Post by: resevil83 on January 21, 2007, 03:25:43 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />Logfile of HijackThis v1.99.1
Scan saved at 2:21:22 AM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\PadsysAssistant\PadsysAssistant.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\pwinsqes.exe
C:\WINNT\winsock32.exe
C:\Program Files\Common Files\AOL\1130113856\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1130113856\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\trafkbdy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\dsvjd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\dsvjd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\dsvjd.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.yieldmanager.com/rw?title=&q...amp;uid=8765607 (http://\"http://ad.yieldmanager.com/rw?title=&qs=iframe3?23AEAJ5EAQDcRwIA1-oAAAIAAAAAAP8AAAAFDgACAAJQUwEAIYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAdY.vI.AAAAAAAA-D8AAIAM6Kf.PwAAAAAAAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWhVLQc81bgEX.J8LwTHa0y9iBPfRmHam2XkBuAAAAAA=,,http://63.123.224.168/mbop/display.php3?aid=36&uid=8765607\") (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: AssistantLibrary - {04CDB16C-AB38-43CD-A86A-6FEB90290939} - C:\Program Files\PadsysAssistant\AssistantLibrary.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16E618CF-418A-4832-BB7B-48F8EEE75711} - C:\WINNT\Help\starter\mxlyss.dll
O2 - BHO: (no name) - {2416E910-CA38-4567-8DCA-4A050DADCABa} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: (no name) - {286D7B76-7883-9B10-E16F-90945C669B40} - C:\WINNT\nttd32.dll (file missing)
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINNT\system32\nodeipproc.dll
O2 - BHO: (no name) - {325B8880-1463-6CCD-40EE-4D918CD788BC} - C:\WINNT\system32\bgnfwko.dll
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINNT\system32\durvilz.dll
O2 - BHO: (no name) - {44A380A3-0821-1E04-C7E1-0755E228F280} - C:\WINNT\system32\rfwmxjb.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA43AA} - C:\Program Files\AdSponsor\AdSponsor.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINNT\system32\ipv6mons.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINNT\system32\ipv6mons.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINNT\cfg32r.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINNT\system32\wsdgotag.dll
O2 - BHO: (no name) - {9AD16D7F-49A6-422C-BE55-7F59270ECDA6} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - C:\Program Files\BHO Plugin\plugin2.dll
O2 - BHO: Jffdjljo Class - {A16AC1F4-BCA7-4401-B5F5-22240F78E776} - C:\WINNT\system32\p2jlseh8.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Yvakt Class - {ABA0ABA4-1C23-42CE-A10B-E07B8609B555} - C:\WINNT\system32\x3cqp0.dll
O2 - BHO: (no name) - {B4AFD5E5-E9C5-4893-95C9-DF0651B15D36} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: 0 - {B86E6737-5BD6-4572-8E8D-75E6D342D22E} - C:\Program Files\MSN Gaming Zone\ryli.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30B0A85A-0AE9-1033-0801-030416200001}\888Bar.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\rqrroll.dll
O2 - BHO: (no name) - {CA82C0E1-0757-24F2-23F8-0C45017C2DE5} - C:\WINNT\system32\vnscct.dll
O2 - BHO: (no name) - {DEB00314-395A-4E70-8686-DCAC63A4DDFe} - C:\WINNT\system32\walikbmv.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30B0A85A-0AE9-1033-0801-030416200001}\888Bar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\pwinsqes.exe SKY001
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\dqquglku.dll",setvm
O4 - HKLM\..\Run: [brwdiag] C:\WINNT\system32\brwconf.exe
O4 - HKLM\..\Run: [vodcyi] C:\WINNT\system32\vwykak.exe reg_run
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKCU\..\Run: [stonedrv] c:\winnt\system32\stonedrv.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [_zlu_zlope04] C:\WINNT\system32\_zsk_zlu_zlope04P\SK^H`VQRIZJNVK.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [_zlu_zlope06] c:\winnt\system32\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe
O4 - HKCU\..\Run: [winsock32] winsock32
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\winnt\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [TaskManager] C:\WINNT\TaskMgr.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [rlkdb] C:\WINNT\system32\vwykak.exe reg_run
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinsqes.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Pop up Blocker Pro - {599125BC-6100-4DC3-BCB9-9452A2192CF5} - C:\Program Files\Pop up Blocker Pro\pdie.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\jpsjisqy.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.189.118/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab (http://\"http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab\")
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.wildtangent.com/webdrivers/webinstall/Install.cab (http://\"http://www.wildtangent.com/webdrivers/webinstall/Install.cab\")
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe (http://\"http://promo.dollarrevenue.com/activex/promocache/3138302D2D2D.exe\")
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\IVANTH~1\LOCALS~1\Temp\mma.chm::/alien.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab (http://\"http://www.nick.com/common/groove/gx/GrooveAX27.cab\")
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab (http://\"http://awbeta.net-nucleus.com/FIX/WinATS.cab\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab (http://\"http://click.mirarsearch.com/CABUPDATES/winwcd.cab\")
O20 - Winlogon Notify: brwmgr - C:\WINNT\SYSTEM32\brwmgr32.dll
O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\epent97.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mxlyss - C:\WINNT\Help\starter\mxlyss.dll
O20 - Winlogon Notify: Reliability - C:\WINNT\system32\vdscript.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll
O20 - Winlogon Notify: rqrroll - C:\WINNT\SYSTEM32\rqrroll.dll
O20 - Winlogon Notify: RunServices - C:\WINNT\system32\icdkcs32.dll (file missing)
O20 - Winlogon Notify: trafkbdy - C:\WINNT\system32\trafkbdy.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINNT\system32\aspi3048410.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\System32\angelex.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe
O23 - Service: mstlsapi - Unknown owner - C:\WINNT\mstlsapi.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
Post by: guestolo on January 21, 2007, 04:47:11 AM
Follow along closely, do everything I post, if you get stuck on something
Carry on and post what you can
Let's try and clean some and see what we're left with
Download a few tools please,
==Download the latest version of [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
We will need this later
==Download [color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\") and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
We'll need this later
==Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
We'll need this later
==Download and Install
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later
==Download and Install Spybot 1.4 from
HERE (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
Ensure all updates are successful, a GREEN check will indicate this
If you have an error updating, search for updates again and retry the download until all updates are successfully installed
After update is complete
Close Spybot, as we will need it later also
Access your Add/Remove programs and remove any of the following that you can find:
New.dot Net domains
Toolbar 888
DeluxeCommunications
VSToolbar
Adsponsor
DeskBar
PadsysAssistant
Surf Sidekick
DeluxeCommunications
Reboot the computer
In the event that New.Net Domains is not listed in add/remove programs
Download this uninstaller to desktop and run it
http://www.new.net/support/NNuninstall.exe (http://\"http://www.new.net/support/NNuninstall.exe\")
Follow the onscreen instructions
Ensure that you reboot the computer afterwards
Print the rest of these instructions or save them too a notepad file for reference
This is important!!!
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\dsvjd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\dsvjd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\dsvjd.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.yieldmanager.com/rw?title=&q...amp;uid=8765607 (http://\"http://ad.yieldmanager.com/rw?title=&q...amp;uid=8765607\") (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: AssistantLibrary - {04CDB16C-AB38-43CD-A86A-6FEB90290939} - C:\Program Files\PadsysAssistant\AssistantLibrary.dll
O2 - BHO: (no name) - {16E618CF-418A-4832-BB7B-48F8EEE75711} - C:\WINNT\Help\starter\mxlyss.dll
O2 - BHO: (no name) - {2416E910-CA38-4567-8DCA-4A050DADCABa} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: (no name) - {286D7B76-7883-9B10-E16F-90945C669B40} - C:\WINNT\nttd32.dll (file missing)
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINNT\system32\nodeipproc.dll
O2 - BHO: (no name) - {325B8880-1463-6CCD-40EE-4D918CD788BC} - C:\WINNT\system32\bgnfwko.dll
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINNT\system32\durvilz.dll
O2 - BHO: (no name) - {44A380A3-0821-1E04-C7E1-0755E228F280} - C:\WINNT\system32\rfwmxjb.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA43AA} - C:\Program Files\AdSponsor\AdSponsor.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINNT\system32\ipv6mons.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINNT\system32\ipv6mons.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINNT\cfg32r.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINNT\system32\wsdgotag.dll
O2 - BHO: (no name) - {9AD16D7F-49A6-422C-BE55-7F59270ECDA6} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - C:\Program Files\BHO Plugin\plugin2.dll
O2 - BHO: Jffdjljo Class - {A16AC1F4-BCA7-4401-B5F5-22240F78E776} - C:\WINNT\system32\p2jlseh8.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Yvakt Class - {ABA0ABA4-1C23-42CE-A10B-E07B8609B555} - C:\WINNT\system32\x3cqp0.dll
O2 - BHO: (no name) - {B4AFD5E5-E9C5-4893-95C9-DF0651B15D36} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: 0 - {B86E6737-5BD6-4572-8E8D-75E6D342D22E} - C:\Program Files\MSN Gaming Zone\ryli.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30B0A85A-0AE9-1033-0801-030416200001}\888Bar.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\rqrroll.dll
O2 - BHO: (no name) - {CA82C0E1-0757-24F2-23F8-0C45017C2DE5} - C:\WINNT\system32\vnscct.dll
O2 - BHO: (no name) - {DEB00314-395A-4E70-8686-DCAC63A4DDFe} - C:\WINNT\system32\walikbmv.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30B0A85A-0AE9-1033-0801-030416200001}\888Bar.dll
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\pwinsqes.exe SKY001
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\dqquglku.dll",setvm
O4 - HKLM\..\Run: [brwdiag] C:\WINNT\system32\brwconf.exe
O4 - HKLM\..\Run: [vodcyi] C:\WINNT\system32\vwykak.exe reg_run
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKCU\..\Run: [stonedrv] c:\winnt\system32\stonedrv.exe
O4 - HKCU\..\Run: [_zlu_zlope04] C:\WINNT\system32\_zsk_zlu_zlope04P\SK^H`VQRIZJNVK.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [_zlu_zlope06] c:\winnt\system32\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe
O4 - HKCU\..\Run: [winsock32] winsock32
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\winnt\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [TaskManager] C:\WINNT\TaskMgr.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [rlkdb] C:\WINNT\system32\vwykak.exe reg_run
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinsqes.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\jpsjisqy.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.189.118/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab (http://\"http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab\")
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.wildtangent.com/webdrivers/webinstall/Install.cab (http://\"http://www.wildtangent.com/webdrivers/webinstall/Install.cab\")
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe (http://\"http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe\")
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\IVANTH~1\LOCALS~1\Temp\mma.chm::/alien.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab (http://\"http://www.nick.com/common/groove/gx/GrooveAX27.cab\")
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab (http://\"http://awbeta.net-nucleus.com/FIX/WinATS.cab\")
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab (http://\"http://click.mirarsearch.com/CABUPDATES/winwcd.cab\")
O20 - Winlogon Notify: brwmgr - C:\WINNT\SYSTEM32\brwmgr32.dll
O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\epent97.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mxlyss - C:\WINNT\Help\starter\mxlyss.dll
O20 - Winlogon Notify: Reliability - C:\WINNT\system32\vdscript.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll
O20 - Winlogon Notify: rqrroll - C:\WINNT\SYSTEM32\rqrroll.dll
O20 - Winlogon Notify: RunServices - C:\WINNT\system32\icdkcs32.dll (file missing)
O20 - Winlogon Notify: trafkbdy - C:\WINNT\system32\trafkbdy.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINNT\system32\aspi3048410.exe (file missing)
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\System32\angelex.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe
O23 - Service: mstlsapi - Unknown owner - C:\WINNT\mstlsapi.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the top of the screen that appears.
Sign in with your normal user account
==Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
==Open the SmitfraudFix folder you extracted to desktop earlier
- Double-click smitfraudfix.cmd
- Press any key to continue
- Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
- You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
I'll need to see these later, by default they are also saved at C:\rapport.txt
If a reboot was not required, remain in safe mode
If a reboot was required, reboot back to safe mode please and follow the remaining instructions!!!!
==Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
Close Ad-Aware
==Open Spybot 1.4
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
SDFix
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
DO the following
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Come back here and post All the following please. Even if it takes more than one reply to do so
1. Post the log from Combofix >> C:\Combofix.txt
2. Post the log from SDFix>>"Report.txt" within the SDFix folder
3. Post the log from Smitfraudfix>>C:\Rapport.txt
4. Post a fresh Hijackthis log
Post by: resevil83 on January 28, 2007, 04:46:57 AM
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Vince.BACKROOM\Desktop"
[color=\"red\"] ERROR !!! Look2Me section not completed [/color]
((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))
* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *
O4 - HKCU\...\Run C:\WINNT\system32\vwykak.exe
O4 - HKLM\...\Run C:\WINNT\system32\vwykak.exe
* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *
C:\WINNT\system32\ceykqsi.dll
C:\WINNT\system32\vwykak.exe
C:\WINNT\system32\xcwrkpw.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\oellg.exe
C:\WINNT\urgqq.dll
C:\WINNT\system32\cuonl.dat
C:\WINNT\system32\mgqoy.exe
* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
07-01-03 08:41 343040 oellg.exe.qoo
07-01-04 19:24 343040 cuonl.dat.qoo
07-01-04 19:24 343040 vwykak.exe.qoo
07-01-04 19:24 157184 ceykqsi.dll.qoo
07-01-28 03:28 337 urgqq.dll.qoo
06-11-08 21:41 53 bwccvb.dat.qoo
DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\ac3_0008.exe
C:\ac3_0003.exe
C:\dfndrff_11a.exe
C:\dfndrff_8.exe
C:\dfndrff_9.exe
C:\dfndrff_e21.exe
C:\dfndrff_e25.exe
C:\drsmartload45a3333a.exe
C:\drsmartload45a3344a.exe
C:\drsmartload45a45a45q.exe
C:\drsmartload45a45b.exe
C:\drsmartload45a45c.exe
C:\drsmartload45a45d.exe
C:\drsmartload45a45e.exe
C:\drsmartload45a45f.exe
C:\drsmartload45a8b9.exe
C:\drsmartload45a8b9abc.exe
C:\drsmartload45a9999a.exe
C:\drsmartload46a3333a.exe
C:\drsmartload46a3344a.exe
C:\drsmartload46a46b.exe
C:\drsmartload46a46c.exe
C:\drsmartload46a46d.exe
C:\drsmartload46a46e.exe
C:\drsmartload46a46f.exe
C:\drsmartload46a8b9.exe
C:\drsmartload46a8b9abc.exe
C:\drsmartload46a9999a.exe
C:\drsmartload849a3333a.exe
C:\drsmartload849a3344a.exe
C:\drsmartload849a849b.exe
C:\drsmartload849a849c.exe
C:\drsmartload849a849d.exe
C:\drsmartload849a849e.exe
C:\drsmartload849a849f.exe
C:\drsmartload849a8b9.exe
C:\drsmartload849a8b9abc.exe
C:\drsmartload849a9999a.exe
C:\WINNT\Duce6.exe
C:\deskbar_e21.exe
C:\kybrdff_11a.exe
C:\kybrdff_8.exe
C:\kybrdff_9.exe
C:\kybrdff_e21.exe
C:\kybrdff_e54.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\nwnmff_11.exe
C:\nwnmff_12.exe
C:\nwnmff_8.exe
C:\nwnmff_9.exe
C:\nwnmff_e21.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINNT\1.exe
C:\WINNT\2.exe
C:\WINNT\uninstall_nmon.vbs
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
C:\DOCUME~1\Alys\Application Data\Dxcknwrd.dll
C:\DOCUME~1\Guest\Application Data\Dxcknwrd.dll
C:\DOCUME~1\O0IIEB~1\Application Data\Dxcknwrd.dll
C:\DOCUME~1\PHILBA~1.000\Application Data\Sskcwrd.dll
C:\DOCUME~1\PHILBA~1.000\Application Data\Sskknwrd.dll
C:\DOCUME~1\PHILBA~1.000\Application Data\Sskuknwrd.dll
C:\DOCUME~1\PHILBA~1.000\Application Data\Dxcknwrd.dll
C:\DOCUME~1\VINCE~1.BAC\Application Data\Dxcknwrd.dll
C:\DOCUME~1\VINCE~1.BAC\Application Data\Dxcuknwrd.dll
C:\WINNT\1.exe
C:\WINNT\2.exe
C:\WINNT\876056.exe
C:\WINNT\system32\aaphpseh.dll
C:\WINNT\system32\aatbvnwg.dll
C:\WINNT\system32\abuiqtyg.dll
C:\WINNT\system32\bodqedes.dll
C:\WINNT\system32\ferpsosk.dll
C:\WINNT\system32\grgstwtk.dll
C:\WINNT\system32\hbcrjtqe.dll
C:\WINNT\system32\htyuadjk.dll
C:\WINNT\system32\kmhparsl.dll
C:\WINNT\system32\lyutbgff.dll
C:\WINNT\system32\msdryrwp.dll
C:\WINNT\system32\nanehhal.dll
C:\WINNT\system32\nntlfwdo.dll
C:\WINNT\system32\orjolaht.dll
C:\WINNT\system32\pmcayljt.dll
C:\WINNT\system32\vhpyadek.dll
C:\WINNT\system32\vmpjruap.dll
C:\WINNT\system32\yvhgihjj.dll
C:\WINNT\system32\aaa00000.sys
C:\WINNT\system32\ftuninst.exe
C:\WINNT\system32\gbe90qs.exe
C:\WINNT\system32\icon_mediamotor.exe
C:\WINNT\system32\mptft.exe
C:\WINNT\system32\nr1rnqm8.exe
C:\WINNT\system32\rnnypbw.exe
C:\WINNT\system32\ssn6tuu.exe
C:\WINNT\system32\tfthot.exe
C:\WINNT\system32\ts_mediamotor.exe
C:\WINNT\system32\WinNB58.dll
C:\WINNT\system32\x3cqp0.dll
C:\mpnaaq7.exe
C:\yz02.exe
C:\zigid003.exe
C:\WINNT\dembat.tm
C:\WINNT\media_motor_bundle.exe
C:\WINNT\MirarSetup_876075.exe
C:\WINNT\offun.exe
C:\WINNT\system32ftuninst.exe
C:\WINNT\System32tfthot.exe
C:\WINNT\uni_e6h.exe
C:\WINNT\uni_ehhhh.exe
C:\WINNT\uninst104.exe
C:\DOCUME~1\LOCALS~1\Application Data\NetMon
C:\Program Files\Common Files\{10B0A~1
C:\Program Files\Common Files\{30B0A~1
C:\Documents and Settings\All Users\Documents\Settings
C:\DOCUME~1\VINCE~1.BAC\Application Data\SearchToolbarCorp
C:\Program Files\CMFibula
C:\Program Files\cmfibula
C:\Program Files\CMIntex
C:\Program Files\snowball wars
C:\Program Files\VSAdd-in
C:\Program Files\windows
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\PPATCH~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\PPATCH~1\w?auboot.exe
C:\qoobox\purity\Program Files\STEM32~1\STEM32~1
C:\qoobox\purity\Program Files\STEM32~1\wuaclt.exe
C:\qoobox\purity\WINNT\ECURIT~1
C:\qoobox\purity\WINNT\YMANTE~1
C:\qoobox\purity\WINNT\system32\MBOLS~1
((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 ))))))))))))))))))))))))))))))))))
2007-01-28 03:29 88,035 --a------ C:\WINNT\PID47IER.exe
2007-01-28 03:26 88,340 --a------ C:\WINNT\system32\vhnkhijq.exe
2007-01-28 03:26 118,804 --a------ C:\WINNT\system32\slcyabmh.dll
2007-01-28 01:48 2,388 --a------ C:\WINNT\system32\tmp.reg
2007-01-28 01:47 79,360 --a------ C:\WINNT\system32\swxcacls.exe
2007-01-28 01:47 53,248 --a------ C:\WINNT\system32\Process.exe
2007-01-28 01:47 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-01-28 01:47 40,960 --a------ C:\WINNT\system32\swsc.exe
2007-01-28 01:47 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-01-28 01:47 135,168 --a------ C:\WINNT\system32\swreg.exe
2007-01-28 00:13 88,340 --a------ C:\WINNT\system32\muqaqicc.exe
2007-01-27 23:52 88,340 --a------ C:\WINNT\system32\ojxrusoa.exe
2007-01-27 23:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-27 23:35 <DIR> d-------- C:\DOCUME~1\VINCE~1.BAC\Application Data\Lavasoft
2007-01-27 22:42 88,340 --a------ C:\WINNT\system32\hjtqjijb.exe
2007-01-27 22:42 118,804 --a------ C:\WINNT\system32\mlheylhy.dll
2007-01-27 22:10 88,340 --a------ C:\WINNT\system32\bjmvqrjr.exe
2007-01-27 21:56 49,152 --ah----- C:\WINNT\system32\brwconf.exe
2007-01-27 21:48 88,340 --a------ C:\WINNT\system32\kobsamws.exe
2007-01-27 21:48 118,804 --a------ C:\WINNT\system32\idbuhqtr.dll
2007-01-27 21:39 95,744 --a------ C:\WINNT\system32\drivera.exe
2007-01-27 21:39 150,016 --a------ C:\WINNT\system32\drivera.dll
2007-01-27 21:38 95,744 --a------ C:\WINNT\monterreya_unknown.exe
2007-01-27 14:48 88,340 --a------ C:\WINNT\system32\bdkifmhs.exe
2007-01-27 14:47 118,804 --a------ C:\WINNT\system32\pcitmcrp.dll
2007-01-27 13:35 95,744 --a------ C:\WINNT\system32\monterreya_unknown.exe
2007-01-27 13:35 88,340 --a------ C:\WINNT\system32\citgwfcc.exe
2007-01-25 01:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-25 01:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-01-25 01:22 <DIR> d-------- C:\SDFix
2007-01-21 02:17 <DIR> d-------- C:\HJT
2007-01-18 22:39 88,340 --a------ C:\WINNT\system32\dvhuhvmq.exe
2007-01-18 22:39 118,804 --a------ C:\WINNT\system32\dqquglku.dll
2007-01-18 21:28 88,340 --a------ C:\WINNT\system32\pejcrrpg.exe
2007-01-18 21:28 118,804 --a------ C:\WINNT\system32\rlaswfmy.dll
2007-01-18 21:22 95,744 --a------ C:\WINNT\system32\durvilz.exe
2007-01-18 21:22 95,744 --a------ C:\WINNT\system32\druidz_unknown.exe
2007-01-18 21:22 150,016 --a------ C:\WINNT\system32\durvilz.dll
2007-01-15 16:50 <DIR> d-------- C:\Program Files\Exolon
2007-01-15 16:49 100,843 --a------ C:\WINNT\tpup.exe
2007-01-07 20:27 931 --a------ C:\WINNT\system32\winpfz32.sys
2007-01-07 20:24 88,340 --a------ C:\WINNT\system32\eawvpssc.exe
2007-01-06 23:42 88,340 --a------ C:\WINNT\system32\iffdupbs.exe
2007-01-06 23:41 88,340 --a------ C:\WINNT\system32\kblayvxm.exe
2007-01-06 21:23 88,340 --a------ C:\WINNT\system32\gtrsykbu.exe
2007-01-05 05:31 184,432 --a------ C:\WINNT\system32\pwinsqeb.exe
2007-01-04 19:31 184,395 --a------ C:\WINNT\system32\pwinsqed.exe
2007-01-04 19:25 88,340 --a------ C:\WINNT\system32\ppgmkvoa.exe
2007-01-04 19:13 88,340 --a------ C:\WINNT\system32\hvyicstj.exe
2007-01-04 19:09 93,696 --a------ C:\WINNT\system32\wdokbye.dll
2007-01-03 16:07 13,098 --a------ C:\WINNT\system32\731402ld.exe
2007-01-03 08:42 <DIR> d-------- C:\DeluxeCommunications
2007-01-03 08:39 93,696 --a------ C:\WINNT\system32\hrcopul.dll
2007-01-03 08:39 9,767 --a------ C:\bghtcbd.exe
2007-01-03 08:39 3,648 --a------ C:\klnl.exe
2007-01-03 08:39 23,552 --a------ C:\bhbn.exe
2007-01-03 00:37 88,340 --a------ C:\WINNT\system32\rishhgwu.exe
2007-01-02 23:50 88,340 --a------ C:\WINNT\system32\harqceks.exe
2006-12-31 11:37 81,684 --a------ C:\WINNT\system32\bulpyxam.dll
2006-12-31 11:36 88,340 --a------ C:\WINNT\system32\ehvsduuw.exe
2006-12-31 11:34 88,340 --a------ C:\WINNT\system32\jqjhitpr.exe
2006-12-31 11:21 35,840 --a------ C:\WINNT\TaskMgr.exe
2006-12-31 03:18 88,340 --a------ C:\WINNT\system32\yvglruse.exe
2006-12-29 14:25 88,340 --a------ C:\WINNT\system32\elmjmvsr.exe
2006-12-29 13:42 88,340 --a------ C:\WINNT\system32\ipndxohb.exe
2006-12-28 18:44 88,340 --a------ C:\WINNT\system32\gncpdkqf.exe
2006-12-28 18:30 88,340 --a------ C:\WINNT\system32\iowdatel.exe
2006-12-28 18:30 44,060 --a------ C:\WINNT\system32\wsdgotag.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
[color=\"red\"]Rootkit driver pe386 is present. A rootkit scan is required[/color]
2007-01-28 03:38 -------- dr------- C:\Program Files\net nanny
2007-01-28 03:28 -------- d-------- C:\Program Files\msn gaming zone
2007-01-28 02:54 -------- d--h----- C:\Program Files\bho plugin
2007-01-28 02:54 -------- d-------- C:\Program Files\vstoolbar
2007-01-27 23:35 -------- d-------- C:\Program Files\lavasoft
2007-01-27 23:35 -------- d-------- C:\Documents and Settings\Vince.BACKROOM\Application Data\lavasoft
2007-01-18 22:39 929 --a------ C:\WINNT\system32\winpfg32.sys
2007-01-04 19:14 -------- d-------- C:\Program Files\limewire
2007-01-03 08:39 6687 --a------ C:\WINNT\system32\ldcore.dll
2006-12-28 19:00 -------- d-------- C:\Program Files\aim
2006-12-27 02:40 88340 --a------ C:\WINNT\system32\cxobntju.exe
2006-12-26 12:04 88340 --a------ C:\WINNT\system32\avrchesr.exe
2006-12-26 12:01 88340 --a------ C:\WINNT\system32\gcfcxcap.exe
2006-12-26 10:35 88340 --a------ C:\WINNT\system32\jkdmblhc.exe
2006-12-25 23:29 -------- d-------- C:\Documents and Settings\Vince.BACKROOM\Application Data\limewire
2006-12-25 22:14 -------- d---s---- C:\Documents and Settings\Vince.BACKROOM\Application Data\microsoft
2006-12-25 21:27 88340 --a------ C:\WINNT\system32\auyejhtg.exe
2006-12-25 17:24 88340 --a------ C:\WINNT\system32\xwltmfom.exe
2006-12-25 17:24 60436 --a------ C:\WINNT\system32\rtacltit.dll
2006-12-25 17:17 -------- d-------- C:\Program Files\itunes
2006-12-25 17:17 -------- d-------- C:\Program Files\ipod
2006-12-25 17:14 -------- d-------- C:\Program Files\quicktime
2006-12-25 17:11 -------- d-------- C:\Program Files\apple software update
2006-12-25 15:02 88340 --a------ C:\WINNT\system32\yxxseknn.exe
2006-12-25 14:49 88340 --a------ C:\WINNT\system32\vdbyqyll.exe
2006-12-25 14:43 88340 --a------ C:\WINNT\system32\pjnealoc.exe
2006-12-25 13:34 2 --a------ C:\WINNT\system32\wnstssv.exe
2006-12-25 13:33 88340 --a------ C:\WINNT\system32\piolqvwg.exe
2006-12-21 00:31 0 --a------ C:\WINNT\ff9n1vvm.exe
2006-12-19 08:16 44052 --a------ C:\WINNT\system32\anugbmlt.dll
2006-12-19 08:15 93696 --a------ C:\WINNT\system32\ansfsrg.dll
2006-12-19 08:15 88340 --a------ C:\WINNT\system32\iiyhgqcc.exe
2006-12-19 08:13 118804 --a------ C:\WINNT\system32\quidooai.dll
2006-12-18 09:13 53248 --ah----- C:\WINNT\system32\confbrw.dll
2006-12-18 09:13 49152 --ah----- C:\WINNT\system32\brwprf32.dll
2006-12-18 09:13 40960 --ah----- C:\WINNT\system32\brwperf.exe
2006-12-18 09:13 335872 --ah----- C:\WINNT\system32\brwmgr32.dll
2006-12-18 09:13 126976 --ah----- C:\WINNT\system32\brwstat.dll
2006-12-14 15:23 89088 --a------ C:\WINNT\system32\qfyqakn.dll
2006-12-14 15:22 17592 --a------ C:\3456346345643.exe
2006-12-14 15:18 88340 --a------ C:\WINNT\system32\dfcdcxxc.exe
2006-12-14 15:18 66048 --a------ C:\WINNT\system32\durvily.dll
2006-12-14 15:18 126996 --a------ C:\WINNT\system32\ghycmvth.dll
2006-12-14 15:18 121856 --a------ C:\WINNT\system32\durvily.exe
2006-12-14 15:18 121856 --a------ C:\WINNT\system32\druidy_unknown.exe
2006-12-12 21:24 88340 --a------ C:\WINNT\system32\mfqlgnxp.exe
2006-12-12 21:24 126996 --a------ C:\WINNT\system32\dsiyhtkx.dll
2006-12-12 21:21 60436 --a------ C:\WINNT\system32\cetiovja.dll
2006-12-12 21:19 69632 --a------ C:\WINNT\system32\kbfgldbp.dll
2006-12-11 07:44 58880 --a------ C:\WINNT\system32\vnscct.dll
2006-12-04 22:32 10613 -r-h----- C:\WINNT\system32\tmp_7.exe
2006-12-04 22:32 10613 -r-h----- C:\WINNT\system32\svch32q.exe
2006-12-04 14:43 88340 --a------ C:\WINNT\system32\redtociv.exe
2006-12-03 15:03 88340 --a------ C:\WINNT\system32\ujhwysvc.exe
2006-12-03 15:03 42516 --a------ C:\WINNT\system32\elrmoxli.dll
2006-12-03 15:02 9216 --a------ C:\WINNT\system32\e1.dll
2006-11-28 15:01 56320 --a------ C:\WINNT\system32\bgnfwko.dll
2006-11-25 11:51 126996 --a------ C:\WINNT\system32\lmckjhjk.dll
2006-11-25 11:51 110612 --a------ C:\WINNT\system32\ttdmysqp.exe
2006-11-25 11:49 110612 --a------ C:\WINNT\system32\woaiwyag.exe
2006-11-25 11:48 126996 --a------ C:\WINNT\system32\tmlbhinh.dll
2006-11-25 11:47 110612 --a------ C:\WINNT\system32\dhclwbme.exe
2006-11-25 00:33 126996 --a------ C:\WINNT\system32\eeqaaxun.dll
2006-11-25 00:33 110612 --a------ C:\WINNT\system32\enkedeea.exe
2006-11-25 00:32 110612 --a------ C:\WINNT\system32\xocmqlfs.exe
2006-11-24 22:11 38420 --a------ C:\WINNT\system32\pjuxptvk.dll
2006-11-24 22:11 126996 --a------ C:\WINNT\system32\twxkcqjp.dll
2006-11-24 22:11 110612 --a------ C:\WINNT\system32\mqtblbef.exe
2006-11-24 11:33 110612 --a------ C:\WINNT\system32\yrurktth.exe
