaLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 19:29:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\PROGRAM FILES\MIONET\MIONETMANAGER.EXE
C:\PROGRAM FILES\MIONET\JVM\BIN\MIONET.EXE
C:\PROGRAM FILES\CANON\CAL\CALMAIN.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRAM FILES\AVG\AVG8\AVGEMC.EXE
C:\WINDOWS\system32\LVComS.exe
.
**************************************************************************
.
Completion time: 2008-07-01 19:35:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 18:35:10

Pre-Run: 11,072,684,032 bytes free
Post-Run: 11,435,458,560 bytes free

206 --- E O F --- 2008-06-21 11:28:56

i updated the java, and ran the kasperski, it was clean at 39% but was jst taking wayyyy tooo long to complete
sean1604's Avatar
Computer Specs
Member with 64 posts.
  
Join Date: Sep 2007
Experience: Intermediate
09-Jul-2008, 04:31 PM #21
SAS LOG:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/17/2008 at 08:31 PM

Application Version : 4.15.1000

Core Rules Database Version : 3366
Trace Rules Database Version: 1365

Scan type : Complete Scan
Total Scan Time : 00:21:43

Memory items scanned : 403
Memory threats detected : 0
Registry items scanned : 3794
Registry threats detected : 0
File items scanned : 13746
File threats detected : 310

Adware.Tracking Cookie
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@reduxads.valuead[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@videoegg.adbureau[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-autotrader.hitbox[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@tradedoubler[4].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@s[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adrevenue[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@newtrackandfield[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@e-2dj6wbkocgcpchq.stats.esomniture[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@citi.bridgetrack[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.monster[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@realmedia[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@picturetheloan[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@partypoker[5].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@login.tracking101[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.eurogrand[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@kaboose.112.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.32vegas[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@bs.serving-sys[5].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@5.go.globaladsales[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@morganstanley[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@247realmedia[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@promo[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@goldfish[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.pointroll[5].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@zedo[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@tracking.summitmedia.co[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adtech[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.ezytrack[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@tribalfusion[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@112.2o7[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@edge.ru4[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@2o7[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@mediaplex[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@server.iad.liveperson[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@clicktorrent[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@atdmt[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@xiti[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@statcounter[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@clickbank[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad1.emediate[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@serving-sys[5].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@tacoda[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.burstnet[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@msnclassifieds.112.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@revsci[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@track.webgains[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@stat.dealtime[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad.yieldmanager[5].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-baa.hitbox[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@myoffers[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@9160956[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@azjmp[5].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adrevolver[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@overture[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@3.adbrite[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@bluestreak[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@yourtracking[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@fastclick[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@apmebf[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@zanox.parship.co[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@carphonewarehouse.112.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@a[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@casalemedia[5].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@toplist[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@pacificpoker[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.adbrite[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@go[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@lycos-de[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adopt.euroclick[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@americanexpress.122.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@questionmarket[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adrevolver[6].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@uk[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@cneteurope.122.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@statse.webtrendslive[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.ppctracking[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adrevolver[4].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@eas.apm.emediate[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.cdpoker[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@anad.tacoda[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.zanox-affiliate[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@cgi-bin[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@spamblockerutility[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@paypal.112.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@anat.tacoda[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@888[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad.zanox[5].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@commission-junction[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@digitalclarity.112.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adserver[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@server.lon.liveperson[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@partygaming.122.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@clicksor[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@advertising[5].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@msnportal.112.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.clash-media[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@click.cashengines[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@doubleclick[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@roiservice[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.carnavalcasino[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@hitbox[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@specificclick[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-moneyexpert.hitbox[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@net-revenue[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.movieweb[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad.adtoma[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adbrite[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@thales[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adecn[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@cassava[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-rodale.hitbox[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@media.adrevolver[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@promo[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@1069697879[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads1.partnerlogic[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ice.112.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@yadro[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ext[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.adserver5[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.incentaclick[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.poker.blackpoolclub.co[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@incentaclick[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-machinas.hitbox[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@claimsdirect[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@partyfriendfinder[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.inteletrack[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.intelli-tracker[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banners.victor[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@next[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@as1.falkag[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adserve.tescofinance[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@partner2profit[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.bebo[8].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@website-uk[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@gemoneysukasda.112.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@da-tracking[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adopt.specificclick[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.cnn[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@directtrack[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adfarm1.adition[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@burstnet[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.casino.blackpoolclub.co[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@thales-security-services[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@iad.liveperson[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@rotator.adjuggler[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.ambercoastcasino[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.counter-gratis[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.bebo[5].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@60915153[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.prestigecasino[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@dcs535c4ogyqlexwbkyezdt8v_1o9s[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@new-pcp[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@go[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.addynamix[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@interclick[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@tremor.adbureau[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.bingo.blackpoolclub.co[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adinterax[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@track.adform[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.joylandcasino[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@iyogi.directtrack[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@stat.onestat[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@track.trackads[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-ads.hitbox[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.digital5media[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@cgi-bin[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-tfl.hitbox[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adlegend[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@1051159389[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@brightcove.112.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@28464961[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@login.tracktor.co[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@pro-market[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@eliteukforces[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adultfriendfinder[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@stats.eonenergy[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@servedby.advertising[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.111pix[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.ft[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@55152709[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@12.go.globaladsales[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@staplesuk[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.react2media[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@shop.zanox[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.bebo[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-vcbs.hitbox[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@epinetwork.directtrack[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@media6degrees[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@counter.hitslink[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@jamster.co[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@phones4ultd.112.2o7[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@date.ventivmedia[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.burstbeacon[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad.zanox[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@2o7[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@azjmp[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-rodale.hitbox[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@casalemedia[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@bs.serving-sys[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@realmedia[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.cdpoker[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@tradedoubler[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adopt.euroclick[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@fastclick[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@questionmarket[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banners.victor[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@serving-sys[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@partypoker[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@bluestreak[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad.yieldmanager[4].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad.yieldmanager[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@tacoda[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@advertising[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@partypoker[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@questionmarket[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@azjmp[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.pointroll[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad.zanox[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.pointroll[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adopt.euroclick[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@tradedoubler[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@bs.serving-sys[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@advertising[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@videoegg.adbureau[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@serving-sys[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@casalemedia[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@bluestreak[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@fastclick[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad.yieldmanager[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@zedo[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.adserver5[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@anad.tacoda[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@videoegg.adbureau[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@serving-sys[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@azjmp[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@specificclick[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@as-eu.falkag[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@statcounter[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@pacificpoker[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad1.emediate[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@inteletrack[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@tribalfusion[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adserve.tescofinance[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@questionmarket[4].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@track.webgains[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@server.iad.liveperson[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@edge.ru4[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.pointroll[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@spamblockerutility[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@stat.dealtime[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.32vegas[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@bluestreak[4].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adrevolver[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@yadro[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adrevolver[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.addynamix[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@apmebf[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ad.zanox[4].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ads.adbrite[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@tradedoubler[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@doubleclick[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adbrite[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adecn[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@media.adrevolver[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@anat.tacoda[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-moneyexpert.hitbox[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@bs.serving-sys[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.carnavalcasino[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@iad.liveperson[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@casalemedia[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@fastclick[4].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@tremor.adbureau[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@partypoker[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@burstnet[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adserver[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.clash-media[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@incentaclick[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.incentaclick[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@track.adform[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.zanox-affiliate[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-ads.hitbox[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@hitbox[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@interclick[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@reduxads.valuead[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@www.burstnet[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@mediaplex[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@revsci[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adopt.euroclick[4].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@login.tracking101[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@servedby.advertising[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@advertising[3].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@pro-market[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@eas.apm.emediate[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@statse.webtrendslive[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@ehg-autotrader.hitbox[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.eurogrand[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@adtech[1].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.ambercoastcasino[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.bingo.blackpoolclub.co[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@banner.casino.blackpoolclub.co[2].txt
C:\Documents and Settings\gemma McDonald\Cookies\gemma mcdonald@da-tracking[2].txt

