Go Back   Cyber Tech Help Support Forums > Software > Malware Removal
Reload this Page Antivirus Pro 2010
Register FAQ Calendar Search Today's Active Topics Mark Forums Read

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
Page 1 of 5 1 23 Last »
 
Topic Tools
  #1  
Old September 8th, 2009, 12:48 AM
epix epix is offline
Member
  
Join Date: Apr 2008
Posts: 95
Antivirus Pro 2010
I have no idea how I got this, and have tried to remove it everywhere I can in my computer, but it still comes up and says my computer is infected and then freezes it up.

I have just gone through 3 weeks of having to have my computer completely refurbished TWICE and it was working fine, and now this. I am devastated. Can someone please help?

Thanks so much!

Toria
Reply With Quote
  #2  
Old September 8th, 2009, 05:08 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
  
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Hi Toria. I need to see some logs to be able to help you but before you provide them, you need to know that I have made a personal decision not to help remove malware from computers that have peer to peer software installed (and this includes Bit Torrent software) so if you want my help, please uninstall any such programs now and reboot.

Go here and download DDS to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

Also go here and download RootRepeal (the zipped version) and save it to your Desktop. Doubleclick to extract the compressed file to it's own folder and then rightclick on RootRepeal.exe and choose "Run as Administrator" Click on the Report tab and then click on Scan. A Windows will open asking what to include in the scan. Check all of the below and then click Ok.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

You will then be asked which drive to scan. Check C: (or the drive your operating system is installed on if not C) and click Ok again. The scan will start. It will take a little while so please be patient. When the scan has finished, click on Save Report. Name the log RootRepeal.txt and save it to your Documents folder (it should default there). When you have done this, please copy and paste it in this thread.

Please do not run any programs other than those that I suggest or install any new software while I am helping you.
Reply With Quote
  #3  
Old September 8th, 2009, 10:23 PM
epix epix is offline
Member
  
Join Date: Apr 2008
Posts: 95
I don't know what in the world happened, but I posted the logs here and now they are gone. The stupid Antivirus thing is freezing my computer every time I try to enter something. I will retry. Also, I have no clue what a bit torrent is, but if you tell me, I will see if I have any and remove it.
Reply With Quote
  #4  
Old September 8th, 2009, 10:26 PM
epix epix is offline
Member
  
Join Date: Apr 2008
Posts: 95
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/27/2009 8:16:05 AM
System Uptime: 9/8/2009 10:41:50 AM (6 hours ago)

Motherboard: Dell Inc. | | 0XD720
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 53.829 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 8/27/2009 9:03:11 AM - System Checkpoint
RP2: 8/27/2009 9:32:02 AM - Installed Windows XP Service Pack 3.
RP3: 8/27/2009 11:31:42 AM - Installed Adobe Reader 8.1.1
RP4: 8/27/2009 11:35:16 AM - Installed Nero
RP5: 8/27/2009 11:38:18 AM - Installed SigmaTel Audio
RP6: 8/27/2009 11:41:31 AM - Software Distribution Service 3.0
RP7: 8/27/2009 11:46:00 AM - Software Distribution Service 3.0
RP8: 8/27/2009 8:04:07 PM - Installed Microsoft Office Home and Student 2007
RP9: 8/27/2009 8:08:54 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP10: 8/28/2009 5:45:25 PM - Installed PhotoImpact X3
RP11: 8/30/2009 8:34:39 PM - System Checkpoint
RP12: 9/1/2009 11:22:04 AM - System Checkpoint
RP13: 9/7/2009 4:11:53 PM - System Checkpoint
RP14: 9/7/2009 5:42:04 PM - Installed Adobe Photoshop Elements 7.0.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 7.0
Adobe Reader 8.1.1
Antivirus Pro 2010
ATI Display Driver
Conexant HDA D110 MDC V.92 Modem
DriverAgent by eSupport.com
GemMaster Mystic
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Nero
Otto
PhotoImpact X3
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SigmaTel Audio
Sonic Encoders
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

9/7/2009 1:06:35 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TBEST-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AD7A0D2F-C9F9-464F-. The master browser is stopping or an election is being forced.

==== End Of File ===========================
Reply With Quote
  #5  
Old September 8th, 2009, 10:27 PM
epix epix is offline
Member
  