2006-11-22 21:14 110612 --a------ C:\WINNT\system32\tayaxkyc.exe
2006-11-22 21:13 126996 --a------ C:\WINNT\system32\kgpfbhct.dll
2006-11-22 16:16 126996 --a------ C:\WINNT\system32\bwlesyvf.dll
2006-11-22 16:16 110612 --a------ C:\WINNT\system32\jnkxpkqt.exe
2006-11-22 16:15 110612 --a------ C:\WINNT\system32\egepfwmh.exe
2006-11-22 16:14 110612 --a------ C:\WINNT\system32\vxxtccqx.exe
2006-11-22 15:11 126996 --a------ C:\WINNT\system32\jkugjkcy.dll
2006-11-22 15:11 110612 --a------ C:\WINNT\system32\pplgksfc.exe
2006-11-18 10:59 126996 --a------ C:\WINNT\system32\cofrnicq.dll
2006-11-18 10:59 110612 --a------ C:\WINNT\system32\cyunnojo.exe
2006-11-18 07:15 110612 --a------ C:\WINNT\system32\qspcuvkm.exe
2006-11-18 07:14 131604 --a------ C:\WINNT\system32\walikbmv.dll
2006-11-18 07:14 126996 --a------ C:\WINNT\system32\xbcooiwr.dll
2006-11-17 18:49 126996 --a------ C:\WINNT\system32\dxedjwrs.dll
2006-11-17 18:48 110612 --a------ C:\WINNT\system32\ppnwtfly.exe
2006-11-17 18:25 126996 --a------ C:\WINNT\system32\fbnwtjyv.dll
2006-11-17 18:25 110612 --a------ C:\WINNT\system32\yqjdaain.exe
2006-11-17 15:52 126996 --a------ C:\WINNT\system32\eaavxxyh.dll
2006-11-17 15:19 126996 --a------ C:\WINNT\system32\eroxhqki.dll
2006-11-17 15:19 110612 --a------ C:\WINNT\system32\axqvaeyc.exe
2006-11-17 14:43 10609 -r-h----- C:\WINNT\system32\tmp_53.exe
2006-11-17 13:39 110612 --a------ C:\WINNT\system32\ypysegdi.exe
2006-11-17 13:38 126996 --a------ C:\WINNT\system32\gruywbts.dll
2006-11-16 18:15 110612 --a------ C:\WINNT\system32\tqtnehpg.exe
2006-11-16 18:14 126996 --a------ C:\WINNT\system32\ltxgobbh.dll
2006-11-16 17:17 126996 --a------ C:\WINNT\system32\dtxogqru.dll
2006-11-16 17:16 110612 --a------ C:\WINNT\system32\cjhfwtwe.exe
2006-11-16 13:46 126996 --a------ C:\WINNT\system32\apuuovoi.dll
2006-11-16 13:46 110612 --a------ C:\WINNT\system32\oqlgvwwv.exe
2006-11-15 20:16 110612 --a------ C:\WINNT\system32\fvkcgcgp.exe
2006-11-15 20:03 110612 --a------ C:\WINNT\system32\ogfljqdk.exe
2006-11-15 19:59 110612 --a------ C:\WINNT\system32\tkjikfwr.exe
2006-11-15 19:23 110612 --a------ C:\WINNT\system32\rcjvpytp.exe
2006-11-15 19:20 110612 --a------ C:\WINNT\system32\uovqmamc.exe
2006-11-15 19:10 110612 --a------ C:\WINNT\system32\nklbabai.exe
2006-11-15 14:05 110612 --a------ C:\WINNT\system32\rtpqvbys.exe
2006-11-14 19:06 0 --a------ C:\WINNT\druid_unknown.exe
2006-11-14 19:04 167936 --a------ C:\WINNT\ms03012890280.exe
2006-11-14 13:12 110612 --a------ C:\WINNT\system32\xqbgmkuk.exe
2006-11-14 07:28 10509 -r-h----- C:\WINNT\system32\svch1n.exe
2006-11-13 14:52 110612 --a------ C:\WINNT\system32\vjcmgipj.exe
2006-11-13 14:37 110612 --a------ C:\WINNT\system32\ogggbrle.exe
2006-11-12 20:41 110612 --a------ C:\WINNT\system32\xdqilykk.exe
2006-11-12 20:40 110612 --a------ C:\WINNT\system32\mubawksu.exe
2006-11-12 19:12 110612 --a------ C:\WINNT\system32\vqibvfpd.exe
2006-11-12 02:08 110612 --a------ C:\WINNT\system32\ijllexfp.exe
2006-11-09 17:02 118804 --a------ C:\WINNT\system32\rdfhmxlc.dll
2006-11-09 17:02 110612 --a------ C:\WINNT\system32\kikjknqf.exe
2006-11-09 16:57 2654 --a------ C:\mc44a53.exe
2006-11-09 16:57 110612 --a------ C:\WINNT\system32\dpmxumxc.exe
2006-11-08 21:52 94720 --a------ C:\WINNT\system32\mtnuvee.dll
2006-11-08 21:52 72192 --a------ C:\WINNT\system32\rfwmxjb.dll
2006-11-08 21:38 41520 --a------ C:\WINNT\system32\dxvwchqk.exe
2006-11-08 21:36 161280 --a------ C:\WINNT\system32\orknai.dll
2006-11-08 21:35 45056 --a------ C:\WINNT\hkykagn.exe
2006-11-08 21:34 217346 --a------ C:\WINNT\srvipxwlzp.exe
2006-11-08 21:33 45056 --a------ C:\WINNT\system32\nrnqetwbz.exe
2006-11-08 21:33 28672 --a------ C:\WINNT\system32hlvi6wkjc.exe
2006-11-08 21:33 28672 --a------ C:\WINNT\system32\pfbo0yj.exe
2006-11-08 21:33 28672 --a------ C:\WINNT\system32\hlvi6wkjc.exe
2006-11-08 21:33 24576 --a------ C:\WINNT\system32ysjaevwx.exe
2006-11-08 21:33 24576 --a------ C:\WINNT\system32\ysjaevwx.exe
2006-11-08 21:33 217346 --a------ C:\WINNT\srvtwmxnqu.exe
2006-11-08 21:33 200704 --a------ C:\WINNT\system32\p2jlseh8.dll
2006-11-08 21:33 0 --a------ C:\WINNT\system32nrnqetwbz.exe
2006-11-08 21:27 1465 --a------ C:\dacmi.exe
2006-11-08 21:26 656 --a------ C:\WINNT\system32\sfc_os.dll
2006-11-08 21:26 62464 --a------ C:\oysb.exe
2006-11-08 21:26 55296 --a------ C:\WINNT\system32\msvcrl.dll
2006-11-08 21:22 7114 --a------ C:\WINNT\winjok.exe
2006-11-08 21:22 7114 --a------ C:\WINNT\flash.exe
2006-11-08 20:50 69632 --a------ C:\WINNT\system32\ffgdhfbn.dll
2006-11-08 20:50 41520 --a------ C:\WINNT\system32\dxvwvyfs.exe
2006-11-08 08:27 135168 --a------ C:\WINNT\system32\e0pnii5i6.exe
2006-11-08 02:52 24576 --a------ C:\WINNT\system32\tbiu5xkb.exe
2006-11-06 15:14 155648 --a------ C:\WINNT\system32\dxvwnmra.exe
2006-11-06 14:35 118804 --a------ C:\WINNT\system32\mgngepif.dll
2006-11-06 14:35 110612 --a------ C:\WINNT\system32\uudhykiu.exe
2006-11-06 14:33 201728 --a------ C:\WINNT\system32\dxvwbbql.exe
2006-11-04 15:42 360448 --a------ C:\WINNT\smartdownload.exe
2006-11-04 14:45 118804 --a------ C:\WINNT\system32\qeksqbpo.dll
2006-11-04 14:45 110612 --a------ C:\WINNT\system32\rnwkcdyk.exe
2006-11-03 14:36 60436 --a------ C:\WINNT\system32\huygbjqb.dll
2006-11-03 14:36 118804 --a------ C:\WINNT\system32\oicfmnal.dll
2006-11-03 14:36 110612 --a------ C:\WINNT\system32\yguislss.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"NNTray"="C:\\Program Files\\Net Nanny\\nnstart.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"brwdiag"="C:\\WINNT\\system32\\brwconf.exe"
"DllRunning"="rundll32.exe \"C:\\WINNT\\system32\\slcyabmh.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"forwas"=hex:15,26,db,fb,69
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="confbrw.dll brwstat.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""
"{04CDB16C-AB38-43CD-A86A-6FEB90290939}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"_zlu_zlope06"="c:\\winnt\\system32\\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe"
"Windows update loader"="C:\\Windows\\xpupdate.exe"
"_mzu_stonedrv3"="C:\\WINNT\\system32\\_mzu_stonedrv3.exe"
"Key"="C:\\WINNT\\TEMP\\14D.tmp"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"_zlu_zlope06"="c:\\winnt\\system32\\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe"
"Windows update loader"="C:\\Windows\\xpupdate.exe"
"_mzu_stonedrv3"="C:\\WINNT\\system32\\_mzu_stonedrv3.exe"
"Key"="C:\\WINNT\\TEMP\\14D.tmp"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CSCSettings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mxlyss
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Reliability
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrroll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RunServices
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\trafkbdy
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070128-003430-961
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\System32\angelex.exe (file missing)
backup-20070128-003430-758
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe
backup-20070128-003429-984
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab (http://\"http://click.mirarsearch.com/CABUPDATES/winwcd.cab\")
backup-20070128-003430-701
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
backup-20070128-003430-551
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
backup-20070128-003430-541
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
backup-20070128-003430-367
O23 - Service: mstlsapi - Unknown owner - C:\WINNT\mstlsapi.exe (file missing)
backup-20070128-003430-314
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINNT\system32\aspi3048410.exe (file missing)
backup-20070128-003428-593
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab (http://\"http://awbeta.net-nucleus.com/FIX/WinATS.cab\")
backup-20070128-003428-206
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab (http://\"http://www.nick.com/common/groove/gx/GrooveAX27.cab\")
backup-20070128-003427-641
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\IVANTH~1\LOCALS~1\Temp\mma.chm::/alien.cab
backup-20070128-003427-739
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe (http://\"http://promo.dollarrevenue.com/activex/promocache/3138302D2D2D.exe\")
backup-20070128-003427-317
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.wildtangent.com/webdrivers/webinstall/Install.cab (http://\"http://www.wildtangent.com/webdrivers/webinstall/Install.cab\")
backup-20070128-003426-112
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab (http://\"http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab\")
backup-20070128-003426-938
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.189.118/winsearchie32.chm::/winsearchie32.exe
backup-20070128-003426-652
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\jpsjisqy.exe
backup-20070128-003426-987
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\winnt\system32\_mzu_stonedrv3.exe
backup-20070128-003426-141
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
backup-20070128-003426-282
O4 - HKCU\..\Run: [TaskManager] C:\WINNT\TaskMgr.exe
backup-20070128-003426-340
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
backup-20070128-003426-614
O4 - HKCU\..\Run: [rlkdb] C:\WINNT\system32\vwykak.exe reg_run
backup-20070128-003426-626
O4 - HKCU\..\Run: [_zlu_zlope06] c:\winnt\system32\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe
backup-20070128-003426-105
O4 - HKCU\..\Run: [winsock32] winsock32
backup-20070128-003426-727
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinsqes.exe
backup-20070128-003426-720
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
backup-20070128-003426-549
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\mlheylhy.dll",setvm
backup-20070128-003426-278
O4 - HKCU\..\Run: [stonedrv] c:\winnt\system32\stonedrv.exe
backup-20070128-003426-854
O4 - HKCU\..\Run: [_zlu_zlope04] C:\WINNT\system32\_zsk_zlu_zlope04P\SK^H`VQRIZJNVK.exe
backup-20070128-003426-892
O4 - HKLM\..\Run: [winsock32] winsock32
backup-20070128-003426-570
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\pwinsqes.exe SKY001
backup-20070128-003426-295
O4 - HKLM\..\Run: [vodcyi] C:\WINNT\system32\vwykak.exe reg_run
backup-20070128-003426-213
O4 - HKLM\..\Run: [brwdiag] C:\WINNT\system32\brwconf.exe
backup-20070128-003426-840
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30B0A85A-0AE9-1033-0801-030416200001}\888Bar.dll
backup-20070128-003426-584
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\dsvjd.dll/sp.html#37049
backup-20070128-003426-492
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20070128-003426-488
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20070128-003426-349
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
backup-20070128-003426-221
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\dsvjd.dll/sp.html#37049
backup-20070128-003426-356
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20070128-003426-398
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20070128-003426-189
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\dsvjd.dll/sp.html#37049
backup-20070128-003426-687
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.yieldmanager.com/rw?title=&q...amp;uid=8765607 (http://\"http://ad.yieldmanager.com/rw?title=&qs=iframe3?23AEAJ5EAQDcRwIA1-oAAAIAAAAAAP8AAAAFDgACAAJQUwEAIYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAdY.vI.AAAAAAAA-D8AAIAM6Kf.PwAAAAAAAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWhVLQc81bgEX.J8LwTHa0y9iBPfRmHam2XkBuAAAAAA=,,http://63.123.224.168/mbop/display.php3?aid=36&uid=8765607\") (obfuscated)
backup-20070128-003426-409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
backup-20070128-003426-103
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job
Completion time: 07-01-28 3:41:54
Post by: resevil83 on January 28, 2007, 04:49:56 AM
Sun 01/28/2007 - 3:13:23.15
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
General Network Service
MsaSvc
MZU_RK
TCP and UDP Support
TCP and UDP Supp0rt
Path:
c:\windows\winsocks32.exe
C:\WINNT\system32\msasvc.exe
\??\C:\WINNT\system32\MZU_DRV.sys
C:\WINNT\system32\tcpip.exe /winnt
C:\WINNT\system32\tccpip.exe /winnt
General Network Service Deleted
MsaSvc Deleted
MZU_RK Deleted
TCP and UDP Support Deleted
TCP and UDP Supp0rt Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Killing PID 136 \'smss.exe\'
Killing PID 208 \'winlogon.exe\'
Killing PID 208 \'winlogon.exe\'
Killing PID 208 \'winlogon.exe\'
Reset AppInit_DLLs value
Rebooting...
Normal Mode:
Checking Files:
Files will be copied to Backups folder and removed:
C:\WINNT\SYSTEM32\SVCH1V.DLL - Deleted
C:\WINNT\SYSTEM32\SVCH61L.DLL - Deleted
C:\WINNT\SYSTEM32\SYSTJ1.DLL - Deleted
C:\WINNT\SYSTEM32\TMP_YMA.DLL - Deleted
C:\WINNT\system32\se.exe.exe - Deleted
C:\WINNT\system32\ss.exe.exe - Deleted
C:\WINNT\system32\w.exe.exe - Deleted
C:\WINNT\system32\google.png.exe - Deleted
C:\dbg.txt - Deleted
C:\sstray.exe - Deleted
C:\svhost.exe - Deleted
C:\syst.exe - Deleted
C:\tskmgr.exe - Deleted
C:\WINNT\csrss.exe - Deleted
C:\WINNT\dsrss.exe - Deleted
C:\WINNT\emdat.tm - Deleted
C:\WINNT\emdat.tmp - Deleted
C:\WINNT\ie-hook.txt - Deleted
C:\WINNT\ieredir.exe - Deleted
C:\WINNT\preredir.exe - Deleted
C:\WINNT\s32.txt - Deleted
C:\WINNT\smss.exe - Deleted
C:\WINNT\system32\1.txt - Deleted
C:\WINNT\system32\2.txt - Deleted
C:\WINNT\system32\adirss.exe - Deleted
C:\WINNT\system32\dlh9jkd1q8.exe - Deleted
C:\WINNT\system32\durvil1.exe - Deleted
C:\WINNT\system32\dwdsregt.exe - Deleted
C:\WINNT\system32\form.txt - Deleted
C:\WINNT\system32\ib14.dll - Deleted
C:\WINNT\system32\info.txt - Deleted
C:\WINNT\system32\ipv6monr.dll - Deleted
C:\WINNT\system32\ipv6mons.dll - Deleted
C:\WINNT\system32\kernels1118.exe - Deleted
C:\WINNT\system32\kernels88.exe - Deleted
C:\WINNT\system32\ldinfo.ldr - Deleted
C:\WINNT\system32\mini3tone.ini - Deleted
C:\WINNT\system32\msasvc.exe - Deleted
C:\WINNT\system32\msnav32.ax - Deleted
C:\WINNT\system32\MZU_DRV.sys - Deleted
C:\WINNT\system32\rpcc.dll - Deleted
C:\WINNT\system32\tcpip.exe - Deleted
C:\WINNT\system32\vxga4me1.exe - Deleted
C:\WINNT\system32\vxga5me3.exe - Deleted
C:\WINNT\tcb.pmw - Deleted
C:\WINNT\temp.exe - Deleted
C:\WINNT\Uninst2.htm - Deleted
C:\WINNT\Unist1.htm - Deleted
C:\WINNT\winSock32.exe - Deleted
C:\WINNT\ws386.ini - Deleted
Alternate Streams Check:
C:\WINNT\system32
:lzx32.sys 69038
Total size: 69038 bytes.
