ComboFix-
ComboFix 08-05-01.3 - Justin 2008-05-07 14:57:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1561 [GMT -4:00]
Running from: C:\Documents and Settings\Justin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Justin\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\tdomgafw.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\afkfgvqt
C:\Documents and Settings\All Users\Application Data\afkfgvqt\wdodovmd.exe
C:\Documents and Settings\All Users\Application Data\wqzxysdg
C:\Documents and Settings\All Users\Application Data\wqzxysdg\fsdozsly.exe
C:\Documents and Settings\All Users\Application Data\yfesgoms
C:\Documents and Settings\All Users\Application Data\yfesgoms\ijuxqzyv.exe
C:\Program Files\FBrowserAdvisor
C:\Program Files\InternetProgram
C:\Program Files\InternetProgram\InternetProgram-2.dll
C:\Program Files\InternetProgram\InternetProgram.dat
C:\Program Files\InternetProgram\pcre3.dll
C:\Program Files\InternetProgram\uninstall.exe
C:\tdomgafw.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.
2008-05-06 22:32 . 2008-05-06 22:32 42 --a------ C:\WINDOWS\JFEXRMC.INI
2008-05-06 19:44 . 2008-05-06 19:44 <DIR> d-------- C:\Program Files\Illustrate
2008-05-06 19:44 . 2008-05-06 19:44 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-06 19:44 . 2008-05-06 19:44 36,104 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-05-06 19:44 . 2008-05-06 19:44 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-05-06 19:13 . 2008-05-06 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vrxphxdm
2008-05-06 16:16 . 2008-05-06 16:16 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-06 16:14 . 2008-05-06 16:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-03 18:18 . 2008-05-07 14:56 45 --a------ C:\TEST.XML
2008-04-23 15:03 . 2008-04-23 15:03 <DIR> dr------- C:\WINDOWS\AsDmiHtm
2008-04-23 14:51 . 2008-04-23 15:18 <DIR> d-------- C:\NVIDIA
2008-04-22 18:29 . 2008-04-22 18:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-12 17:54 . 2008-04-12 17:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-04-12 17:54 . 2008-04-12 17:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-04-12 17:54 . 2008-04-12 17:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-04-07 12:19 . 2008-04-07 12:19 <DIR> d-------- C:\Logs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 18:54 --------- d-----w C:\Documents and Settings\Justin\Application Data\Xfire
2008-05-07 00:36 --------- d-----w C:\Program Files\mIRC
2008-05-07 00:00 --------- d-----w C:\Program Files\Steam
2008-05-06 19:50 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 19:50 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-03 22:20 --------- d-----w C:\Program Files\CSStrat
2008-05-02 12:44 --------- d-----w C:\Documents and Settings\Justin\Application Data\Azureus
2008-05-02 12:24 --------- d-s---w C:\Program Files\Xfire
2008-04-29 02:27 --------- d-----w C:\Documents and Settings\Justin\Application Data\LimeWire
2008-04-29 02:05 --------- d-----w C:\Program Files\LimeWire
2008-04-11 01:16 --------- d-s---w C:\Program Files\HLSW
2008-04-09 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-06 19:32 --------- d-----w C:\Program Files\iTunes
2008-04-06 19:32 --------- d-----w C:\Program Files\iPod
2008-04-06 19:31 --------- d-----w C:\Program Files\QuickTime
2008-04-04 19:44 --------- d-----w C:\Program Files\ESEA
2008-04-03 19:31 --------- d-----w C:\Program Files\TGTSoft
2008-04-01 20:22 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-04-01 20:19 --------- d-----w C:\Program Files\Avanquest update
2008-04-01 20:15 --------- d-----w C:\Documents and Settings\Justin\Application Data\Apple Computer
2008-03-31 22:15 --------- d-----w C:\Program Files\Azureus
2008-03-30 04:30 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-30 04:30 --------- d-----w C:\Documents and Settings\Justin\Application Data\SystemRequirementsLab
2008-03-30 02:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-30 02:30 --------- d-----w C:\Program Files\GameSpy
2008-03-30 02:28 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-30 02:28 22,328 ----a-w C:\Documents and Settings\Justin\Application Data\PnkBstrK.sys
2008-03-30 02:15 --------- d-----w C:\Program Files\Electronic Arts
2008-03-27 21:24 --------- d-----w C:\Program Files\Bonjour