Join Date: Apr 2008
Posts: 95
2009-09-07 15:00 14,149 a------- c:\docume~1\alluse~1\applic~1\fiqumydog.scr
2009-09-07 15:00 13,899 a------- c:\program files\common files\aloqynem.pif
2009-09-07 15:00 11,124 a------- c:\windows\ucazesiqi.sys
2009-09-07 15:00 10,503 a------- c:\windows\axedupazom.dll
2009-09-07 15:00 10,150 a------- c:\windows\system32\vozy.inf
2009-09-07 14:57 19,774 a------- c:\windows\sifoba.inf
2009-09-07 14:57 18,663 a------- c:\windows\system32\edonesox.dll
2009-09-07 14:57 17,342 a------- c:\windows\system32\mudivikab._dl
2009-09-07 14:57 17,335 a------- c:\docume~1\alluse~1\applic~1\okyp.reg
2009-09-07 14:57 17,325 a------- c:\windows\lyzyda.bat
2009-09-07 14:57 16,901 a------- c:\windows\system32\uvasicyg.pif
2009-09-07 14:57 16,705 a------- c:\windows\etagog.bat
2009-09-07 14:57 14,878 a------- c:\docume~1\alluse~1\applic~1\tyde.reg
2009-09-07 14:57 13,273 a------- c:\docume~1\alluse~1\applic~1\igyrusa.dll
2009-09-07 14:57 12,552 a------- c:\windows\system32\rilykeded.com
2009-09-07 14:57 12,052 a------- c:\windows\ejikiqegel.dl
2009-09-07 14:57 11,890 a------- c:\windows\ulejeq.dat
2009-09-07 13:37 19,566 a------- c:\windows\system32\okenuqed._sy
2009-09-07 13:37 19,494 a------- c:\program files\common files\iqeji.bat
2009-09-07 13:37 19,132 a------- c:\windows\system32\qykev.pif
2009-09-07 13:37 18,127 a------- c:\docume~1\alluse~1\applic~1\dacimek.sys
2009-09-07 13:37 15,798 a------- c:\docume~1\toriab~1\applic~1\naze.vbs
2009-09-07 13:37 15,084 a------- c:\windows\ecelope.com
2009-09-07 13:37 13,341 a------- c:\windows\qemizeru._sy
2009-09-07 13:37 13,196 a------- c:\docume~1\toriab~1\applic~1\ovytav.com
2009-09-07 13:37 12,280 a------- c:\docume~1\toriab~1\applic~1\sixyjyko.bat
2009-09-07 13:37 11,882 a------- c:\windows\system32\fefulinu.bin
2009-09-07 13:37 11,159 a------- c:\windows\system32\kyvehyk.scr
2009-09-07 13:37 10,718 a------- c:\docume~1\toriab~1\applic~1\qimu.dll
2009-09-07 13:37 10,205 a------- c:\docume~1\toriab~1\applic~1\bikozepyh.pif
2009-09-07 13:36 227,840 a------- c:\windows\system32\_scui.cpl
2009-09-07 13:34 182,896 a------- c:\windows\system32\wisdstr.exe
2009-09-07 13:33 11,264 a------- c:\windows\system32\braviax.exe
2009-09-07 13:33 48,128 a------- c:\windows\system32\~.exe
2009-08-29 13:39 <DIR> --d----- c:\windows\system32\LogFiles
2009-08-28 17:46 <DIR> --d----- c:\program files\common files\Ulead Systems
2009-08-28 17:46 <DIR> --d----- c:\program files\Corel
2009-08-28 17:45 <DIR> --d----- c:\windows\Downloaded Installations
2009-08-28 16:56 5,632 a------- c:\windows\system32\ptpusb.dll
2009-08-28 16:56 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-08-28 16:56 159,232 a------- c:\windows\system32\ptpusd.dll
2009-08-28 16:56 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-08-27 20:08 32,592 a------- c:\windows\system32\msonpmon.dll
2009-08-27 20:05 <DIR> --d----- c:\windows\SHELLNEW
2009-08-27 18:30 <DIR> --dsh--- c:\documents and settings\toria best\PrivacIE
2009-08-27 18:28 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-08-27 18:28 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-08-27 18:28 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-08-27 18:28 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-08-27 18:27 <DIR> --dsh--- c:\documents and settings\toria best\IETldCache
2009-08-27 15:57 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-08-27 15:56 <DIR> --d----- c:\windows\ie8updates
2009-08-27 15:56 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-08-27 15:56 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-27 15:56 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-27 15:56 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-08-27 15:56 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-08-27 15:56 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-27 15:54 <DIR> -cd-h--- c:\windows\ie8
2009-08-27 11:41 173 a------- c:\windows\KPCMS.INI
Reply With Quote
  #6  
Old September 8th, 2009, 10:28 PM
epix epix is offline
Member
  
Join Date: Apr 2008
Posts: 95
2009-08-27 11:40 <DIR> --dsh--- c:\documents and settings\toria best\UserData
2009-08-27 11:40 212,480 a------- c:\windows\system32\pcdlib32.dll
2009-08-27 11:40 196,608 a------- c:\windows\kpcp32.dll
2009-08-27 11:40 133,120 a------- c:\windows\sprof32.dll
2009-08-27 11:40 58,368 a------- c:\windows\pfpick.dll
2009-08-27 11:40 40,129 a------- c:\windows\iccsigs.dat
2009-08-27 11:40 37,376 a------- c:\windows\kpsys32.dll
2009-08-27 11:40 20,992 a------- c:\windows\icccodes.dll
2009-08-27 11:40 210,944 a------- c:\windows\system32\MSVCRT10.DLL
2009-08-27 11:39 306,688 a------- c:\windows\IsUninst.exe
2009-08-27 11:38 <DIR> --d----- c:\program files\CONEXANT
2009-08-27 11:37 114,688 a------- c:\windows\system32\Uci32103.dll
2009-08-27 11:37 936,960 a------- c:\windows\system32\drivers\HSX_DPV.sys
2009-08-27 11:37 669,696 a------- c:\windows\system32\drivers\HSX_CNXT.sys
2009-08-27 11:37 192,512 a------- c:\windows\system32\drivers\HSXHWAZL.sys
2009-08-27 11:37 141,497 a------- c:\windows\system32\drivers\del1028.cty
2009-08-27 11:37 146,944 a------- c:\windows\system32\st325602.dll
2009-08-27 11:33 <DIR> --d----- c:\program files\Sigmatel
2009-08-27 10:51 5,937,152 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-08-27 10:50 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-08-27 10:50 1,847,168 -c------ c:\windows\system32\dllcache\win32k.sys
2009-08-27 10:50 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-08-27 10:50 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-08-27 10:50 286,720 -c------ c:\windows\system32\dllcache\gdi32.dll
2009-08-27 10:50 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-27 10:50 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-27 10:50 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-08-27 09:40 1,307,648 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-08-27 09:40 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-08-27 09:31 19,569 a------- c:\windows\003509_.tmp