Removing ADS...
system32: deleted 69038 bytes in 1 streams.
Checking for remaining Streams
C:\WINNT\system32
No streams found.
Final Check:
Remaining Services:
------------------
[color=\"RED\"]Rootkit PE386 Found![/color]
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\NTDETECT.COM
C:\Documents and Settings\Alys\Local Settings\Temp\ayityfod.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\icqgveqh.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\jovrshtr.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\nblkyfwd.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\nnrttpxm.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\pxgcoqvq.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\qshpyjnq.dll
C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp\lxgbeiad.dll
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883\A0649161.dll
C:\WINNT\apcbw.dll
C:\WINNT\dsvjd.dll
C:\WINNT\rffpo.dll
C:\WINNT\xzmbh.dll
C:\WINNT\Help\starter\mxlyss.dll
C:\WINNT\system32\brwmgr32.dll
C:\WINNT\system32\brwprf32.dll
C:\WINNT\system32\brwstat.dll
C:\WINNT\system32\confbrw.dll
C:\WINNT\system32\hxjqx.dll
C:\WINNT\system32\nkjzp.dll
C:\WINNT\system32\rqrroll.dll
C:\WINNT\system32\tncst.dll
C:\WINNT\system32\urqqpmn.dll
C:\WINNT\system32\vturrrp.dll
C:\WINNT\system32\zlobm.dll
C:\WINNT\system32\zlvcq.dll
C:\Documents and Settings\Alys\Local Settings\Temp\stdrun11.exe
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun11.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun18.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun22.exe
C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp\axcruetn.exe
C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp\qgfxkuck.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\Program Files\à?pPatch\w?auboot.exe
C:\Program Files\??stem32\wuaclt.exe
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP864\A0631953.exe
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP865\A0634981.exe
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883\A0650161.exe
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889\A0650309.exe
C:\WINNT\ntoo.exe
C:\WINNT\wincb.exe
C:\WINNT\system32\addbb.exe
C:\WINNT\system32\atlqh32.exe
C:\WINNT\system32\brwconf.exe
C:\WINNT\system32\brwperf.exe
C:\WINNT\system32\cdplayer.exe.manifest
C:\WINNT\system32\logonui.exe.manifest
C:\WINNT\system32\svch1n.exe
C:\WINNT\system32\svch32q.exe
C:\WINNT\system32\tmp_53.exe
C:\WINNT\system32\tmp_7.exe
C:\WINNT\Temp\stdrun11.exe
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINNT\Help\starter\ssylxm.tmp
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\6752e343d22c025be1f290a6267a146d\BIT66.tmp
C:\WINNT\Temp\77a1rvwi.TMP
C:\WINNT\Temp\jrf82p98.TMP
C:\WINNT\Temp\win18DB.tmp
C:\WINNT\Temp\win2445.tmp
C:\WINNT\Temp\win3C2B.tmp
C:\WINNT\Temp\win437F.tmp
C:\WINNT\Temp\win7955.tmp
C:\WINNT\Temp\win9192.tmp
C:\WINNT\Temp\winB959.tmp
C:\WINNT\Temp\winC420.tmp
C:\WINNT\Temp\winC71C.tmp
C:\WINNT\Temp\winDE97.tmp
C:\WINNT\Temp\winFF6C.tmp
Finished
SmitFraudFix v2.135
Scan done at 1:53:56.00, Sun 01/28/2007
Run from C:\Documents and Settings\Vince.BACKROOM\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler\'s .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
Post by: resevil83 on January 28, 2007, 04:51:12 AM
Scan saved at 3:50:32 AM, on 1/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\tccpip.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\WINNT\system32\cmd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brwdiag] C:\WINNT\system32\brwconf.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\slcyabmh.dll",setvm
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Pop up Blocker Pro - {599125BC-6100-4DC3-BCB9-9452A2192CF5} - C:\Program Files\Pop up Blocker Pro\pdie.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O20 - AppInit_DLLs: confbrw.dll brwstat.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
Post by: guestolo on January 29, 2007, 11:08:50 PM
Can you do the following please
Do a "System scan only" with Hijackthis and put a check next to these entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O4 - HKLM\..\Run: [brwdiag] C:\WINNT\system32\brwconf.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\slcyabmh.dll",setvm
O20 - AppInit_DLLs: confbrw.dll brwstat.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Afterwards
Download Rustbfix from one of these locations:
http://www.uploads.ejvindh.net/rustbfix.exe (http://\"http://www.uploads.ejvindh.net/rustbfix.exe\")
http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe (http://\"http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe\")
...and save it to your desktop.
Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.
In addition to the above logs, can you run Combofix again and post a new log please
Post by: resevil83 on January 30, 2007, 01:22:10 AM
Tue 01/30/2007 0:10:32.39
******************* Pre-run Status of system *******************
Rootkit driver PE386 is found. Starting the unload-procedure....
Rustock.b-ADS attached to the System32-folder:
No streams found.
Looking for Rustock.b-files in the System32-folder:
system32\lzx32.sys FOUND!
attempting to delete lzx32.sys from system32-folder
******************* Post-run Status of system *******************
Rustock.b-driver on the system: NONE!
Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.
Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32
******************************* End of Logfile ********************************
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not create zip file.
Error code: 80
Error: could not create reboot file.
Error code: 80
Error: could not create reboot batch.
Error code: 80
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mbhfjbti
*******************
Script file located at: \??\C:\Documents and Settings\rcfg^cha.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\acgqcjyx
*******************
Script file located at: \??\C:\Documents and Settings\vbmvxddd.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Registry key \Registry\Machine\System\CurrentControlSet\Services\PE386 not found!
Unload of driver PE386 failed!
Could not process line:
PE386
Status: 0xc0000034
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not create zip file.
Error code: 80
Error: could not create reboot file.
Error code: 80
Error: could not create reboot batch.
Error code: 80
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mbhfjbti
*******************
Script file located at: \??\C:\Documents and Settings\rcfg^cha.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\acgqcjyx
*******************
Script file located at: \??\C:\Documents and Settings\vbmvxddd.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Registry key \Registry\Machine\System\CurrentControlSet\Services\PE386 not found!
Unload of driver PE386 failed!
Could not process line:
PE386
Status: 0xc0000034
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
Post by: resevil83 on January 30, 2007, 01:39:47 AM
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Vince.BACKROOM\Desktop"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{0f07c7e9-2dcc-412b-85da-d83e0b23248e}]
[HKEY_CLASSES_ROOT\clsid\{0f07c7e9-2dcc-412b-85da-d83e0b23248e}\InprocServer32]Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{b3d063f3-da51-4e84-9c0a-dbd29d6f3d2a}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{b3d063f3-da51-4e84-9c0a-dbd29d6f3d2a}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{b3d063f3-da51-4e84-9c0a-dbd29d6f3d2a}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{b3d063f3-da51-4e84-9c0a-dbd29d6f3d2a}\InprocServer32]
@="C:\\WINNT\\system32\\vdscript.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{4fc84ece-c733-4bc3-b09b-d19f68ac93ca}]
[HKEY_CLASSES_ROOT\clsid\{4fc84ece-c733-4bc3-b09b-d19f68ac93ca}\InprocServer32]Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{25495b92-f17d-4efa-b756-446393248d0c}]
[HKEY_CLASSES_ROOT\clsid\{25495b92-f17d-4efa-b756-446393248d0c}\InprocServer32]Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{938be103-acb4-4a8e-bec7-f70faaf9b367}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{938be103-acb4-4a8e-bec7-f70faaf9b367}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{938be103-acb4-4a8e-bec7-f70faaf9b367}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{938be103-acb4-4a8e-bec7-f70faaf9b367}\InprocServer32]
@="C:\\WINNT\\system32\\epent97.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\clsid\{3f59d475-f3d3-4667-a1d4-f54828a38d15}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{3f59d475-f3d3-4667-a1d4-f54828a38d15}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{3f59d475-f3d3-4667-a1d4-f54828a38d15}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3f59d475-f3d3-4667-a1d4-f54828a38d15}\InprocServer32]
@="C:\\WINNT\\system32\\icdkcs32.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Granting SeDebugPrivilege to Administrators ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\system32\w002ece6.dll
C:\WINNT\system32\w002ed54.dll
C:\WINNT\system32\w0032953.dll
C:\WINNT\system32\w0032d3b.dll
C:\WINNT\system32\w0037a71.dll
C:\WINNT\system32\w0037e49.dll
C:\WINNT\system32\w003ae13.dll
C:\WINNT\system32\w003aea0.dll
C:\WINNT\system32\w003bfc7.dll
C:\WINNT\system32\w003c361.dll
C:\WINNT\system32\w0043332.dll
C:\WINNT\system32\w0043852.dll
C:\WINNT\system32\w004ba63.dll
C:\WINNT\system32\w004c020.dll
C:\WINNT\system32\w005696f.dll
C:\WINNT\system32\w00569cd.dll
C:\Program Files\VSAdd-in
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\PPATCH~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\PPATCH~1\w?auboot.exe
C:\qoobox\purity\Program Files\STEM32~1\STEM32~1
C:\qoobox\purity\Program Files\STEM32~1\wuaclt.exe
C:\qoobox\purity\WINNT\ECURIT~1
C:\qoobox\purity\WINNT\YMANTE~1
C:\qoobox\purity\WINNT\system32\MBOLS~1
((((((((((((((((((((((((((((((( Files Created from 2006-12-30 to 2007-01-30 ))))))))))))))))))))))))))))))))))
2007-01-30 00:20 88,340 --a------ C:\WINNT\system32\tdsoeyvo.exe
2007-01-30 00:20 76,412 --a------ C:\WINNT\system32\cgovxpdh.dll
2007-01-30 00:20 44,165 --a------ C:\WINNT\system32\iergmope.dll
2007-01-30 00:19 118,804 --a------ C:\WINNT\system32\bnseatjn.dll
2007-01-30 00:17 <DIR> d-------- C:\avenger
2007-01-30 00:10 <DIR> d-------- C:\Rustbfix
2007-01-30 00:02 57,344 --a------ C:\WINNT\system32\aaa000002c.dll
2007-01-29 23:54 93,564 --a------ C:\WINNT\PID47IER.exe
2007-01-29 23:53 93,564 --a------ C:\WINNT\PID53IER.exe
2007-01-29 11:28 110,592 --a------ C:\TTC.dll
2007-01-28 03:43 17,920 --a------ C:\WINNT\system32\tccpip.exe
2007-01-28 03:42 88,340 --a------ C:\WINNT\system32\issuwnjf.exe
2007-01-28 03:26 88,340 --a------ C:\WINNT\system32\vhnkhijq.exe
2007-01-28 03:26 118,804 --a------ C:\WINNT\system32\slcyabmh.dll
2007-01-28 01:48 2,388 --a------ C:\WINNT\system32\tmp.reg
2007-01-28 01:47 79,360 --a------ C:\WINNT\system32\swxcacls.exe
2007-01-28 01:47 53,248 --a------ C:\WINNT\system32\Process.exe
2007-01-28 01:47 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-01-28 01:47 40,960 --a------ C:\WINNT\system32\swsc.exe
2007-01-28 01:47 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-01-28 01:47 135,168 --a------ C:\WINNT\system32\swreg.exe
2007-01-28 00:13 88,340 --a------ C:\WINNT\system32\muqaqicc.exe
2007-01-27 23:52 88,340 --a------ C:\WINNT\system32\ojxrusoa.exe
2007-01-27 23:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-27 23:35 <DIR> d-------- C:\DOCUME~1\VINCE~1.BAC\Application Data\Lavasoft
2007-01-27 22:42 88,340 --a------ C:\WINNT\system32\hjtqjijb.exe
2007-01-27 22:42 118,804 --a------ C:\WINNT\system32\mlheylhy.dll
2007-01-27 22:10 88,340 --a------ C:\WINNT\system32\bjmvqrjr.exe
2007-01-27 21:56 49,152 --ah----- C:\WINNT\system32\brwconf.exe
2007-01-27 21:48 88,340 --a------ C:\WINNT\system32\kobsamws.exe
2007-01-27 21:48 118,804 --a------ C:\WINNT\system32\idbuhqtr.dll
2007-01-27 21:39 95,744 --a------ C:\WINNT\system32\drivera.exe
2007-01-27 21:39 150,016 --a------ C:\WINNT\system32\drivera.dll
2007-01-27 21:38 95,744 --a------ C:\WINNT\monterreya_unknown.exe
2007-01-27 14:48 88,340 --a------ C:\WINNT\system32\bdkifmhs.exe
2007-01-27 14:47 118,804 --a------ C:\WINNT\system32\pcitmcrp.dll
2007-01-27 13:35 95,744 --a------ C:\WINNT\system32\monterreya_unknown.exe
2007-01-27 13:35 88,340 --a------ C:\WINNT\system32\citgwfcc.exe
2007-01-25 01:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-25 01:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-01-25 01:22 <DIR> d-------- C:\SDFix
2007-01-21 02:17 <DIR> d-------- C:\HJT
2007-01-18 22:39 88,340 --a------ C:\WINNT\system32\dvhuhvmq.exe
2007-01-18 22:39 118,804 --a------ C:\WINNT\system32\dqquglku.dll
2007-01-18 21:28 88,340 --a------ C:\WINNT\system32\pejcrrpg.exe
2007-01-18 21:28 118,804 --a------ C:\WINNT\system32\rlaswfmy.dll
2007-01-18 21:22 95,744 --a------ C:\WINNT\system32\durvilz.exe
2007-01-18 21:22 95,744 --a------ C:\WINNT\system32\druidz_unknown.exe
2007-01-18 21:22 150,016 --a------ C:\WINNT\system32\durvilz.dll
2007-01-15 16:50 <DIR> d-------- C:\Program Files\Exolon
2007-01-15 16:49 100,843 --a------ C:\WINNT\tpup.exe
2007-01-07 20:27 931 --a------ C:\WINNT\system32\winpfz32.sys
2007-01-07 20:24 88,340 --a------ C:\WINNT\system32\eawvpssc.exe
2007-01-06 23:42 88,340 --a------ C:\WINNT\system32\iffdupbs.exe