2008-03-26 19:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-26 19:23 --------- d-----w C:\Program Files\Razer
2008-03-25 02:50 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 01:29 --------- d-----w C:\Documents and Settings\Justin\Application Data\FileZilla
2008-03-16 00:41 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-15 02:53 --------- d-----w C:\Program Files\DIFX
2008-03-15 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Razer
2008-03-14 03:11 --------- d-----w C:\Program Files\Java
2008-03-14 03:05 --------- d-----w C:\Program Files\FBrowsingAdvisor
2008-03-13 01:51 --------- d-----w C:\Program Files\Panicware
2008-03-11 20:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-11 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-11 19:40 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-11 01:05 --------- d-----w C:\Program Files\AIM6
2008-03-11 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-11 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-11 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-11-05 05:20 40,960 ----a-w C:\Documents and Settings\NetworkService\rtdrvmon.exe
2007-10-09 23:36 40,960 ----a-w C:\Documents and Settings\LocalService\rtdrvmon.exe
2007-07-22 00:53 92,064 ----a-w C:\Documents and Settings\Justin\mqdmmdm.sys
2007-07-22 00:53 9,232 ----a-w C:\Documents and Settings\Justin\mqdmmdfl.sys
2007-07-22 00:53 79,328 ----a-w C:\Documents and Settings\Justin\mqdmserd.sys
2007-07-22 00:53 66,656 ----a-w C:\Documents and Settings\Justin\mqdmbus.sys
2007-07-22 00:53 6,208 ----a-w C:\Documents and Settings\Justin\mqdmcmnt.sys
2007-07-22 00:53 5,936 ----a-w C:\Documents and Settings\Justin\mqdmwhnt.sys
2007-07-22 00:53 4,048 ----a-w C:\Documents and Settings\Justin\mqdmcr.sys
2007-07-22 00:53 25,600 ----a-w C:\Documents and Settings\Justin\usbsermptxp.sys
2007-07-22 00:53 22,768 ----a-w C:\Documents and Settings\Justin\usbsermpt.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-06_16.33.09.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-06 20:21:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 18:56:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-07-14 21:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
+ 2006-02-28 12:00:00 183,808 ----a-w C:\WINDOWS\system32\accwiz.exe
+ 2006-02-28 12:00:00 16,384 ----a-w C:\WINDOWS\system32\avmeter.dll
+ 2006-02-28 12:00:00 227,840 ----a-w C:\WINDOWS\system32\avtapi.dll
+ 2006-02-28 12:00:00 73,216 ----a-w C:\WINDOWS\system32\avwav.dll
+ 2006-02-28 12:00:00 114,688 ----a-w C:\WINDOWS\system32\calc.exe
+ 2006-02-28 12:00:00 80,384 ----a-w C:\WINDOWS\system32\charmap.exe
+ 2006-02-28 12:00:00 102,912 ----a-w C:\WINDOWS\system32\clipbrd.exe
+ 2006-02-28 12:00:00 55,296 ----a-w C:\WINDOWS\system32\freecell.exe
+ 2006-02-28 12:00:00 605,696 ----a-w C:\WINDOWS\system32\getuname.dll
+ 2006-02-28 12:00:00 44,544 ----a-w C:\WINDOWS\system32\hticons.dll
+ 2006-02-28 12:00:00 345,088 ----a-w C:\WINDOWS\system32\hypertrm.dll
+ 2006-02-28 12:00:00 123,392 ----a-w C:\WINDOWS\system32\mplay32.exe
+ 2006-02-28 12:00:00 126,976 ----a-w C:\WINDOWS\system32\mshearts.exe
+ 2006-02-28 12:00:00 343,040 ----a-w C:\WINDOWS\system32\mspaint.exe
- 2008-04-23 18:02:58 82,040 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-06 22:51:11 82,040 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-23 18:02:58 455,830 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-06 22:51:11 455,830 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-02-28 12:00:00 131,584 ----a-w C:\WINDOWS\system32\sndrec32.exe
+ 2006-02-28 12:00:00 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
+ 2006-02-28 12:00:00 56,832 ----a-w C:\WINDOWS\system32\sol.exe
+ 2006-02-28 12:00:00 538,624 ----a-w C:\WINDOWS\system32\spider.exe
+ 2006-02-28 12:00:00 35,328 ----a-w C:\WINDOWS\system32\winchat.exe
+ 2006-02-28 12:00:00 119,808 ----a-w C:\WINDOWS\system32\winmine.exe
+ 2006-02-28 12:00:00 5,632 ----a-w C:\WINDOWS\system32\write.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 09:18 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31 1372160]
"vrxphxdm"="C:\Documents and Settings\All Users\Application Data\vrxphxdm\ctqtahgb.exe" [2008-05-06 19:13 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-20 04:07 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 06:05 8429568]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.DLL]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CmUsbSound"="cmcnfgu.cpl" []