2009-08-27 08:16 73,728 ac------ c:\windows\system32\dllcache\ehresja.dll
2009-08-27 08:16 69,632 ac------ c:\windows\system32\dllcache\ehresko.dll
2009-08-27 08:16 69,632 ac------ c:\windows\system32\dllcache\ehresfr.dll
2009-08-27 08:16 69,632 ac------ c:\windows\system32\dllcache\ehresde.dll
2009-08-27 08:14 143,422 ac------ c:\windows\system32\dllcache\softkey.dll
2009-08-27 08:13 47,066 ac------ c:\windows\system32\dllcache\ksc.nls
2009-08-27 08:12 480,256 ac------ c:\windows\system32\dllcache\cintsetp.exe
2009-08-27 08:04 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-08-27 08:04 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-08-27 08:04 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-08-27 08:04 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-08-27 08:04 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-08-27 08:04 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-08-27 08:04 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-08-26 22:26 7,823 a------- c:\windows\system32\Config.MPF
2009-08-26 22:22 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-08-26 22:22 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-08-26 22:22 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-08-26 22:22 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-08-26 22:20 <DIR> --d----- c:\program files\common files\McAfee
2009-08-26 22:20 <DIR> --d----- c:\program files\McAfee.com
2009-08-26 22:20 <DIR> --d----- c:\program files\McAfee
2009-08-26 22:13 73,796 a------- c:\windows\system32\slserv.exe
2009-08-26 22:06 23,552 a------- c:\windows\system32\SET3E9.tmp
2009-08-26 22:05 44,928 a------- c:\windows\system32\drivers\agpcpq.sys
2009-08-26 22:03 19,569 a------- c:\windows\002987_.tmp
2009-08-26 21:57 <DIR> --d----- C:\I386
2009-08-26 21:53 <DIR> --d----- c:\windows\system32\PreInstall
2009-08-26 21:52 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-08-26 21:52 53,248 a------- c:\windows\system32\CSVer.dll
2009-08-26 21:52 <DIR> --d----- C:\Intel
2009-08-26 21:48 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-08-26 21:47 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-08-26 21:39 <DIR> --d----- C:\best
2009-08-26 21:28 <DIR> --d----- c:\windows\RegisteredPackages
2009-08-26 21:26 46,592 a------- c:\windows\system32\drivers\irbus.sys
2009-08-26 21:26 19,200 a------- c:\windows\system32\drivers\hidir.sys
2009-08-26 21:25 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-08-26 21:22 <DIR> --d----- c:\windows\system32\URTTemp
2009-08-26 21:22 <DIR> --d----- c:\program files\RGB
2009-08-26 21:20 <DIR> --d----- c:\program files\GemMaster
2009-08-26 21:20 <DIR> --d----- c:\program files\EnglishOtto
2009-08-26 21:14 <DIR> --d----- c:\documents and settings\Toria Best
2009-08-26 21:05 <DIR> --ds---- c:\windows\system32\Microsoft
2009-08-26 20:54 8,192 a------- c:\windows\REGLOCS.OLD
2009-08-26 20:50 <DIR> --d----- c:\windows\system32\xircom
2009-08-26 20:50 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-08-26 20:47 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-08-26 20:47 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-08-26 20:47 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-08-26 20:47 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-08-26 20:47 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-08-26 20:47 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-08-26 20:47 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-08-26 20:47 <DIR> --d----- c:\windows\system32\DirectX
2009-08-26 20:46 <DIR> --d----- c:\program files\common files\MSSoap
2009-08-26 20:44 <DIR> --d----- c:\program files\Online Services
2009-08-26 20:43 <DIR> --d----- c:\program files\Windows Plus
2009-08-26 20:41 <DIR> --d----- c:\program files\Messenger
2009-08-26 20:41 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-08-26 20:40 <DIR> --d----- c:\program files\Windows NT
2009-08-26 15:29 <DIR> --d----- c:\program files\common files\ODBC
2009-08-26 15:29 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-08-26 15:29 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-09-07 18:07 18,937 a------- c:\program files\common files\evuvagodi._sy
2009-09-07 18:07 16,302 a------- c:\program files\common files\obobe._dl
2009-09-07 18:07 15,679 a------- c:\program files\common files\bihepaquja._dl
2009-09-07 17:42 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-09-07 17:42 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-07 17:42 129,784 -------- c:\windows\system32\pxafs.dll
2009-09-07 17:42 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-09-07 17:42 116,472 -------- c:\windows\system32\pxcpyi64.exe
2009-09-07 17:42 43,528 -------- c:\windows\system32\drivers\pxhelp20.sys
2009-09-07 15:04 17,131 a------- c:\program files\common files\ocoba.lib
2009-09-07 15:04 12,077 a------- c:\program files\common files\juropyhy.lib
2009-09-07 14:57 16,645 a------- c:\program files\common files\lutasynyd.dl
2009-09-07 13:37 18,267 a------- c:\program files\common files\odiqote.inf
2009-08-27 09:43 87,747 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-27 08:01 34,284 a------- c:\windows\system32\emptyregdb.dat
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 23:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 23:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 03:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 03:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 03:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 03:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 03:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 03:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-12 07:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe

============= FINISH: 16:25:10.07 ===============
Reply With Quote
  #7  
Old September 8th, 2009, 11:09 PM
epix epix is offline
Member
  
Join Date: Apr 2008
Posts: 95
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/08 17:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF27CF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B5F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEF92C000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==
Reply With Quote
  #8  
Old September 9th, 2009, 02:40 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
  
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Our apologies Toria, we had a little hiccup on the site and lost some posts. You must have been one of the members that were affected, sorry.

Download the latest version of Combofix.exe from here and save it to your Desktop.

Doubleclick on combofix.exe and the scan will start. Go ahead and install the Recovery Console if you are asked to do so (this doesnt apply to Vista). When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

NB Please disable your antivirus program as it may interfere with ComboFix's routines.
Reply With Quote
  #9  
Old September 9th, 2009, 03:07 AM
epix epix is offline
Member
  
Join Date: Apr 2008
Posts: 95
ComboFix 09-09-08.05 - Toria Best 09/08/2009 20:57.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.512 [GMT -5:00]
Running from: c:\documents and settings\Toria Best\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\adawev.dl
c:\documents and settings\All Users\Application Data\cypyvaqa.lib
c:\documents and settings\All Users\Application Data\dacimek.sys
c:\documents and settings\All Users\Application Data\fiqumydog.scr
c:\documents and settings\All Users\Application Data\icukosef.dl
c:\documents and settings\All Users\Application Data\igyrusa.dll
c:\documents and settings\All Users\Application Data\jyrocubyme.inf
c:\documents and settings\All Users\Application Data\nuwodi.sys
c:\documents and settings\All Users\Application Data\odabusula.lib
c:\documents and settings\All Users\Application Data\okyp.reg
c:\documents and settings\All Users\Application Data\tyde.reg
c:\documents and settings\All Users\Application Data\uhuze.inf
c:\documents and settings\All Users\Application Data\ujeqory.dl
c:\documents and settings\All Users\Application Data\urebelov.pif
c:\documents and settings\All Users\Application Data\voqisyk.inf
c:\documents and settings\All Users\Documents\ahycaqiw.scr
c:\documents and settings\All Users\Documents\awejacejom.sys
c:\documents and settings\All Users\Documents\dixa.sys
c:\documents and settings\All Users\Documents\fifonow.dl
c:\documents and settings\All Users\Documents\gotav.dl
c:\documents and settings\All Users\Documents\ipodijahel.dl
c:\documents and settings\All Users\Documents\loxazip.inf
c:\documents and settings\All Users\Documents\nogacav.vbs
c:\documents and settings\All Users\Documents\nyse.reg
c:\documents and settings\All Users\Documents\onilowa.exe
c:\documents and settings\All Users\Documents\tolowicona.reg
c:\documents and settings\All Users\Documents\tuzyhodo.ban
c:\documents and settings\All Users\Documents\utymipywi.pif
c:\documents and settings\All Users\Documents\ypemojig._dl
c:\documents and settings\All Users\Documents\yzowihuc.exe
c:\documents and settings\Toria Best\Application Data\aciza.ban
c:\documents and settings\Toria Best\Application Data\agosite.ban
c:\documents and settings\Toria Best\Application Data\bikozepyh.pif
c:\documents and settings\Toria Best\Application Data\buxiniwuc.ban
c:\documents and settings\Toria Best\Application Data\eletyvi.bin
c:\documents and settings\Toria Best\Application Data\garadiqysi.dll
c:\documents and settings\Toria Best\Application Data\ipyfi.vbs
c:\documents and settings\Toria Best\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Toria Best\Application Data\naze.vbs
c:\documents and settings\Toria Best\Application Data\ovytav.com
c:\documents and settings\Toria Best\Application Data\qesabybex._sy
c:\documents and settings\Toria Best\Application Data\qimu.dll
c:\documents and settings\Toria Best\Application Data\sixyjyko.bat
c:\documents and settings\Toria Best\Application Data\zahuz.reg
c:\documents and settings\Toria Best\Cookies\azypa.sys
c:\documents and settings\Toria Best\Cookies\ehedulu.pif
c:\documents and settings\Toria Best\Cookies\eqen._dl
c:\documents and settings\Toria Best\Cookies\ge***y.bat
c:\documents and settings\Toria Best\Cookies\gocefemil.sys
c:\documents and settings\Toria Best\Cookies\iqesyga.inf
c:\documents and settings\Toria Best\Cookies\kozonaqero.sys
c:\documents and settings\Toria Best\Cookies\letuc._dl
c:\documents and settings\Toria Best\Cookies\meje.dll
c:\documents and settings\Toria Best\Cookies\putisywu.dll
c:\documents and settings\Toria Best\Cookies\unycevoh.bin
c:\documents and settings\Toria Best\Cookies\uwabucoqol.dll
c:\documents and settings\Toria Best\Cookies\vyqele.pif
c:\documents and settings\Toria Best\Local Settings\Application Data\anidor.reg
c:\documents and settings\Toria Best\Local Settings\Application Data\cohukev.dl
c:\documents and settings\Toria Best\Local Settings\Application Data\esuxydac.sys
c:\documents and settings\Toria Best\Local Settings\Application Data\gasi.pif
c:\documents and settings\Toria Best\Local Settings\Application Data\hymexelin.scr
c:\documents and settings\Toria Best\Local Settings\Application Data\jokas.sys
c:\documents and settings\Toria Best\Local Settings\Application Data\nytuhatux.sys
c:\documents and settings\Toria Best\Local Settings\Application Data\onos.inf
c:\documents and settings\Toria Best\Local Settings\Application Data\qycotatyc.reg
c:\documents and settings\Toria Best\Local Settings\Application Data\rotajexypy._dl
c:\documents and settings\Toria Best\Local Settings\Application Data\ukuxod.ban
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\agemajel.db
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\agexygyxa.inf
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\aqepopohi._dl
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\asilinu.vbs
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\buroga.com
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\cecaxabog.scr
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\cubazusi.scr
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\esod.inf
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\ewigosesi.ban
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\gepihur.bat
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\lubozezubu.vbs
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\odigameqag.db
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\ojoseqy.bat
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\qikan.bin
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\sohu._sy
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\ujeqij.exe
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\xuxipeda.dat
c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\ykuhitafud.bin
c:\program files\Common Files\aloqynem.pif
c:\program files\Common Files\bihepaquja._dl
c:\program files\Common Files\ijodabobi.dll
c:\program files\Common Files\iqeji.bat
c:\program files\Common Files\ivogimyp.bat
c:\program files\Common Files\ivyho.pif
c:\program files\Common Files\lutasynyd.dl
c:\program files\Common Files\obobe._dl
c:\program files\Common Files\odiqote.inf
c:\program files\Common Files\xuqu.com
c:\program files\Common Files\ydokubulux.scr
c:\windows\axedupazom.dll
c:\windows\ejikiqegel.dl
c:\windows\etagog.bat
c:\windows\etubasic.scr
c:\windows\giliqerog.inf
c:\windows\hesecu.reg
c:\windows\irucic.scr
c:\windows\kuto.vbs
c:\windows\kyfidu.sys
c:\windows\lyzyda.bat
c:\windows\nujo.ban
c:\windows\sifoba.inf
c:\windows\system32\_scui.cpl
c:\windows\system32\~.exe
c:\windows\system32\braviax.exe
c:\windows\system32\edonesox.dll
c:\windows\system32\exer.scr
c:\windows\system32\fefulinu.bin
c:\windows\system32\foxuho.ban
c:\windows\system32\kyvehyk.scr
c:\windows\system32\lifutypu.sys
c:\windows\system32\mudivikab._dl
c:\windows\system32\qykev.pif
c:\windows\system32\ubipoveza.pif
c:\windows\system32\uvasicyg.pif
c:\windows\system32\vozy.inf
c:\windows\system32\wisdstr.exe
c:\windows\system32\woheny.bat
c:\windows\UA000091.DLL
c:\windows\ucazesiqi.sys
c:\windows\upakaji.bat
c:\windows\utaxogi.scr
c:\windows\xitanem.ban
c:\windows\zepiq.dl