2007-01-06 23:41 88,340 --a------ C:\WINNT\system32\kblayvxm.exe
2007-01-06 21:23 88,340 --a------ C:\WINNT\system32\gtrsykbu.exe
2007-01-05 05:31 184,432 --a------ C:\WINNT\system32\pwinsqeb.exe
2007-01-04 19:31 184,395 --a------ C:\WINNT\system32\pwinsqed.exe
2007-01-04 19:25 88,340 --a------ C:\WINNT\system32\ppgmkvoa.exe
2007-01-04 19:13 88,340 --a------ C:\WINNT\system32\hvyicstj.exe
2007-01-04 19:09 93,696 --a------ C:\WINNT\system32\wdokbye.dll
2007-01-03 16:07 13,098 --a------ C:\WINNT\system32\731402ld.exe
2007-01-03 08:42 <DIR> d-------- C:\DeluxeCommunications
2007-01-03 08:39 93,696 --a------ C:\WINNT\system32\hrcopul.dll
2007-01-03 08:39 9,767 --a------ C:\bghtcbd.exe
2007-01-03 08:39 3,648 --a------ C:\klnl.exe
2007-01-03 08:39 23,552 --a------ C:\bhbn.exe
2007-01-03 00:37 88,340 --a------ C:\WINNT\system32\rishhgwu.exe
2007-01-02 23:50 88,340 --a------ C:\WINNT\system32\harqceks.exe
2006-12-31 11:37 81,684 --a------ C:\WINNT\system32\bulpyxam.dll
2006-12-31 11:36 88,340 --a------ C:\WINNT\system32\ehvsduuw.exe
2006-12-31 11:34 88,340 --a------ C:\WINNT\system32\jqjhitpr.exe
2006-12-31 11:21 35,840 --a------ C:\WINNT\TaskMgr.exe
2006-12-31 03:18 88,340 --a------ C:\WINNT\system32\yvglruse.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-30 00:31 -------- d-------- C:\Program Files\msn gaming zone
2007-01-30 00:17 -------- dr------- C:\Program Files\net nanny
2007-01-29 23:54 6737 --a------ C:\WINNT\system32\ldcore.dll
2007-01-28 03:44 -------- d--h----- C:\Program Files\bho plugin
2007-01-28 02:54 -------- d-------- C:\Program Files\vstoolbar
2007-01-27 23:35 -------- d-------- C:\Program Files\lavasoft
2007-01-27 23:35 -------- d-------- C:\Documents and Settings\Vince.BACKROOM\Application Data\lavasoft
2007-01-18 22:39 929 --a------ C:\WINNT\system32\winpfg32.sys
2007-01-04 19:14 -------- d-------- C:\Program Files\limewire
2006-12-29 14:25 88340 --a------ C:\WINNT\system32\elmjmvsr.exe
2006-12-29 13:42 88340 --a------ C:\WINNT\system32\ipndxohb.exe
2006-12-28 19:00 -------- d-------- C:\Program Files\aim
2006-12-28 18:44 88340 --a------ C:\WINNT\system32\gncpdkqf.exe
2006-12-28 18:30 88340 --a------ C:\WINNT\system32\iowdatel.exe
2006-12-28 18:30 44060 --a------ C:\WINNT\system32\wsdgotag.dll
2006-12-27 02:40 88340 --a------ C:\WINNT\system32\cxobntju.exe
2006-12-26 12:04 88340 --a------ C:\WINNT\system32\avrchesr.exe
2006-12-26 12:01 88340 --a------ C:\WINNT\system32\gcfcxcap.exe
2006-12-26 10:35 88340 --a------ C:\WINNT\system32\jkdmblhc.exe
2006-12-25 23:29 -------- d-------- C:\Documents and Settings\Vince.BACKROOM\Application Data\limewire
2006-12-25 22:14 -------- d---s---- C:\Documents and Settings\Vince.BACKROOM\Application Data\microsoft
2006-12-25 21:27 88340 --a------ C:\WINNT\system32\auyejhtg.exe
2006-12-25 17:24 88340 --a------ C:\WINNT\system32\xwltmfom.exe
2006-12-25 17:24 60436 --a------ C:\WINNT\system32\rtacltit.dll
2006-12-25 17:17 -------- d-------- C:\Program Files\itunes
2006-12-25 17:17 -------- d-------- C:\Program Files\ipod
2006-12-25 17:14 -------- d-------- C:\Program Files\quicktime
2006-12-25 17:11 -------- d-------- C:\Program Files\apple software update
2006-12-25 15:02 88340 --a------ C:\WINNT\system32\yxxseknn.exe
2006-12-25 14:49 88340 --a------ C:\WINNT\system32\vdbyqyll.exe
2006-12-25 14:43 88340 --a------ C:\WINNT\system32\pjnealoc.exe
2006-12-25 13:34 2 --a------ C:\WINNT\system32\wnstssv.exe
2006-12-25 13:33 88340 --a------ C:\WINNT\system32\piolqvwg.exe
2006-12-21 00:31 0 --a------ C:\WINNT\ff9n1vvm.exe
2006-12-19 08:16 44052 --a------ C:\WINNT\system32\anugbmlt.dll
2006-12-19 08:15 93696 --a------ C:\WINNT\system32\ansfsrg.dll
2006-12-19 08:15 88340 --a------ C:\WINNT\system32\iiyhgqcc.exe
2006-12-19 08:13 118804 --a------ C:\WINNT\system32\quidooai.dll
2006-12-18 09:13 53248 --ah----- C:\WINNT\system32\confbrw.dll
2006-12-18 09:13 49152 --ah----- C:\WINNT\system32\brwprf32.dll
2006-12-18 09:13 40960 --ah----- C:\WINNT\system32\brwperf.exe
2006-12-18 09:13 335872 --ah----- C:\WINNT\system32\brwmgr32.dll
2006-12-18 09:13 126976 --ah----- C:\WINNT\system32\brwstat.dll
2006-12-14 15:23 89088 --a------ C:\WINNT\system32\qfyqakn.dll
2006-12-14 15:22 17592 --a------ C:\3456346345643.exe
2006-12-14 15:18 88340 --a------ C:\WINNT\system32\dfcdcxxc.exe
2006-12-14 15:18 66048 --a------ C:\WINNT\system32\durvily.dll
2006-12-14 15:18 126996 --a------ C:\WINNT\system32\ghycmvth.dll
2006-12-14 15:18 121856 --a------ C:\WINNT\system32\durvily.exe
2006-12-14 15:18 121856 --a------ C:\WINNT\system32\druidy_unknown.exe
2006-12-12 21:24 88340 --a------ C:\WINNT\system32\mfqlgnxp.exe
2006-12-12 21:24 126996 --a------ C:\WINNT\system32\dsiyhtkx.dll
2006-12-12 21:21 60436 --a------ C:\WINNT\system32\cetiovja.dll
2006-12-12 21:19 69632 --a------ C:\WINNT\system32\kbfgldbp.dll
2006-12-11 07:44 58880 --a------ C:\WINNT\system32\vnscct.dll
2006-12-04 22:32 10613 -r-h----- C:\WINNT\system32\tmp_7.exe
2006-12-04 22:32 10613 -r-h----- C:\WINNT\system32\svch32q.exe
2006-12-04 14:43 88340 --a------ C:\WINNT\system32\redtociv.exe
2006-12-03 15:03 88340 --a------ C:\WINNT\system32\ujhwysvc.exe
2006-12-03 15:03 42516 --a------ C:\WINNT\system32\elrmoxli.dll
2006-12-03 15:02 9216 --a------ C:\WINNT\system32\e1.dll
2006-11-28 15:01 56320 --a------ C:\WINNT\system32\bgnfwko.dll
2006-11-25 11:51 126996 --a------ C:\WINNT\system32\lmckjhjk.dll
2006-11-25 11:51 110612 --a------ C:\WINNT\system32\ttdmysqp.exe
2006-11-25 11:49 110612 --a------ C:\WINNT\system32\woaiwyag.exe
2006-11-25 11:48 126996 --a------ C:\WINNT\system32\tmlbhinh.dll
2006-11-25 11:47 110612 --a------ C:\WINNT\system32\dhclwbme.exe
2006-11-25 00:33 126996 --a------ C:\WINNT\system32\eeqaaxun.dll
2006-11-25 00:33 110612 --a------ C:\WINNT\system32\enkedeea.exe
2006-11-25 00:32 110612 --a------ C:\WINNT\system32\xocmqlfs.exe
2006-11-24 22:11 38420 --a------ C:\WINNT\system32\pjuxptvk.dll
2006-11-24 22:11 126996 --a------ C:\WINNT\system32\twxkcqjp.dll
2006-11-24 22:11 110612 --a------ C:\WINNT\system32\mqtblbef.exe
2006-11-24 11:33 110612 --a------ C:\WINNT\system32\yrurktth.exe
2006-11-22 21:14 110612 --a------ C:\WINNT\system32\tayaxkyc.exe
2006-11-22 21:13 126996 --a------ C:\WINNT\system32\kgpfbhct.dll
2006-11-22 16:16 126996 --a------ C:\WINNT\system32\bwlesyvf.dll
2006-11-22 16:16 110612 --a------ C:\WINNT\system32\jnkxpkqt.exe
2006-11-22 16:15 110612 --a------ C:\WINNT\system32\egepfwmh.exe
2006-11-22 16:14 110612 --a------ C:\WINNT\system32\vxxtccqx.exe
2006-11-22 15:11 126996 --a------ C:\WINNT\system32\jkugjkcy.dll
2006-11-22 15:11 110612 --a------ C:\WINNT\system32\pplgksfc.exe
2006-11-18 10:59 126996 --a------ C:\WINNT\system32\cofrnicq.dll
2006-11-18 10:59 110612 --a------ C:\WINNT\system32\cyunnojo.exe
2006-11-18 07:15 110612 --a------ C:\WINNT\system32\qspcuvkm.exe
2006-11-18 07:14 131604 --a------ C:\WINNT\system32\walikbmv.dll
2006-11-18 07:14 126996 --a------ C:\WINNT\system32\xbcooiwr.dll
2006-11-17 18:49 126996 --a------ C:\WINNT\system32\dxedjwrs.dll
2006-11-17 18:48 110612 --a------ C:\WINNT\system32\ppnwtfly.exe
2006-11-17 18:25 126996 --a------ C:\WINNT\system32\fbnwtjyv.dll
2006-11-17 18:25 110612 --a------ C:\WINNT\system32\yqjdaain.exe
2006-11-17 15:52 126996 --a------ C:\WINNT\system32\eaavxxyh.dll
2006-11-17 15:19 126996 --a------ C:\WINNT\system32\eroxhqki.dll
2006-11-17 15:19 110612 --a------ C:\WINNT\system32\axqvaeyc.exe
2006-11-17 14:43 10609 -r-h----- C:\WINNT\system32\tmp_53.exe
2006-11-17 13:39 110612 --a------ C:\WINNT\system32\ypysegdi.exe
2006-11-17 13:38 126996 --a------ C:\WINNT\system32\gruywbts.dll
2006-11-16 18:15 110612 --a------ C:\WINNT\system32\tqtnehpg.exe
2006-11-16 18:14 126996 --a------ C:\WINNT\system32\ltxgobbh.dll
2006-11-16 17:17 126996 --a------ C:\WINNT\system32\dtxogqru.dll
2006-11-16 17:16 110612 --a------ C:\WINNT\system32\cjhfwtwe.exe
2006-11-16 13:46 126996 --a------ C:\WINNT\system32\apuuovoi.dll
2006-11-16 13:46 110612 --a------ C:\WINNT\system32\oqlgvwwv.exe
2006-11-15 20:16 110612 --a------ C:\WINNT\system32\fvkcgcgp.exe
2006-11-15 20:03 110612 --a------ C:\WINNT\system32\ogfljqdk.exe
2006-11-15 19:59 110612 --a------ C:\WINNT\system32\tkjikfwr.exe
2006-11-15 19:23 110612 --a------ C:\WINNT\system32\rcjvpytp.exe
2006-11-15 19:20 110612 --a------ C:\WINNT\system32\uovqmamc.exe
2006-11-15 19:10 110612 --a------ C:\WINNT\system32\nklbabai.exe
2006-11-15 14:05 110612 --a------ C:\WINNT\system32\rtpqvbys.exe
2006-11-14 19:06 0 --a------ C:\WINNT\druid_unknown.exe
2006-11-14 19:04 167936 --a------ C:\WINNT\ms03012890280.exe
2006-11-14 13:12 110612 --a------ C:\WINNT\system32\xqbgmkuk.exe
2006-11-14 07:28 10509 -r-h----- C:\WINNT\system32\svch1n.exe
2006-11-13 14:52 110612 --a------ C:\WINNT\system32\vjcmgipj.exe
2006-11-13 14:37 110612 --a------ C:\WINNT\system32\ogggbrle.exe
2006-11-12 20:41 110612 --a------ C:\WINNT\system32\xdqilykk.exe
2006-11-12 20:40 110612 --a------ C:\WINNT\system32\mubawksu.exe
2006-11-12 19:12 110612 --a------ C:\WINNT\system32\vqibvfpd.exe
2006-11-12 02:08 110612 --a------ C:\WINNT\system32\ijllexfp.exe
2006-11-09 17:02 118804 --a------ C:\WINNT\system32\rdfhmxlc.dll
2006-11-09 17:02 110612 --a------ C:\WINNT\system32\kikjknqf.exe
2006-11-09 16:57 2654 --a------ C:\mc44a53.exe
2006-11-09 16:57 110612 --a------ C:\WINNT\system32\dpmxumxc.exe
2006-11-08 21:52 94720 --a------ C:\WINNT\system32\mtnuvee.dll
2006-11-08 21:52 72192 --a------ C:\WINNT\system32\rfwmxjb.dll
2006-11-08 21:38 41520 --a------ C:\WINNT\system32\dxvwchqk.exe
2006-11-08 21:36 161280 --a------ C:\WINNT\system32\orknai.dll
2006-11-08 21:35 45056 --a------ C:\WINNT\hkykagn.exe
2006-11-08 21:34 217346 --a------ C:\WINNT\srvipxwlzp.exe
2006-11-08 21:33 45056 --a------ C:\WINNT\system32\nrnqetwbz.exe
2006-11-08 21:33 28672 --a------ C:\WINNT\system32hlvi6wkjc.exe
2006-11-08 21:33 28672 --a------ C:\WINNT\system32\pfbo0yj.exe
2006-11-08 21:33 28672 --a------ C:\WINNT\system32\hlvi6wkjc.exe
2006-11-08 21:33 24576 --a------ C:\WINNT\system32ysjaevwx.exe
2006-11-08 21:33 24576 --a------ C:\WINNT\system32\ysjaevwx.exe
2006-11-08 21:33 217346 --a------ C:\WINNT\srvtwmxnqu.exe
2006-11-08 21:33 200704 --a------ C:\WINNT\system32\p2jlseh8.dll
2006-11-08 21:33 0 --a------ C:\WINNT\system32nrnqetwbz.exe
2006-11-08 21:27 1465 --a------ C:\dacmi.exe
2006-11-08 21:26 656 --a------ C:\WINNT\system32\sfc_os.dll
2006-11-08 21:26 62464 --a------ C:\oysb.exe
2006-11-08 21:26 55296 --a------ C:\WINNT\system32\msvcrl.dll
2006-11-08 21:22 7114 --a------ C:\WINNT\winjok.exe
2006-11-08 21:22 7114 --a------ C:\WINNT\flash.exe
2006-11-08 20:50 69632 --a------ C:\WINNT\system32\ffgdhfbn.dll
2006-11-08 20:50 41520 --a------ C:\WINNT\system32\dxvwvyfs.exe
2006-11-08 08:27 135168 --a------ C:\WINNT\system32\e0pnii5i6.exe
2006-11-08 02:52 24576 --a------ C:\WINNT\system32\tbiu5xkb.exe
2006-11-06 15:14 155648 --a------ C:\WINNT\system32\dxvwnmra.exe
2006-11-06 14:35 118804 --a------ C:\WINNT\system32\mgngepif.dll
2006-11-06 14:35 110612 --a------ C:\WINNT\system32\uudhykiu.exe
2006-11-06 14:33 201728 --a------ C:\WINNT\system32\dxvwbbql.exe
2006-11-04 15:42 360448 --a------ C:\WINNT\smartdownload.exe
2006-11-04 14:45 118804 --a------ C:\WINNT\system32\qeksqbpo.dll
2006-11-04 14:45 110612 --a------ C:\WINNT\system32\rnwkcdyk.exe
2006-11-03 14:36 60436 --a------ C:\WINNT\system32\huygbjqb.dll
2006-11-03 14:36 118804 --a------ C:\WINNT\system32\oicfmnal.dll
2006-11-03 14:36 110612 --a------ C:\WINNT\system32\yguislss.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"NNTray"="C:\\Program Files\\Net Nanny\\nnstart.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"aaa00000"="RUNDLL32.EXE aaa000002c.dll,n 0000000000000030"
"cixo"="C:\\WINNT\\$NtUninstallKB898461$\\cixo.exe"
"DllRunning"="rundll32.exe \"C:\\WINNT\\system32\\bnseatjn.dll\",setvm"
"brwdiag"="C:\\WINNT\\system32\\brwconf.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"forwas"=hex:15,26,db,fb,69
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="c:\winnt\system32\ldcore.dll confbrw.dll brwstat.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""
"{04CDB16C-AB38-43CD-A86A-6FEB90290939}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"_zlu_zlope06"="c:\\winnt\\system32\\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe"
"Windows update loader"="C:\\Windows\\xpupdate.exe"
"_mzu_stonedrv3"="C:\\WINNT\\system32\\_mzu_stonedrv3.exe"
"Key"="C:\\WINNT\\TEMP\\14D.tmp"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"_zlu_zlope06"="c:\\winnt\\system32\\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe"
"Windows update loader"="C:\\Windows\\xpupdate.exe"
"_mzu_stonedrv3"="C:\\WINNT\\system32\\_mzu_stonedrv3.exe"
"Key"="C:\\WINNT\\TEMP\\14D.tmp"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source REG_SZ C:\Program Files\MSN Gaming Zone\virto.html
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mxlyss
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrroll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\trafkbdy
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job
Completion time: 07-01-30 0:36:56
C:\ComboFix2.txt ... 07-01-28 03:41
Post by: guestolo on January 30, 2007, 08:20:53 AM
Can you do the following
Download [color=\"#FF0000\"]The Avenger.zip[/color] (http://\"http://swandog46.geekstogo.com/avenger.zip\") by Swandog46 to your Desktop.