"Lycosa"="C:\Program Files\Razer\Lycosa\razerhid.exe" [2007-11-20 16:53 147456]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-05-07 17:40 159744]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 06:05 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-12 09:24 53760 C:\WINDOWS\system32\narrator.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Steam\\steamapps\\poptart1\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Steam\\steamapps\\poptart1\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"C:\\Program Files\\Steam\\steamapps\\poptart1\\day of defeat source\\hl2.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 08:46]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2004-09-02 21:32]
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-04-12 06:46]
R3 LycoFltr;Lycosa Keyboard;C:\WINDOWS\system32\Drivers\Lycosa.sys [2007-09-27 21:12]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S3 CyUsb;Cypress Generic USB Driver;C:\WINDOWS\system32\Drivers\CyUsb.sys [2005-03-03 19:47]
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 12:19]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-02-27 14:31]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23662031-f2ff-11dc-88bb-0018f373c9b8}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35a6884a-3700-11dc-8771-0018f373d673}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45ad1ba4-c298-11dc-8883-0018f373c9b8}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 12:21:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-07 18:45:08 C:\WINDOWS\Tasks\User_Feed_Synchronization-{15A20141-CFF6-4C06-8256-A0849BCC638B}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-07 15:01:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-07 15:10:14
ComboFix-quarantined-files.txt 2008-05-07 19:09:59
ComboFix2.txt 2008-05-06 20:33:28
Pre-Run: 240,070,819,840 bytes free
Post-Run: 240,056,672,256 bytes free
228 --- E O F --- 2008-04-12 07:03:11
Malwarebyte-
Malwarebytes' Anti-Malware 1.12
Database version: 729
Scan type: Full Scan (C:\|)
Objects scanned: 199066
Time elapsed: 36 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 60
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vrxphxdm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\All Users\Application Data\vrxphxdm\ctqtahgb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\afkfgvqt\wdodovmd.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\wqzxysdg\fsdozsly.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\yfesgoms\ijuxqzyv.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP244\A0131524.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP244\A0131525.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP268\A0160824.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP268\A0160825.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP271\A0162661.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP271\A0162662.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP271\A0162663.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HJT-
Malwarebytes' Anti-Malware 1.12
Database version: 729
Scan type: Full Scan (C:\|)
Objects scanned: 199066
Time elapsed: 36 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 60
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vrxphxdm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\All Users\Application Data\vrxphxdm\ctqtahgb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\afkfgvqt\wdodovmd.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\wqzxysdg\fsdozsly.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\yfesgoms\ijuxqzyv.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP244\A0131524.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP244\A0131525.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP268\A0160824.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP268\A0160825.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP271\A0162661.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP271\A0162662.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C23EAFD-B3BF-42E0-AEF2-7AA61DA8DB07}\RP271\A0162663.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.