.
((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-08 16:19 . 2009-09-08 16:19 0 ----a-w- c:\documents and settings\Toria Best\settings.dat
2009-09-08 15:48 . 2009-09-08 15:48 18056 ----a-w- c:\windows\wojarobydi.com
2009-09-08 15:47 . 2009-09-08 15:48 -------- d-----w- c:\program files\AntivirusPro_2010
2009-09-07 23:07 . 2009-09-07 23:07 16261 ----a-w- c:\program files\Common Files\haju.dat
2009-09-07 23:07 . 2009-09-07 23:07 11535 ----a-w- c:\windows\qezakimej.com
2009-09-07 23:06 . 2009-09-07 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData
2009-09-07 23:04 . 2009-09-07 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-07 22:45 . 2009-09-07 22:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-07 22:34 . 2009-09-07 22:38 -------- d-----w- c:\documents and settings\Toria Best\Application Data\Download Manager
2009-09-07 20:14 . 2009-09-07 20:14 -------- d-----w- c:\program files\Enigma Software Group
2009-09-07 20:04 . 2009-09-07 20:04 13646 ----a-w- c:\windows\system32\xava.dat
2009-09-07 20:04 . 2009-09-07 20:04 13281 ----a-w- c:\windows\system32\mukycod.com
2009-09-07 20:00 . 2009-09-07 20:00 10807 ----a-w- c:\documents and settings\Toria Best\Local Settings\Application Data\efuru.dat
2009-09-07 19:57 . 2009-09-07 19:57 12552 ----a-w- c:\windows\system32\rilykeded.com
2009-09-07 19:57 . 2009-09-07 19:57 11890 ----a-w- c:\windows\ulejeq.dat
2009-09-07 18:37 . 2009-09-07 18:37 15084 ----a-w- c:\windows\ecelope.com
2009-08-29 18:39 . 2009-08-29 18:39 -------- d-----w- c:\windows\system32\LogFiles
2009-08-29 03:01 . 2009-08-29 03:01 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Zenfolio
2009-08-28 22:48 . 2009-08-28 22:48 -------- d-----w- c:\documents and settings\Toria Best\Application Data\Ulead Systems
2009-08-28 22:46 . 2009-08-28 22:47 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-08-28 22:46 . 2009-08-28 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-08-28 22:46 . 2009-08-28 22:46 -------- d-----w- c:\program files\Corel
2009-08-28 22:45 . 2009-08-28 22:45 -------- d-----w- c:\windows\Downloaded Installations
2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Help
2009-08-28 21:56 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-08-28 21:56 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-08-28 21:56 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-28 21:56 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-28 01:08 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-08-28 01:08 . 2009-08-28 01:08 -------- d-----w- c:\program files\Microsoft Works
2009-08-28 01:07 . 2009-08-28 01:07 -------- d-----w- c:\program files\Microsoft.NET
2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\windows\SHELLNEW
2009-08-28 01:04 . 2009-08-28 01:04 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Microsoft Help
2009-08-28 01:04 . 2009-08-28 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-28 01:04 . 2009-08-28 01:04 -------- d-----r- C:\MSOCache
2009-08-27 23:31 . 2009-08-27 23:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-27 23:30 . 2009-08-27 23:30 -------- d-sh--w- c:\documents and settings\Toria Best\PrivacIE
2009-08-27 23:28 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-08-27 23:28 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-08-27 23:28 . 2008-04-14 05:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-08-27 23:28 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-08-27 23:27 . 2009-08-27 23:27 -------- d-sh--w- c:\documents and settings\Toria Best\IETldCache
2009-08-27 20:57 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-27 20:56 . 2009-08-27 20:56 -------- d-----w- c:\windows\ie8updates
2009-08-27 20:56 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-27 20:56 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-27 20:56 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-27 20:56 . 2009-07-19 23:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-27 20:56 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-27 20:56 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-27 20:54 . 2009-08-27 20:55 -------- dc-h--w- c:\windows\ie8
2009-08-27 16:40 . 2009-08-27 16:40 -------- d-sh--w- c:\documents and settings\Toria Best\UserData
2009-08-27 16:40 . 1999-06-19 02:13 133120 ----a-w- c:\windows\sprof32.dll
2009-08-27 16:40 . 1999-05-26 14:46 58368 ----a-w- c:\windows\pfpick.dll
2009-08-27 16:40 . 1999-05-26 14:46 40129 ----a-w- c:\windows\iccsigs.dat
2009-08-27 16:40 . 1999-05-26 14:46 37376 ----a-w- c:\windows\kpsys32.dll
2009-08-27 16:40 . 1999-05-26 14:46 212480 ----a-w- c:\windows\system32\pcdlib32.dll
2009-08-27 16:40 . 1999-05-26 14:46 20992 ----a-w- c:\windows\icccodes.dll
2009-08-27 16:40 . 1999-05-26 14:46 196608 ----a-w- c:\windows\kpcp32.dll
2009-08-27 16:40 . 1999-06-19 02:13 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2009-08-27 16:39 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-27 16:38 . 2009-08-27 16:38 -------- d-----w- c:\program files\CONEXANT
2009-08-27 16:37 . 2005-11-16 04:41 114688 ----a-w- c:\windows\system32\Uci32103.dll
2009-08-27 16:37 . 2005-12-01 06:40 936960 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2009-08-27 16:37 . 2005-12-01 06:40 192512 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2009-08-27 16:37 . 2005-12-01 06:40 669696 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2009-08-27 16:37 . 2007-08-21 14:58 146944 ----a-w- c:\windows\system32\st325602.dll
2009-08-27 16:37 . 2009-08-28 22:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-27 16:35 . 2009-08-27 16:35 -------- d-----w- c:\program files\Ahead
2009-08-27 16:34 . 2009-08-27 16:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-27 16:32 . 2009-09-07 23:05 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Adobe
2009-08-27 16:31 . 2009-09-07 22:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-27 15:51 . 2009-07-19 13:18 5937152 -c----w- c:\windows\system32\dllcache\mshtml.dll
2009-08-27 15:50 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-27 15:50 . 2009-04-17 12:26 1847168 -c----w- c:\windows\system32\dllcache\win32k.sys
2009-08-27 15:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-08-27 15:50 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-08-27 15:50 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2009-08-27 15:50 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-27 15:50 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-27 14:40 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-08-27 14:40 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-08-27 13:16 . 2004-08-10 09:13 73728 -c--a-w- c:\windows\system32\dllcache\ehresja.dll
2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll
2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresfr.dll
2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresde.dll
2009-08-27 13:14 . 2004-08-10 11:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2009-08-27 13:13 . 2004-08-10 11:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2009-08-27 13:12 . 2008-04-14 10:39 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2009-08-27 13:04 . 2004-08-10 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-08-27 12:43 . 2004-08-10 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-08-27 12:43 . 2004-08-10 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-08-27 12:43 . 2004-08-10 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-08-27 12:43 . 2004-08-10 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-08-27 03:26 . 2009-09-07 23:01 45112 ----a-w- c:\documents and settings\Toria Best\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Reply With Quote
  #10  
Old September 9th, 2009, 03:07 AM
epix epix is offline
Member
  