* Click on Avenger.zip to open the file
* Extract avenger.exe to your desktop
LOG OFF any other users on the computer except for yourself
Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
Make sure you include "Files to delete:"
=============================================================
[color=\"#0000FF\"]
Files to delete:
C:\WINNT\system32\tdsoeyvo.exe
C:\WINNT\system32\cgovxpdh.dll
C:\WINNT\system32\iergmope.dll
C:\WINNT\system32\bnseatjn.dll
C:\WINNT\system32\aaa000002c.dll
C:\WINNT\PID47IER.exe
C:\WINNT\PID53IER.exe
C:\TTC.dll
C:\WINNT\system32\tccpip.exe
C:\WINNT\system32\issuwnjf.exe
C:\WINNT\system32\vhnkhijq.exe
C:\WINNT\system32\slcyabmh.dll
C:\WINNT\system32\muqaqicc.exe
C:\WINNT\system32\ojxrusoa.exe
C:\WINNT\system32\hjtqjijb.exe
C:\WINNT\system32\mlheylhy.dll
C:\WINNT\system32\bjmvqrjr.exe
C:\WINNT\system32\brwconf.exe
C:\WINNT\system32\kobsamws.exe
C:\WINNT\system32\idbuhqtr.dll
C:\WINNT\system32\drivera.exe
C:\WINNT\system32\drivera.dll
C:\WINNT\monterreya_unknown.exe
C:\WINNT\system32\bdkifmhs.exe
C:\WINNT\system32\pcitmcrp.dll
C:\WINNT\system32\monterreya_unknown.exe
C:\WINNT\system32\citgwfcc.exe
C:\WINNT\system32\dvhuhvmq.exe
C:\WINNT\system32\dqquglku.dll
C:\WINNT\system32\pejcrrpg.exe
C:\WINNT\system32\rlaswfmy.dll
C:\WINNT\system32\durvilz.exe
C:\WINNT\system32\druidz_unknown.exe
C:\WINNT\system32\durvilz.dll
C:\WINNT\tpup.exe
C:\WINNT\system32\winpfz32.sys
C:\WINNT\system32\eawvpssc.exe
C:\WINNT\system32\iffdupbs.exe
C:\WINNT\system32\kblayvxm.exe
C:\WINNT\system32\gtrsykbu.exe
C:\WINNT\system32\pwinsqeb.exe
C:\WINNT\system32\pwinsqed.exe
C:\WINNT\system32\ppgmkvoa.exe
C:\WINNT\system32\hvyicstj.exe
C:\WINNT\system32\wdokbye.dll
C:\WINNT\system32\731402ld.exe
C:\WINNT\system32\hrcopul.dll
C:\bghtcbd.exe
C:\klnl.exe
C:\bhbn.exe
C:\WINNT\system32\rishhgwu.exe
C:\WINNT\system32\harqceks.exe
C:\WINNT\system32\bulpyxam.dll
C:\WINNT\system32\ehvsduuw.exe
C:\WINNT\system32\jqjhitpr.exe
C:\WINNT\TaskMgr.exe
C:\WINNT\system32\yvglruse.exe
C:\WINNT\system32\winpfg32.sys
C:\WINNT\system32\elmjmvsr.exe
C:\WINNT\system32\ipndxohb.exe
C:\WINNT\system32\gncpdkqf.exe
C:\WINNT\system32\iowdatel.exe
C:\WINNT\system32\wsdgotag.dll
C:\WINNT\system32\cxobntju.exe
C:\WINNT\system32\avrchesr.exe
C:\WINNT\system32\gcfcxcap.exe
C:\WINNT\system32\jkdmblhc.exe
C:\WINNT\system32\auyejhtg.exe
C:\WINNT\system32\xwltmfom.exe
C:\WINNT\system32\rtacltit.dll
C:\WINNT\system32\yxxseknn.exe
C:\WINNT\system32\vdbyqyll.exe
C:\WINNT\system32\pjnealoc.exe
C:\WINNT\system32\wnstssv.exe
C:\WINNT\system32\piolqvwg.exe
C:\WINNT\ff9n1vvm.exe
C:\WINNT\system32\anugbmlt.dll
C:\WINNT\system32\ansfsrg.dll
C:\WINNT\system32\iiyhgqcc.exe
C:\WINNT\system32\quidooai.dll
C:\WINNT\system32\confbrw.dll
C:\WINNT\system32\brwprf32.dll
C:\WINNT\system32\brwperf.exe
C:\WINNT\system32\brwmgr32.dll
C:\WINNT\system32\brwstat.dll
C:\WINNT\system32\qfyqakn.dll
C:\3456346345643.exe
C:\WINNT\system32\dfcdcxxc.exe
C:\WINNT\system32\durvily.dll
C:\WINNT\system32\ghycmvth.dll
C:\WINNT\system32\durvily.exe
C:\WINNT\system32\druidy_unknown.exe
C:\WINNT\system32\mfqlgnxp.exe
C:\WINNT\system32\dsiyhtkx.dll
C:\WINNT\system32\cetiovja.dll
C:\WINNT\system32\kbfgldbp.dll
C:\WINNT\system32\vnscct.dll
C:\WINNT\system32\tmp_7.exe
C:\WINNT\system32\svch32q.exe
C:\WINNT\system32\redtociv.exe
C:\WINNT\system32\ujhwysvc.exe
C:\WINNT\system32\elrmoxli.dll
C:\WINNT\system32\e1.dll
C:\WINNT\system32\bgnfwko.dll
C:\WINNT\system32\lmckjhjk.dll
C:\WINNT\system32\ttdmysqp.exe
C:\WINNT\system32\woaiwyag.exe
C:\WINNT\system32\tmlbhinh.dll
C:\WINNT\system32\dhclwbme.exe
C:\WINNT\system32\eeqaaxun.dll
C:\WINNT\system32\enkedeea.exe
C:\WINNT\system32\xocmqlfs.exe
C:\WINNT\system32\pjuxptvk.dll
C:\WINNT\system32\twxkcqjp.dll
C:\WINNT\system32\mqtblbef.exe
C:\WINNT\system32\yrurktth.exe
C:\WINNT\system32\tayaxkyc.exe
C:\WINNT\system32\kgpfbhct.dll
C:\WINNT\system32\bwlesyvf.dll
C:\WINNT\system32\jnkxpkqt.exe
C:\WINNT\system32\egepfwmh.exe
C:\WINNT\system32\vxxtccqx.exe
C:\WINNT\system32\jkugjkcy.dll
C:\WINNT\system32\pplgksfc.exe
C:\WINNT\system32\cofrnicq.dll
C:\WINNT\system32\cyunnojo.exe
C:\WINNT\system32\qspcuvkm.exe
C:\WINNT\system32\walikbmv.dll
C:\WINNT\system32\xbcooiwr.dll
C:\WINNT\system32\dxedjwrs.dll
C:\WINNT\system32\ppnwtfly.exe
C:\WINNT\system32\fbnwtjyv.dll
C:\WINNT\system32\yqjdaain.exe
C:\WINNT\system32\eaavxxyh.dll
C:\WINNT\system32\eroxhqki.dll
C:\WINNT\system32\axqvaeyc.exe
C:\WINNT\system32\tmp_53.exe
C:\WINNT\system32\ypysegdi.exe
C:\WINNT\system32\gruywbts.dll
C:\WINNT\system32\tqtnehpg.exe
C:\WINNT\system32\ltxgobbh.dll
C:\WINNT\system32\dtxogqru.dll
C:\WINNT\system32\cjhfwtwe.exe
C:\WINNT\system32\apuuovoi.dll
C:\WINNT\system32\oqlgvwwv.exe
C:\WINNT\system32\fvkcgcgp.exe
C:\WINNT\system32\ogfljqdk.exe
C:\WINNT\system32\tkjikfwr.exe
C:\WINNT\system32\rcjvpytp.exe
C:\WINNT\system32\uovqmamc.exe
C:\WINNT\system32\nklbabai.exe
C:\WINNT\system32\rtpqvbys.exe
C:\WINNT\druid_unknown.exe
C:\WINNT\ms03012890280.exe
C:\WINNT\system32\xqbgmkuk.exe
C:\WINNT\system32\svch1n.exe
C:\WINNT\system32\vjcmgipj.exe
C:\WINNT\system32\ogggbrle.exe
C:\WINNT\system32\xdqilykk.exe
C:\WINNT\system32\mubawksu.exe
C:\WINNT\system32\vqibvfpd.exe
C:\WINNT\system32\ijllexfp.exe
C:\WINNT\system32\rdfhmxlc.dll
C:\WINNT\system32\kikjknqf.exe
C:\mc44a53.exe
C:\WINNT\system32\dpmxumxc.exe
C:\WINNT\system32\mtnuvee.dll
C:\WINNT\system32\rfwmxjb.dll
C:\WINNT\system32\dxvwchqk.exe
C:\WINNT\system32\orknai.dll
C:\WINNT\hkykagn.exe
C:\WINNT\srvipxwlzp.exe
C:\WINNT\system32\nrnqetwbz.exe
C:\WINNT\system32hlvi6wkjc.exe
C:\WINNT\system32\pfbo0yj.exe
C:\WINNT\system32\hlvi6wkjc.exe
C:\WINNT\system32ysjaevwx.exe
C:\WINNT\system32\ysjaevwx.exe
C:\WINNT\srvtwmxnqu.exe
C:\WINNT\system32\p2jlseh8.dll
C:\WINNT\system32nrnqetwbz.exe
C:\dacmi.exe
C:\oysb.exe
C:\WINNT\system32\msvcrl.dll
C:\WINNT\winjok.exe
C:\WINNT\flash.exe
C:\WINNT\system32\ffgdhfbn.dll
C:\WINNT\system32\dxvwvyfs.exe
C:\WINNT\system32\e0pnii5i6.exe
C:\WINNT\system32\tbiu5xkb.exe
C:\WINNT\system32\dxvwnmra.exe
C:\WINNT\system32\mgngepif.dll
C:\WINNT\system32\uudhykiu.exe
C:\WINNT\system32\dxvwbbql.exe
C:\WINNT\system32\qeksqbpo.dll
C:\WINNT\system32\rnwkcdyk.exe
C:\WINNT\system32\huygbjqb.dll
C:\WINNT\system32\oicfmnal.dll
C:\WINNT\system32\yguislss.exe
Folders to delete:
C:\DeluxeCommunications
C:\Program Files\bho plugin
C:\Program Files\vstoolbar
Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks | {04CDB16C-AB38-43CD-A86A-6FEB90290939}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | aaa00000
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | cixo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | DllRunning
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | brwdiag
HKEY_USERS\.default\software\microsoft\windows\currentversion\run | _zlu_zlope06
HKEY_USERS\.default\software\microsoft\windows\currentversion\run | Windows update loader
HKEY_USERS\.default\software\microsoft\windows\currentversion\run | _mzu_stonedrv3
HKEY_USERS\.default\software\microsoft\windows\currentversion\run | Key
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run | _zlu_zlope06
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run | Windows update loader
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run | _mzu_stonedrv3
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run | Key
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer | ForceActiveDesktopOn
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer | ForceActiveDesktopOn
Registry values to replace with dummy:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | appinit_dlls[/color]
==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt
* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
* Answer "Yes" twice when prompted.
Avenger should now Reboot your computer
Back in Windows
Can you do the following
Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")
==Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
- Back at the main window, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found: (http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif)
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
(http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif)
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. - After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Post a fresh hijackthis log
Post the log from Avenger, located here>>C:\Avenger.txt
In addition, can you run Combofix again and post it's new log
NOTE: It may take more than one reply to post the above logs, please do so if needed!