Adware.Lop-Gen
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTDASHUPLOADCREATIVE\LINKLESS.EXE
C:\DOCUMENTS AND SETTINGS\GEMMA MCDONALD\LOCAL SETTINGS\TEMP\BIS167.EXE
C:\DOCUMENTS AND SETTINGS\GEMMA MCDONALD\APPLICATION DATA\NURB 32 DELETE\XOAEXCIJ.EXE
C:\PROGRAM FILES\ADVERTS\UNINST.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP61\A0013706.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP64\A0016578.EXE


Also i had to keep healing and fixing about 100 things that poped up on either avg or SAS as it was scanning, various virus's dunno if that helps.
cybertech's Avatar
Computer Specs
Moderator with 58,414 posts.
  
Join Date: Apr 2002
Location: Washington State
09-Jul-2008, 05:09 PM #22
All you have done here is post old logs.

Quote:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/17/2008 at 08:31 PM
Quote:
ComboFix 08-06-30.2 - gemma McDonald 2008-07-01 19:19:18.1 - FAT32x86
Are you having problems understanding what I am asking you to do?
sean1604's Avatar
Computer Specs
Member with 64 posts.
  
Join Date: Sep 2007
Experience: Intermediate
09-Jul-2008, 06:23 PM #23
No but the battery ended up running out on the laptop when i done the scans the first time, because the kasperski one was taking so long. Then when i w