Join Date: Apr 2008
Posts: 95
2009-08-27 03:22 . 2009-07-08 18:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-27 03:22 . 2009-07-08 18:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-27 03:22 . 2009-07-08 18:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-27 03:22 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-27 03:20 . 2009-08-27 03:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-27 03:20 . 2009-08-27 03:21 -------- d-----w- c:\program files\McAfee.com
2009-08-27 03:20 . 2009-08-27 15:47 -------- d-----w- c:\program files\McAfee
2009-08-27 03:07 . 2009-08-27 03:14 -------- d-----w- c:\windows\ServicePackFiles
2009-08-27 03:06 . 2009-08-27 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-27 02:57 . 2009-08-27 03:00 -------- d-----w- C:\I386
2009-08-27 02:52 . 2009-08-27 02:52 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-27 02:52 . 2009-08-27 02:52 -------- d-----w- c:\program files\Intel
2009-08-27 02:52 . 2008-08-19 15:56 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-27 02:52 . 2009-08-27 02:52 -------- d-----w- C:\Intel
2009-08-27 02:48 . 2009-08-27 02:48 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\eSupport.com
2009-08-27 02:48 . 2009-08-27 02:48 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-08-27 02:39 . 2009-08-27 02:39 -------- d-----w- C:\best
2009-08-27 02:26 . 2008-04-14 05:15 46592 ----a-w- c:\windows\system32\drivers\irbus.sys
2009-08-27 02:26 . 2008-04-14 05:15 19200 ----a-w- c:\windows\system32\drivers\hidir.sys
2009-08-27 02:25 . 2009-01-07 23:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-08-27 02:22 . 2009-08-27 02:23 -------- d-----w- c:\windows\system32\URTTemp
2009-08-27 02:22 . 2009-08-27 02:22 -------- d-----w- c:\program files\RGB
2009-08-27 02:20 . 2009-08-27 02:20 133 ----a-w- c:\documents and settings\Toria Best\Local Settings\Application Data\fusioncache.dat
2009-08-27 02:20 . 2009-09-09 01:51 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\ApplicationHistory
2009-08-27 02:20 . 2009-08-27 02:20 -------- d-----w- c:\program files\GemMaster
2009-08-27 02:20 . 2009-08-27 02:20 -------- d-----w- c:\program files\EnglishOtto
2009-08-27 02:05 . 2009-08-27 02:05 -------- d-s---w- c:\windows\system32\Microsoft
2009-08-27 02:05 . 2009-08-27 13:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft
2009-08-27 02:05 . 2009-08-27 02:05 -------- d-sh--w- c:\documents and settings\LocalService

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-08 15:48 . 2009-09-08 15:48 16594 ----a-w- c:\documents and settings\Toria Best\Application Data\nyguc.dat
2009-09-07 23:07 . 2009-09-07 23:07 18937 ----a-w- c:\program files\Common Files\evuvagodi._sy
2009-09-07 22:42 . 2009-09-07 22:42 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-09-07 22:42 . 2009-09-07 22:42 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-07 22:42 . 2009-09-07 22:42 129784 ------w- c:\windows\system32\pxafs.dll
2009-09-07 22:42 . 2009-09-07 22:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-07 22:42 . 2009-09-07 22:42 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-07 22:42 . 2009-08-27 01:43 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-09-07 20:04 . 2009-09-07 20:04 10014 ----a-w- c:\documents and settings\Toria Best\Application Data\fezo.dat
2009-09-07 20:04 . 2009-09-07 20:04 17131 ----a-w- c:\program files\Common Files\ocoba.lib
2009-09-07 20:04 . 2009-09-07 20:04 12077 ----a-w- c:\program files\Common Files\juropyhy.lib
2009-08-27 16:33 . 2009-08-27 16:33 -------- d-----w- c:\program files\Sigmatel
2009-08-27 13:01 . 2009-08-27 01:44 34284 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-27 01:50 . 2009-08-27 01:50 -------- d-----w- c:\program files\microsoft frontpage
2009-08-27 01:43 . 2009-08-27 01:43 -------- d-----w- c:\program files\Windows Plus
2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-10 11:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 18:43 . 2009-08-27 03:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-03 17:09 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-10 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-10 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-10 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2004-08-10 11:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-10 11:00 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"NeroCheck"="c:\windows\system32\NeroCheck.exe " [2001-07-09 155648]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504]
"Antivirus Pro 2010"="c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe" [2009-09-08 589312]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 2:02 PM 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-27 02:26]

2009-08-27 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-27 02:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 21:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-09 21:04
ComboFix-quarantined-files.txt 2009-09-09 02:04

Pre-Run: 57,719,611,392 bytes free
Post-Run: 57,899,458,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windo ws XP Media Center Edition" /noexecute=optin /fastdetect

402 --- E O F --- 2009-08-29 07:57
Reply With Quote
  #11  
Old September 9th, 2009, 04:16 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
  
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Open notepad and copy and paste the text in the codebox below into it:

Code:
File::
c:\windows\wojarobydi.com
c:\program files\Common Files\haju.dat
c:\windows\qezakimej.com
c:\windows\system32\xava.dat
c:\windows\system32\mukycod.com
c:\documents and settings\Toria Best\Local Settings\Application Data\efuru.dat
c:\windows\system32\rilykeded.com
c:\windows\ulejeq.dat
c:\windows\ecelope.com
c:\documents and settings\Toria Best\Application Data\nyguc.dat
c:\program files\Common Files\evuvagodi._sy
c:\documents and settings\Toria Best\Application Data\fezo.dat
c:\program files\Common Files\ocoba.lib
c:\program files\Common Files\juropyhy.lib

Folder::
c:\program files\AntivirusPro_2010

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus Pro 2010"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=-
Go to File > Save As and save the file as CFScript.txt and set the location to your Desktop. Drag CFScript.txt and drop it into ComboFix.exe. See below:



ComboFix will run again. When the fix completes it will create a C:\ComboFix.txt log. Please post that log in your next reply.
Reply With Quote
  #12  
Old September 9th, 2009, 02:58 PM
epix epix is offline
Member
  
Join Date: Apr 2008
Posts: 95
ComboFix 09-09-08.07 - Toria Best 09/09/2009 8:49.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.579 [GMT -5:00]
Running from: c:\documents and settings\Toria Best\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Toria Best\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\Toria Best\Application Data\fezo.dat"
"c:\documents and settings\Toria Best\Application Data\nyguc.dat"
"c:\documents and settings\Toria Best\Local Settings\Application Data\efuru.dat"
"c:\program files\Common Files\evuvagodi._sy"
"c:\program files\Common Files\haju.dat"
"c:\program files\Common Files\juropyhy.lib"
"c:\program files\Common Files\ocoba.lib"
"c:\windows\ecelope.com"
"c:\windows\qezakimej.com"
"c:\windows\system32\mukycod.com"
"c:\windows\system32\rilykeded.com"
"c:\windows\system32\xava.dat"
"c:\windows\ulejeq.dat"
"c:\windows\wojarobydi.com"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Toria Best\Application Data\fezo.dat
c:\documents and settings\Toria Best\Application Data\nyguc.dat
c:\documents and settings\Toria Best\Application Data\xigyvosyci.inf
c:\documents and settings\Toria Best\Local Settings\Application Data\efuru.dat
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microso ft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80 .dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80 .dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80 .dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\evuvagodi._sy
c:\program files\Common Files\haju.dat
c:\program files\Common Files\juropyhy.lib
c:\program files\Common Files\ocoba.lib
c:\windows\ecelope.com
c:\windows\qezakimej.com
c:\windows\system32\mukycod.com
c:\windows\system32\rilykeded.com
c:\windows\system32\xava.dat
c:\windows\ulejeq.dat
c:\windows\wojarobydi.com