Post by: resevil83 on February 01, 2007, 02:34:17 AM
dobuge.exe;c:\winnt\$ntuninstallkb899587$;Adware.Adpower;Incurable.Will be moved after reboot.;
mxlyss.dll;c:\winnt\help\starter;Trojan.Virtumod;Will be cured after reboot.;
jtxeqilr.dll;c:\winnt\system32;Trojan.Virtumod;Will be cured after reboot.;
rqrroll.dll;c:\winnt\system32;Trojan.Virtumod;Will be cured after reboot.;
803_104.exe\data001;C:\803_104.exe;Trojan.Popuper;;
803_104.exe\data002;C:\803_104.exe;Trojan.Popuper;;
803_104.exe;C:\;Archive contains infected objects;Moved.;
814.exe\data002;C:\814.exe;Trojan.Dyfuca;;
814.exe;C:\;Archive contains infected objects;Moved.;
919_133.exe\data001;C:\919_133.exe;Trojan.Dyfuca;;
919_133.exe;C:\;Archive contains infected objects;Moved.;
921_135.exe\data001;C:\921_135.exe;Adware.Bagon;;
921_135.exe\data002;C:\921_135.exe;Adware.Bagon;;
921_135.exe;C:\;Archive contains infected objects;Moved.;
921_135b.exe\data001;C:\921_135b.exe;Adware.Bagon;;
921_135b.exe\data002;C:\921_135b.exe;Trojan.MulDrop.4522;;
921_135b.exe;C:\;Archive contains infected objects;Moved.;
fjsav.exe;C:\;Trojan.Click.1567;Deleted.;
InstallerC.exe;C:\;Adware.Ykemi;Incurable.Moved.;
jfaj.exe;C:\;Trojan.Proxy.1052;Deleted.;
mffn.exe;C:\;Trojan.PWS.Snap;Deleted.;
NNSCAA638.EXE;C:\;Adware.NewDotNet;Incurable.Moved.;
qehtaq.exe;C:\;Trojan.Slime.26271;Incurable.Moved.;
rcqt.exe;C:\;Trojan.Click.1567;Deleted.;
ujnvyt.exe;C:\;Trojan.PWS.Snap;Deleted.;
vveuub.exe;C:\;Trojan.Slime.26271;Incurable.Moved.;
vxikry.exe;C:\;Trojan.Proxy.1052;Deleted.;
winstall.ex0;C:\;Trojan.Fakealert;Deleted.;
AutoSearch.dll;C:\Documents and Settings\All Users\Application Data;Adware.Ykemi;Incurable.Moved.;
ayityfod.dll;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.Virtumod;Deleted.;
MirarSetup_876085.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.Mirarbar;Incurable.Moved.;
mmxsnet.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.MediaMotor;Incurable.Moved.;
NNBar_VCSetup_876056.exe\data001;C:\Documents and Settings\Alys\Local Settings\Temp\NNBar_VCSetup_876056.exe;Adware.Mirarbar;;
NNBar_VCSetup_876056.exe\data002;C:\Documents and Settings\Alys\Local Settings\Temp\NNBar_VCSetup_876056.exe;Adware.Mirarbar;;
NNBar_VCSetup_876056.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Archive contains infected objects;Moved.;
PID47IER.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.Adpower;Incurable.Moved.;
pre.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.Click.1367;Deleted.;
spoolsvv.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.Spambot;Deleted.;
stdrun1.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.DownLoader.14617;Deleted.;
stdrun10.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.Ykemi;Incurable.Moved.;
stdrun11.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.DownLoader.14500;Deleted.;
stdrun2.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.NewDotNet;Incurable.Moved.;
stdrun4.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.MulDrop.4421;Deleted.;
stdrun6.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.Give4Free;Incurable.Moved.;
stdrun7.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.MulDrop.4427;Deleted.;
stdrun9.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.MulDrop.4421;Deleted.;
stub_sca4.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.DownLoader.10588;Deleted.;
temp.frBDCD;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.BookedSpace;Incurable.Moved.;
yz01.x.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.NewDotNet;Incurable.Moved.;
~ds39990.tmp;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.Durvil;Deleted.;
webhdll.dll;C:\Documents and Settings\Alys\Local Settings\Temp\temp.fr1794\Programs;Adware.WebHancer;Incurable.Moved.;
ansfsrg.dll;C:\Documents and Settings\Guest\Local Settings\Application Data;Trojan.DownLoader.based;Deleted.;
wdokbye.dll;C:\Documents and Settings\Guest\Local Settings\Application Data;Trojan.DownLoader.based;Deleted.;
T-125030-_live_ im learning to fly 18.wma;C:\Documents and Settings\Ivan the Terrible\Incomplete;Trojan.Isbar.389;Deleted.;
(Better Version) im learning to fly 07.wma;C:\Documents and Settings\Ivan the Terrible\Shared;Trojan.Isbar.389;Deleted.;
stdrun11.exe;C:\Documents and Settings\LocalService\Local Settings\Temp;Trojan.DownLoader.14500;Deleted.;
stdrun18.exe;C:\Documents and Settings\NetworkService\Local Settings\Temp;Trojan.DownLoader.14500;Deleted.;
stdrun22.exe;C:\Documents and Settings\NetworkService\Local Settings\Temp;Trojan.DownLoader.14500;Deleted.;
icqgveqh.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
jovrshtr.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
nblkyfwd.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
nnrttpxm.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
pxgcoqvq.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
qshpyjnq.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
axcruetn.exe;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.TopSearch;Incurable.Moved.;
qgfxkuck.exe;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.TopSearch;Incurable.Moved.;
res19D.tmp;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.nCase;Incurable.Moved.;
resB2.tmp;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.nCase;Incurable.Moved.;
TEK47.exe;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.Dh;Incurable.Moved.;
temp.fr8CAF;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.WebHancer;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Vince.BACKROOM\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Vince.BACKROOM\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
ansfsrg.dll;C:\Documents and Settings\Vince.BACKROOM\Local Settings\Application Data;Trojan.DownLoader.based;Deleted.;
wdokbye.dll;C:\Documents and Settings\Vince.BACKROOM\Local Settings\Application Data;Trojan.DownLoader.based;Deleted.;
BPT.exe;C:\Program Files\Bpt;Adware.Broadcap;Incurable.Moved.;
bptre_inst.exe;C:\Program Files\Bpt;Adware.Broadcap;Incurable.Moved.;
bpt_c.exe;C:\Program Files\Bpt;Adware.Broadcap;Incurable.Moved.;
bpt.cfg;C:\Program Files\Common Files\Java;Adware.Broadcap;Incurable.Moved.;
bptre.exe;C:\Program Files\Common Files\Java;Adware.Broadcap;Incurable.Moved.;
ace.dll;C:\Program Files\CxtPls;Adware.Apropos;Incurable.Moved.;
CxtPls.exe;C:\Program Files\CxtPls;Trojan.AproposAd;Deleted.;
ProxyStub.dll;C:\Program Files\CxtPls;Adware.Apropos;Incurable.Moved.;
uninstaller.exe;C:\Program Files\CxtPls;Trojan.AproposAd;Deleted.;
WinGenerics.dll;C:\Program Files\CxtPls;Adware.Apropos;Incurable.Moved.;
ryli.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Will be moved after reboot.;
ryli104.dll;C:\Program Files\MSN Gaming Zone;Trojan.StartPage.1787;Deleted.;
ryli134.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli18.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli224.dll;C:\Program Files\MSN Gaming Zone;Trojan.StartPage.1787;Deleted.;
ryli317.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli394.dll;C:\Program Files\MSN Gaming Zone;Trojan.StartPage.1787;Deleted.;
ryli398.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli473.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli520.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli547.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli577.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli66.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli679.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli682.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli684.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli69.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli762.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli780.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli787.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli845.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli850.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli897.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli917.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
NPMYSRCH.DLL;C:\Program Files\MySearch\bar\1.bin;Adware.MyWay;Incurable.Moved.;
MY2NS.EXE;C:\Program Files\MyWay\myBar\1.bin;Adware.MyWay;Incurable.Moved.;
NPMYWAY.DLL;C:\Program Files\MyWay\myBar\1.bin;Adware.MyWay;Incurable.Moved.;
MWSOEMON.EXE;C:\Program Files\MyWebSearch\bar\1.bin;Adware.Msearch;Incurable.Moved.;
MWSOESTB.DLL;C:\Program Files\MyWebSearch\bar\1.bin;Adware.MWS;Incurable.Moved.;
F3CJPEG.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
F3HTMLMU.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.MWS;Incurable.Moved.;
F3POPSWT.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
F3RESTUB.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
F3SCRCTR.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.MWS;Incurable.Moved.;
F3WPHOOK.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
M3OUTLCN.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
M3SKIN.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
MWSOEMON.EXE;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
MWSOESTB.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.MWS;Incurable.Moved.;
VSAdd-in.dll;C:\Program Files\VSAdd-in;Adware.TopSearch;Incurable.Moved.;
ZangoTBUninstaller.exe;C:\Program Files\Zango Programs\Zango Toolbar;Adware.Zango;Incurable.Moved.;
ceykqsi.dll.qoo;C:\QooBox;Trojan.Qoologic;Incurable.Moved.;
cuonl.dat.qoo;C:\QooBox;Trojan.Qoologic;Deleted.;
oellg.exe.qoo;C:\QooBox;Trojan.Qoologic;Deleted.;
vwykak.exe.qoo;C:\QooBox;Trojan.Qoologic;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0575945.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.DownLoader.14767;Deleted.;
A0575946.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Adware.Bagon;Incurable.Moved.;
A0575947.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.MulDrop.4522;Deleted.;
A0575950.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Click.1166;Deleted.;
A0575953.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Adware.Ykemi;Incurable.Moved.;
A0575957.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;BackDoor.Generic.1372;Deleted.;
A0575959.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Spambot;Deleted.;
A0575978.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Proxy.1052;Deleted.;
A0575979.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.MulDrop.4324;Deleted.;
A0576999.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Spambot;Deleted.;
A0577006.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Virtumod;Deleted.;
A0577007.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Virtumod;Deleted.;
A0577031.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP821;Adware.Give4Free;Incurable.Moved.;
A0578059.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP821;Adware.DollarRevenue;Incurable.Moved.;
A0578065.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP822;Win32.Dref;Deleted.;
A0586131.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP824;BackDoor.Generic.1372;Deleted.;
A0593231.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP828;Trojan.Spambot;Deleted.;
A0597288.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP832;Trojan.Spambot;Deleted.;
A0601389.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP839;Trojan.PWS.Tanspy;Incurable.Moved.;
A0602388.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP839;Trojan.PWS.Tanspy;Deleted.;
A0602396.exe\data001;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840\A0602396.exe;Trojan.Proxy.899;;
A0602396.exe\data002;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840\A0602396.exe;Trojan.PWS.GoldSpy;;
A0602396.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Archive contains infected objects;Moved.;
A0602439.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Trojan.PWS.Tanspy;Deleted.;
A0602445.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Trojan.Spambot;Deleted.;
A0603438.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Trojan.PWS.Tanspy;Deleted.;
A0605441.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Trojan.PurityAd;Deleted.;
A0605454.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Win32.Dref;Deleted.;
A0605455.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Win32.Dref;Deleted.;
A0605456.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Win32.Dref;Deleted.;
A0606436.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Win32.HLLM.Limar.based;Deleted.;
A0606443.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Trojan.Spambot;Deleted.;
A0607440.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP841;Trojan.PWS.Tanspy;Deleted.;
A0608450.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP841;Trojan.PWS.Tanspy;Deleted.;
A0612466.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP842;Trojan.Spambot;Deleted.;
A0623601.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP854;Trojan.DownLoader.15764;Deleted.;
A0624587.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP854;Win32.HLLM.Limar;Deleted.;
A0624592.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP854;Trojan.DownLoader.based;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP854\snapshot;Trojan.DownLoader.15764;Deleted.;
A0624598.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP855;Trojan.DownLoader.based;Deleted.;
A0629604.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP857;Win32.HLLM.Limar;Deleted.;
A0630628.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP858;Win32.HLLM.Limar;Deleted.;
A0630648.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP860;Win32.HLLM.Limar;Deleted.;
A0630663.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP861;Trojan.DownLoader.15764;Deleted.;
A0630672.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP861;Win32.HLLM.Limar;Deleted.;
A0630787.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP861;Trojan.DownLoader.17676;Deleted.;
A0630814.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP861;Win32.HLLM.Limar;Deleted.;
A0630856.rbf:hsprq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP861;Trojan.Feat.2;Deleted.;
A0630919.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP862;Win32.HLLM.Limar;Deleted.;
A0631928.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP862;Win32.HLLM.Limar;Deleted.;
A0631953.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP864;Win32.HLLM.Limar;Deleted.;
A0634981.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP865;Win32.HLLM.Limar;Deleted.;
A0637044.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP869;Trojan.Spambot;Deleted.;
A0638029.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP869;Win32.HLLM.Limar;Deleted.;
A0638035.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP869;Trojan.DownLoader.14427;Deleted.;
A0638051.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP870;Trojan.DownLoader.based;Deleted.;
A0638066.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP870;Trojan.DownLoader.based;Deleted.;
A0638073.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP870;Trojan.DownLoader.based;Deleted.;
A0638078.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP870;Win32.HLLM.Limar;Deleted.;
A0638079.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP870;Trojan.Fakealert;Deleted.;
A0638081.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP871;Trojan.DownLoader.based;Deleted.;
A0638082.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP871;Trojan.DownLoader.based;Deleted.;
A0639066.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP871;Trojan.DownLoader.based;Deleted.;
A0639070.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP872;Trojan.DownLoader.based;Deleted.;
A0639071.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP872;Win32.HLLM.Limar;Deleted.;
A0639088.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP872;Win32.HLLM.Limar;Deleted.;
A0641119.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP874;Win32.HLLM.Limar;Deleted.;
A0642129.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP875;Win32.HLLM.Limar;Deleted.;
MFEX-3.DAT;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP875\snapshot;Win32.HLLM.Limar;Deleted.;
A0642136.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP876;Win32.HLLM.Limar;Deleted.;
MFEX-3.DAT;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP876\snapshot;Win32.HLLM.Limar;Deleted.;
A0643124.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP878;Win32.HLLM.Limar;Deleted.;
A0643144.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP880;Win32.HLLM.Limar;Deleted.;
A0645157.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP880;Trojan.DownLoader.15764;Deleted.;
A0645164.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP881;Win32.HLLM.Limar;Deleted.;
A0647158.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP882;Win32.HLLM.Limar;Deleted.;
A0649161.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Win32.HLLM.Limar;Deleted.;
A0649162.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Win32.HLLM.Limar;Deleted.;
A0649199.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.WebHancer;Incurable.Moved.;
A0649201.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.WebHancer;Incurable.Moved.;
A0649202.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.WebHancer;Incurable.Moved.;
A0649203.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.WebHancer;Incurable.Moved.;
A0649209.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.Spysheriff;Incurable.Moved.;
A0650161.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Win32.HLLM.Limar;Deleted.;
A0650162.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.WebHancer;Incurable.Moved.;
A0650309.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.HLLM.Limar;Deleted.;
A0651320.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0652325.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0652379.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0652395.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0652407.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0652411.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.NewDotNet;Incurable.Moved.;
A0652412.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.NewDotNet;Incurable.Moved.;
A0652415.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.NewDotNet;Incurable.Moved.;
A0652439.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0654458.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654459.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10346;Deleted.;
A0654466.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10346;Deleted.;
A0654468.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Winfixer;Incurable.Moved.;
A0654474.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Tool.ProcessKill;Incurable.Moved.;
A0654475.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1367;Deleted.;
A0654521.dll:oqdnt;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;BackDoor.Sip;Deleted.;
A0654525.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.Dref;Deleted.;
A0654526.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14652;Deleted.;
A0654528.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.Dref;Deleted.;
A0654529.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654530.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.MulDrop.4503;Deleted.;
A0654531.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.Dref;Deleted.;
A0654533.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Galapoper;Deleted.;
A0654595.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Casclient;Incurable.Moved.;
A0654596.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Casclient;Incurable.Moved.;
A0654601.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Softomate;Incurable.Moved.;
A0654604.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.TopSearch;Incurable.Moved.;
A0654606.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Surfside;Incurable.Moved.;
A0654607.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Surfside;Incurable.Moved.;
A0654608.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Surfside;Incurable.Moved.;
A0654611.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1227;Deleted.;
A0654612.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654615.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654616.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654617.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10963;Deleted.;
A0654618.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654619.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654620.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Surfside;Incurable.Moved.;
A0654621.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654622.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10436;Deleted.;
A0654623.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.12227;Deleted.;
A0654624.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654626.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654627.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14286;Deleted.;
A0654628.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654629.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654630.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654632.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654635.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654636.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654637.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654638.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654639.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchTwo;Incurable.Moved.;
A0654641.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Softomate;Incurable.Moved.;
A0654642.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14828;Deleted.;
A0654643.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.MyToolBar;Incurable.Moved.;
A0654645.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.StartPage.1787;Deleted.;
A0654646.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.StartPage.1787;Deleted.;
A0654647.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.StartPage.1787;Deleted.;
A0654650.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654651.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654652.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;BackDoor.Generic.1372;Deleted.;
A0654656.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;BackDoor.Generic.1372;Deleted.;
A0654657.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Runk;Incurable.Moved.;
A0654658.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Micro;Deleted.;
A0654660.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Runk;Incurable.Moved.;
A0654661.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchAid;Incurable.Moved.;
A0654662.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654663.exe\data001;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889\A0654663.exe;Adware.SearchAid;;
A0654663.exe\data003;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889\A0654663.exe;Adware.SearchAid;;
A0654663.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Archive contains infected objects;Moved.;
A0654664.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.HLLM.Limar;Deleted.;
A0654665.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654666.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14191;Deleted.;
A0654667.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654668.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654669.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0654670.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0654671.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0654672.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0654673.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchAid;Incurable.Moved.;
A0654674.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.HLLM.Limar;Deleted.;
A0654676.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1888;Deleted.;
A0654677.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14471;Deleted.;
A0654678.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14471;Deleted.;
A0654679.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654680.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.Dref;Deleted.;
A0654681.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654682.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10919;Deleted.;
A0654683.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10919;Deleted.;
A0654684.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10919;Deleted.;
A0654685.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10919;Deleted.;
A0654686.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Yavak;Incurable.Moved.;
A0654687.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.HLLM.Limar;Deleted.;
A0654689.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.MediaMotor;Incurable.Moved.;
A0654695.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.Dref;Deleted.;