.
((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-08 16:19 . 2009-09-08 16:19 0 ----a-w- c:\documents and settings\Toria Best\settings.dat
2009-09-07 23:06 . 2009-09-07 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData
2009-09-07 23:04 . 2009-09-07 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-07 22:45 . 2009-09-07 22:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-07 22:34 . 2009-09-07 22:38 -------- d-----w- c:\documents and settings\Toria Best\Application Data\Download Manager
2009-09-07 20:14 . 2009-09-07 20:14 -------- d-----w- c:\program files\Enigma Software Group
2009-08-29 18:39 . 2009-08-29 18:39 -------- d-----w- c:\windows\system32\LogFiles
2009-08-29 03:01 . 2009-08-29 03:01 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Zenfolio
2009-08-28 22:48 . 2009-08-28 22:48 -------- d-----w- c:\documents and settings\Toria Best\Application Data\Ulead Systems
2009-08-28 22:46 . 2009-08-28 22:47 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-08-28 22:46 . 2009-08-28 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-08-28 22:46 . 2009-08-28 22:46 -------- d-----w- c:\program files\Corel
2009-08-28 22:45 . 2009-08-28 22:45 -------- d-----w- c:\windows\Downloaded Installations
2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Help
2009-08-28 21:56 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-08-28 21:56 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-08-28 21:56 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-28 21:56 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-28 01:08 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-08-28 01:08 . 2009-08-28 01:08 -------- d-----w- c:\program files\Microsoft Works
2009-08-28 01:07 . 2009-08-28 01:07 -------- d-----w- c:\program files\Microsoft.NET
2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\windows\SHELLNEW
2009-08-28 01:04 . 2009-08-28 01:04 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Microsoft Help
2009-08-28 01:04 . 2009-08-28 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-28 01:04 . 2009-08-28 01:04 -------- d-----r- C:\MSOCache
2009-08-27 23:31 . 2009-08-27 23:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-27 23:30 . 2009-08-27 23:30 -------- d-sh--w- c:\documents and settings\Toria Best\PrivacIE
2009-08-27 23:28 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-08-27 23:28 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-08-27 23:28 . 2008-04-14 05:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-08-27 23:28 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-08-27 23:27 . 2009-08-27 23:27 -------- d-sh--w- c:\documents and settings\Toria Best\IETldCache
2009-08-27 20:57 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-27 20:56 . 2009-08-27 20:56 -------- d-----w- c:\windows\ie8updates
2009-08-27 20:56 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-27 20:56 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-27 20:56 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-27 20:56 . 2009-07-19 23:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-27 20:56 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-27 20:56 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-27 20:54 . 2009-08-27 20:55 -------- dc-h--w- c:\windows\ie8
2009-08-27 16:40 . 2009-08-27 16:40 -------- d-sh--w- c:\documents and settings\Toria Best\UserData
2009-08-27 16:40 . 1999-06-19 02:13 133120 ----a-w- c:\windows\sprof32.dll
2009-08-27 16:40 . 1999-05-26 14:46 58368 ----a-w- c:\windows\pfpick.dll
2009-08-27 16:40 . 1999-05-26 14:46 40129 ----a-w- c:\windows\iccsigs.dat
2009-08-27 16:40 . 1999-05-26 14:46 37376 ----a-w- c:\windows\kpsys32.dll
2009-08-27 16:40 . 1999-05-26 14:46 212480 ----a-w- c:\windows\system32\pcdlib32.dll
2009-08-27 16:40 . 1999-05-26 14:46 20992 ----a-w- c:\windows\icccodes.dll
2009-08-27 16:40 . 1999-05-26 14:46 196608 ----a-w- c:\windows\kpcp32.dll
2009-08-27 16:40 . 1999-06-19 02:13 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2009-08-27 16:39 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-27 16:38 . 2009-08-27 16:38 -------- d-----w- c:\program files\CONEXANT
2009-08-27 16:37 . 2005-11-16 04:41 114688 ----a-w- c:\windows\system32\Uci32103.dll
2009-08-27 16:37 . 2005-12-01 06:40 936960 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2009-08-27 16:37 . 2005-12-01 06:40 192512 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2009-08-27 16:37 . 2005-12-01 06:40 669696 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2009-08-27 16:37 . 2007-08-21 14:58 146944 ----a-w- c:\windows\system32\st325602.dll
2009-08-27 16:37 . 2009-08-28 22:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-27 16:35 . 2009-08-27 16:35 -------- d-----w- c:\program files\Ahead
2009-08-27 16:34 . 2009-08-27 16:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-27 16:32 . 2009-09-07 23:05 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Adobe
2009-08-27 16:31 . 2009-09-07 22:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-27 15:51 . 2009-07-19 13:18 5937152 -c----w- c:\windows\system32\dllcache\mshtml.dll
2009-08-27 15:50 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-27 15:50 . 2009-04-17 12:26 1847168 -c----w- c:\windows\system32\dllcache\win32k.sys
2009-08-27 15:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-08-27 15:50 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-08-27 15:50 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2009-08-27 15:50 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-27 15:50 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-27 14:40 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-08-27 14:40 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-08-27 13:16 . 2004-08-10 09:13 73728 -c--a-w- c:\windows\system32\dllcache\ehresja.dll
2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll
2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresfr.dll
2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresde.dll
2009-08-27 13:14 . 2004-08-10 11:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2009-08-27 13:13 . 2004-08-10 11:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2009-08-27 13:12 . 2008-04-14 10:39 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2009-08-27 13:04 . 2004-08-10 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-08-27 12:43 . 2004-08-10 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-08-27 12:43 . 2004-08-10 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-08-27 12:43 . 2004-08-10 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-08-27 12:43 . 2004-08-10 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-08-27 03:26 . 2009-09-07 23:01 45112 ----a-w- c:\documents and settings\Toria Best\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 03:22 . 2009-07-08 18:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-27 03:22 . 2009-07-08 18:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-27 03:22 . 2009-07-08 18:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-27 03:22 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-27 03:20 . 2009-08-27 03:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-27 03:20 . 2009-08-27 03:21 -------- d-----w- c:\program files\McAfee.com
2009-08-27 03:20 . 2009-08-27 15:47 -------- d-----w- c:\program files\McAfee
2009-08-27 03:07 . 2009-08-27 03:14 -------- d-----w- c:\windows\ServicePackFiles
2009-08-27 03:06 . 2009-08-27 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-27 02:57 . 2009-08-27 03:00 -------- d-----w- C:\I386
2009-08-27 02:52 . 2009-08-27 02:52 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-27 02:52 . 2009-08-27 02:52 -------- d-----w- c:\program files\Intel
2009-08-27 02:52 . 2008-08-19 15:56 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-27 02:52 . 2009-08-27 02:52 -------- d-----w- C:\Intel
2009-08-27 02:48 . 2009-08-27 02:48 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\eSupport.com
2009-08-27 02:48 . 2009-08-27 02:48 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-08-27 02:39 . 2009-08-27 02:39 -------- d-----w- C:\best
2009-08-27 02:26 . 2008-04-14 05:15 46592 ----a-w- c:\windows\system32\drivers\irbus.sys
2009-08-27 02:26 . 2008-04-14 05:15 19200 ----a-w- c:\windows\system32\drivers\hidir.sys
2009-08-27 02:25 . 2009-01-07 23:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-08-27 02:22 . 2009-08-27 02:23 -------- d-----w- c:\windows\system32\URTTemp
2009-08-27 02:22 . 2009-08-27 02:22 -------- d-----w- c:\program files\RGB
2009-08-27 02:20 . 2009-08-27 02:20 133 ----a-w- c:\documents and settings\Toria Best\Local Settings\Application Data\fusioncache.dat
2009-08-27 02:20 . 2009-09-09 13:47 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\ApplicationHistory
2009-08-27 02:20 . 2009-08-27 02:20 -------- d-----w- c:\program files\GemMaster
2009-08-27 02:20 . 2009-08-27 02:20 -------- d-----w- c:\program files\EnglishOtto
2009-08-27 02:05 . 2009-08-27 02:05 -------- d-s---w- c:\windows\system32\Microsoft
2009-08-27 02:05 . 2009-08-27 13:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft
2009-08-27 02:05 . 2009-08-27 02:05 -------- d-sh--w- c:\documents and settings\LocalService

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-07 22:42 . 2009-09-07 22:42 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-09-07 22:42 . 2009-09-07 22:42 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-07 22:42 . 2009-09-07 22:42 129784 ------w- c:\windows\system32\pxafs.dll
2009-09-07 22:42 . 2009-09-07 22:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-07 22:42 . 2009-09-07 22:42 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-07 22:42 . 2009-08-27 01:43 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-08-27 16:33 . 2009-08-27 16:33 -------- d-----w- c:\program files\Sigmatel
2009-08-27 13:01 . 2009-08-27 01:44 34284 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-27 01:50 . 2009-08-27 01:50 -------- d-----w- c:\program files\microsoft frontpage
2009-08-27 01:43 . 2009-08-27 01:43 -------- d-----w- c:\program files\Windows Plus
2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-10 11:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 18:43 . 2009-08-27 03:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-03 17:09 . 2006-03-04 03:33 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-10 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-10 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-10 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2004-08-10 11:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-10 11:00 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-09-09_02.03.17 )))))))))))))))))))))))))))))))))))))))))
Reply With Quote
  #13  
Old September 9th, 2009, 02:58 PM
epix epix is offline
Member
  
Join Date: Apr 2008
Posts: 95
.
- 2004-08-10 11:00 . 2009-09-08 15:46 53166 c:\windows\system32\perfc009.dat
+ 2004-08-10 11:00 . 2009-09-09 13:42 53166 c:\windows\system32\perfc009.dat
+ 2009-08-27 02:05 . 2009-09-09 13:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-27 02:05 . 2009-09-09 01:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-27 02:05 . 2009-09-09 01:48 32768 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2009-09-09 13:43 . 2009-09-09 13:43 32768 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2004-08-10 11:00 . 2009-09-09 13:42 380918 c:\windows\system32\perfh009.dat
- 2004-08-10 11:00 . 2009-09-08 15:46 380918 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"NeroCheck"="c:\windows\system32\NeroCheck.exe " [2001-07-09 155648]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 2:02 PM 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-27 02:26]

2009-08-27 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-27 02:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-AntivirusPro_2010 - c:\program files\AntivirusPro_2010\Uninstall.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 08:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-09 8:55
ComboFix-quarantined-files.txt 2009-09-09 13:55
ComboFix2.txt 2009-09-09 02:04

Pre-Run: 57,910,677,504 bytes free
Post-Run: 57,881,092,096 bytes free

303 --- E O F --- 2009-08-29 07:57
Reply With Quote
  #14  
Old September 9th, 2009, 11:04 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
  
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Looking a lot better. Download Malwarebytes' Anti-Malware from here or here.

Doubleclick on mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan" then click Scan. The scan may take some time to finish so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. Please do so. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please copy and paste the entire report in your next reply.

Also post a new DDS log please (dont worry about the Optional scan this time)
Reply With Quote
  #15  
Old September 10th, 2009, 09:50 PM
epix epix is offline
Member
  
Join Date: Apr 2008
Posts: 95
Malwarebytes' Anti-Malware 1.40
Database version: 2773
Windows 5.1.2600 Service Pack 3

9/10/2009 3:49:29 PM
mbam-log-2009-09-10 (15-49-29).txt

Scan type: Quick Scan
Objects scanned: 104515
Time elapsed: 17 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Toria Best\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
Reply With Quote
Reply
Page 1 of 5 1 23 Last »

Bookmarks

« Previous Topic | Next Topic »
Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
AntiVirus 2010 atg23 Malware Removal 3 October 8th, 2010 03:53 AM
Antivirus XP 2010 bbeese Malware Removal 111 April 1st, 2010 04:14 AM
antivirus XP 2010 faerylights Malware Removal 6 March 7th, 2010 09:05 PM
Infected with Antivirus Pro 2010 jmterry Malware Removal 25 September 17th, 2009 01:41 AM
PC Antivirus 2010, maybe others rlah Malware Removal 41 September 9th, 2009 11:00 PM


All times are GMT +1. The time now is 01:20 AM.