A0654696.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Dialer.Ninoga;Deleted.;
A0654697.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.HLLM.Limar;Deleted.;
A0654698.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1770;Deleted.;
A0654699.sys;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.NtRootKit.185;Deleted.;
A0654700.sys;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.NtRootKit.186;Deleted.;
A0654707.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Give4Free;Incurable.Moved.;
A0654730.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Tool.Prockill;Incurable.Moved.;
A0654748.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14310;Deleted.;
A0654749.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14310;Deleted.;
A0654750.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14310;Deleted.;
A0654751.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14310;Deleted.;
A0654752.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654753.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654754.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654755.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654756.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14655;Deleted.;
A0654757.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.LDPinch.1320;Deleted.;
A0654758.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.15764;Deleted.;
A0654761.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14236;Deleted.;
A0654762.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14236;Deleted.;
A0654763.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14236;Deleted.;
A0654764.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14236;Deleted.;
A0654766.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654769.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.MulDrop.4427;Deleted.;
A0654770.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.ZenoSearch;Incurable.Moved.;
A0654771.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Tanspy;Deleted.;
A0654772.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Tanspy;Deleted.;
A0654773.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Tanspy;Deleted.;
A0654774.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14191;Deleted.;
A0654775.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.15764;Deleted.;
A0654777.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Snap;Deleted.;
A0654779.sys;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.GoldSpy;Deleted.;
A0654781.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1625;Deleted.;
A0654782.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;BackDoor.Uragan;Deleted.;
A0654784.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.17471;Deleted.;
A0654818.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10918;Deleted.;
A0654819.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10918;Deleted.;
A0654820.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654821.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1360;Deleted.;
A0654822.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654823.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654825.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654826.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654827.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654828.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654829.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654830.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654831.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654832.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654833.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654834.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654835.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654836.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654837.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654838.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654839.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654840.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654841.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654842.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654843.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654844.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654845.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654846.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654847.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654848.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654849.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654850.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654851.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654852.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654853.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654854.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654855.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654858.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.12194;Deleted.;
A0654859.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.11969;Deleted.;
A0654860.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654861.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654862.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654864.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654865.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654866.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654867.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654868.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654869.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.ClickSpring;Incurable.Moved.;
A0654872.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Tanspy;Incurable.Moved.;
A0654874.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Snap;Deleted.;
A0654875.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Snap;Deleted.;
A0654885.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Mirarbar;Incurable.Moved.;
A0654905.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Linkmaker;Incurable.Moved.;
A0654906.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Yavak;Incurable.Moved.;
A0654908.exe\data001;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889\A0654908.exe;Adware.SearchAid;;
A0654908.exe\data003;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889\A0654908.exe;Adware.Linkmaker;;
A0654908.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Archive contains infected objects;Moved.;
A0654909.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Runner;Deleted.;
A0654911.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Yavak;Incurable.Moved.;
A0654912.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchAid;Incurable.Moved.;
A0654914.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Mirarbar;Incurable.Moved.;
A0654917.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.NewDotNet;Incurable.Moved.;
A0654918.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.ZenoSearch;Incurable.Moved.;
A0654920.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Mirarbar;Incurable.Moved.;
A0654921.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Bagon;Incurable.Moved.;
A0654922.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Linkmaker;Incurable.Moved.;
A0654923.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchAid;Incurable.Moved.;
A0654926.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1166;Deleted.;
A0654945.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Qoologic;Deleted.;
A0654946.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Qoologic;Incurable.Moved.;
A0654947.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Qoologic;Deleted.;
A0654998.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0655000.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Dh;Incurable.Moved.;
A0655001.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchTwo;Incurable.Moved.;
A0655012.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0655016.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14427;Deleted.;
A0655028.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0655031.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1237;Deleted.;
A0655033.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.StartPage.1787;Deleted.;
A0655056.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Dh;Incurable.Moved.;
A0655057.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.TopSearch;Incurable.Moved.;
A0655142.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Dh;Incurable.Moved.;
A0655151.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0655153.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.TopSearch;Incurable.Moved.;
A0655161.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655167.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655173.exe\Script.1;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655173.exe;VBS.Psyme.305;;
A0655173.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Archive contains infected objects;Moved.;
A0655176.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.based;Deleted.;
A0655177.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Juan;Deleted.;
A0655178.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655179.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655180.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655181.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655183.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655184.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.14427;Deleted.;
A0655186.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.MulDrop.4521;Deleted.;
A0655188.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchTwo;Incurable.Moved.;
A0655189.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchTwo;Incurable.Moved.;
A0655190.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchTwo;Incurable.Moved.;
A0655191.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655192.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655193.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655194.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655195.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655196.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655197.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655198.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655199.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Juan;Deleted.;
A0655200.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655201.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655202.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655203.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655204.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655205.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655206.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655207.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Click.1567;Deleted.;
A0655208.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Surfside;Incurable.Moved.;
A0655209.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655210.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655211.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655212.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655215.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655218.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655219.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655220.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655221.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655224.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655225.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655227.exe\data001;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655227.exe;Trojan.Proxy.899;;
A0655227.exe\data002;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655227.exe;Trojan.PWS.GoldSpy;;
A0655227.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Archive contains infected objects;Moved.;
A0655229.exe\data001;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655229.exe;Trojan.Proxy.899;;
A0655229.exe\data002;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655229.exe;Trojan.PWS.GoldSpy;;
A0655229.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Archive contains infected objects;Moved.;
A0655231.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar.based;Deleted.;
A0655232.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655233.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655234.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655235.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655236.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655237.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655238.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Juan;Deleted.;
A0655239.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655240.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655241.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655243.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.WildMedia;Incurable.Moved.;
A0655245.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655246.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655247.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655248.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655249.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655250.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655251.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655252.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655253.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan
Post by: resevil83 on February 01, 2007, 02:45:25 AM
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Vince.BACKROOM\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\VSAdd-in
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\PPATCH~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\PPATCH~1\w?auboot.exe
C:\qoobox\purity\Program Files\STEM32~1\STEM32~1
C:\qoobox\purity\Program Files\STEM32~1\wuaclt.exe
C:\qoobox\purity\WINNT\ECURIT~1
C:\qoobox\purity\WINNT\YMANTE~1
C:\qoobox\purity\WINNT\system32\MBOLS~1
((((((((((((((((((((((((((((((( Files Created from 2007-01-01 to 2007-02-01 ))))))))))))))))))))))))))))))))))
2007-02-01 01:30 88,340 --a------ C:\WINNT\system32\umcioavl.exe
2007-02-01 00:09 <DIR> d-------- C:\DOCUME~1\VINCE~1.BAC\DoctorWeb
2007-02-01 00:02 118,804 --------- C:\WINNT\system32\jtxeqilr.dll
2007-02-01 00:01 93,564 --a------ C:\WINNT\PID47IER.exe
2007-01-31 23:58 <DIR> d-------- C:\avenger
2007-01-30 00:10 <DIR> d-------- C:\Rustbfix
2007-01-28 01:48 2,388 --a------ C:\WINNT\system32\tmp.reg
2007-01-28 01:47 79,360 --a------ C:\WINNT\system32\swxcacls.exe
2007-01-28 01:47 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-01-28 01:47 40,960 --a------ C:\WINNT\system32\swsc.exe
2007-01-28 01:47 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-01-28 01:47 135,168 --a------ C:\WINNT\system32\swreg.exe
2007-01-27 23:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-27 23:35 <DIR> d-------- C:\DOCUME~1\VINCE~1.BAC\Application Data\Lavasoft
2007-01-25 01:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-25 01:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-01-25 01:22 <DIR> d-------- C:\SDFix
2007-01-21 02:17 <DIR> d-------- C:\HJT
2007-01-15 16:50 <DIR> d-------- C:\Program Files\Exolon
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-01 01:33 -------- d---s---- C:\DOCUME~1\VINCE~1.BAC\Application Data\microsoft
2007-02-01 01:28 -------- dr------- C:\Program Files\net nanny
2007-02-01 01:27 -------- d-------- C:\Program Files\msn gaming zone
2007-02-01 01:24 -------- d--h----- C:\Program Files\cxtpls
2007-02-01 01:24 -------- d-------- C:\Program Files\Common Files\java
2007-02-01 01:24 -------- d-------- C:\Program Files\bpt
2007-01-27 23:35 -------- d-------- C:\Program Files\lavasoft
2007-01-04 19:14 -------- d-------- C:\Program Files\limewire
2006-12-28 19:00 -------- d-------- C:\Program Files\aim
2006-12-25 23:29 -------- d-------- C:\DOCUME~1\VINCE~1.BAC\Application Data\limewire
2006-12-25 17:17 -------- d-------- C:\Program Files\itunes
2006-12-25 17:17 -------- d-------- C:\Program Files\ipod
2006-12-25 17:14 -------- d-------- C:\Program Files\quicktime
2006-12-25 17:11 -------- d-------- C:\Program Files\apple software update
2006-11-08 21:26 656 --a------ C:\WINNT\system32\sfc_os.dll
2006-11-04 15:42 360448 --a------ C:\WINNT\smartdownload.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"NNTray"="C:\\Program Files\\Net Nanny\\nnstart.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DllRunning"="rundll32.exe \"C:\\WINNT\\system32\\jtxeqilr.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"forwas"=hex:15,26,db,fb,69
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mxlyss
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrroll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\trafkbdy
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job
Completion time: 07-02-01 1:43:01
C:\ComboFix2.txt ... 07-01-30 00:36
C:\ComboFix3.txt ... 07-01-28 03:41
Post by: resevil83 on February 01, 2007, 02:48:35 AM
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yfewatna
*******************
Script file located at: \??\C:\Documents and Settings\pmvkdidb.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINNT\system32\tdsoeyvo.exe deleted successfully.
File C:\WINNT\system32\cgovxpdh.dll deleted successfully.
File C:\WINNT\system32\iergmope.dll deleted successfully.
File C:\WINNT\system32\bnseatjn.dll deleted successfully.
File C:\WINNT\system32\aaa000002c.dll deleted successfully.
File C:\WINNT\PID47IER.exe deleted successfully.
File C:\WINNT\PID53IER.exe deleted successfully.
File C:\TTC.dll deleted successfully.
File C:\WINNT\system32\tccpip.exe deleted successfully.
File C:\WINNT\system32\issuwnjf.exe deleted successfully.
File C:\WINNT\system32\vhnkhijq.exe deleted successfully.
File C:\WINNT\system32\slcyabmh.dll deleted successfully.
File C:\WINNT\system32\muqaqicc.exe deleted successfully.
File C:\WINNT\system32\ojxrusoa.exe deleted successfully.
File C:\WINNT\system32\hjtqjijb.exe deleted successfully.
File C:\WINNT\system32\mlheylhy.dll deleted successfully.
File C:\WINNT\system32\bjmvqrjr.exe deleted successfully.
File C:\WINNT\system32\brwconf.exe not found!
Deletion of file C:\WINNT\system32\brwconf.exe failed!
Could not process line:
C:\WINNT\system32\brwconf.exe
Status: 0xc0000034
File C:\WINNT\system32\kobsamws.exe deleted successfully.
File C:\WINNT\system32\idbuhqtr.dll deleted successfully.
File C:\WINNT\system32\drivera.exe deleted successfully.
File C:\WINNT\system32\drivera.dll deleted successfully.
File C:\WINNT\monterreya_unknown.exe deleted successfully.
File C:\WINNT\system32\bdkifmhs.exe deleted successfully.
File C:\WINNT\system32\pcitmcrp.dll deleted successfully.
File C:\WINNT\system32\monterreya_unknown.exe deleted successfully.
File C:\WINNT\system32\citgwfcc.exe deleted successfully.
File C:\WINNT\system32\dvhuhvmq.exe deleted successfully.
File C:\WINNT\system32\dqquglku.dll deleted successfully.
File C:\WINNT\system32\pejcrrpg.exe deleted successfully.
File C:\WINNT\system32\rlaswfmy.dll deleted successfully.
File C:\WINNT\system32\durvilz.exe deleted successfully.
File C:\WINNT\system32\druidz_unknown.exe deleted successfully.
File C:\WINNT\system32\durvilz.dll deleted successfully.
File C:\WINNT\tpup.exe deleted successfully.
File C:\WINNT\system32\winpfz32.sys deleted successfully.
File C:\WINNT\system32\eawvpssc.exe deleted successfully.
File C:\WINNT\system32\iffdupbs.exe deleted successfully.
File C:\WINNT\system32\kblayvxm.exe deleted successfully.
File C:\WINNT\system32\gtrsykbu.exe deleted successfully.
File C:\WINNT\system32\pwinsqeb.exe deleted successfully.
File C:\WINNT\system32\pwinsqed.exe deleted successfully.
File C:\WINNT\system32\ppgmkvoa.exe deleted successfully.
File C:\WINNT\system32\hvyicstj.exe deleted successfully.
File C:\WINNT\system32\wdokbye.dll deleted successfully.
File C:\WINNT\system32\731402ld.exe deleted successfully.
File C:\WINNT\system32\hrcopul.dll deleted successfully.
File C:\bghtcbd.exe deleted successfully.
File C:\klnl.exe deleted successfully.
File C:\bhbn.exe deleted successfully.
File C:\WINNT\system32\rishhgwu.exe deleted successfully.
File C:\WINNT\system32\harqceks.exe deleted successfully.
File C:\WINNT\system32\bulpyxam.dll deleted successfully.
File C:\WINNT\system32\ehvsduuw.exe deleted successfully.
File C:\WINNT\system32\jqjhitpr.exe deleted successfully.
File C:\WINNT\TaskMgr.exe deleted successfully.
File C:\WINNT\system32\yvglruse.exe deleted successfully.
File C:\WINNT\system32\winpfg32.sys deleted successfully.
File C:\WINNT\system32\elmjmvsr.exe deleted successfully.
File C:\WINNT\system32\ipndxohb.exe deleted successfully.
File C:\WINNT\system32\gncpdkqf.exe deleted successfully.
File C:\WINNT\system32\iowdatel.exe deleted successfully.
File C:\WINNT\system32\wsdgotag.dll deleted successfully.
File C:\WINNT\system32\cxobntju.exe deleted successfully.
File C:\WINNT\system32\avrchesr.exe deleted successfully.
File C:\WINNT\system32\gcfcxcap.exe deleted successfully.
File C:\WINNT\system32\jkdmblhc.exe deleted successfully.
File C:\WINNT\system32\auyejhtg.exe deleted successfully.
File C:\WINNT\system32\xwltmfom.exe deleted successfully.
File C:\WINNT\system32\rtacltit.dll deleted successfully.
File C:\WINNT\system32\yxxseknn.exe deleted successfully.
File C:\WINNT\system32\vdbyqyll.exe deleted successfully.
File C:\WINNT\system32\pjnealoc.exe deleted successfully.
File C:\WINNT\system32\wnstssv.exe deleted successfully.
File C:\WINNT\system32\piolqvwg.exe deleted successfully.
File C:\WINNT\ff9n1vvm.exe deleted successfully.
File C:\WINNT\system32\anugbmlt.dll deleted successfully.
File C:\WINNT\system32\ansfsrg.dll deleted successfully.
File C:\WINNT\system32\iiyhgqcc.exe deleted successfully.
File C:\WINNT\system32\quidooai.dll deleted successfully.
File C:\WINNT\system32\confbrw.dll deleted successfully.
File C:\WINNT\system32\brwprf32.dll deleted successfully.
File C:\WINNT\system32\brwperf.exe deleted successfully.
File C:\WINNT\system32\brwmgr32.dll deleted successfully.
File C:\WINNT\system32\brwstat.dll deleted successfully.
File C:\WINNT\system32\qfyqakn.dll deleted successfully.
File C:\3456346345643.exe deleted successfully.
File C:\WINNT\system32\dfcdcxxc.exe deleted successfully.
File C:\WINNT\system32\durvily.dll deleted successfully.
File C:\WINNT\system32\ghycmvth.dll deleted successfully.
File C:\WINNT\system32\durvily.exe deleted successfully.
File C:\WINNT\system32\druidy_unknown.exe deleted successfully.
File C:\WINNT\system32\mfqlgnxp.exe deleted successfully.
File C:\WINNT\system32\dsiyhtkx.dll deleted successfully.
File C:\WINNT\system32\cetiovja.dll deleted successfully.
File C:\WINNT\system32\kbfgldbp.dll deleted successfully.
File C:\WINNT\system32\vnscct.dll deleted successfully.
File C:\WINNT\system32\tmp_7.exe deleted successfully.
File C:\WINNT\system32\svch32q.exe deleted successfully.
File C:\WINNT\system32\redtociv.exe deleted successfully.
File C:\WINNT\system32\ujhwysvc.exe deleted successfully.
File C:\WINNT\system32\elrmoxli.dll deleted successfully.
File C:\WINNT\system32\e1.dll deleted successfully.
File C:\WINNT\system32\bgnfwko.dll deleted successfully.
File C:\WINNT\system32\lmckjhjk.dll deleted successfully.
File C:\WINNT\system32\ttdmysqp.exe deleted successfully.
File C:\WINNT\system32\woaiwyag.exe deleted successfully.
File C:\WINNT\system32\tmlbhinh.dll deleted successfully.
File C:\WINNT\system32\dhclwbme.exe deleted successfully.
File C:\WINNT\system32\eeqaaxun.dll deleted successfully.
File C:\WINNT\system32\enkedeea.exe deleted successfully.
File C:\WINNT\system32\xocmqlfs.exe deleted successfully.
File C:\WINNT\system32\pjuxptvk.dll deleted successfully.
File C:\WINNT\system32\twxkcqjp.dll deleted successfully.
File C:\WINNT\system32\mqtblbef.exe deleted successfully.
File C:\WINNT\system32\yrurktth.exe deleted successfully.
File C:\WINNT\system32\tayaxkyc.exe deleted successfully.
File C:\WINNT\system32\kgpfbhct.dll deleted successfully.
File C:\WINNT\system32\bwlesyvf.dll deleted successfully.
File C:\WINNT\system32\jnkxpkqt.exe deleted successfully.
File C:\WINNT\system32\egepfwmh.exe deleted successfully.
File C:\WINNT\system32\vxxtccqx.exe deleted successfully.
File C:\WINNT\system32\jkugjkcy.dll deleted successfully.
File C:\WINNT\system32\pplgksfc.exe deleted successfully.
File C:\WINNT\system32\cofrnicq.dll deleted successfully.
File C:\WINNT\system32\cyunnojo.exe deleted successfully.
File C:\WINNT\system32\qspcuvkm.exe deleted successfully.
File C:\WINNT\system32\walikbmv.dll deleted successfully.
File C:\WINNT\system32\xbcooiwr.dll deleted successfully.
File C:\WINNT\system32\dxedjwrs.dll deleted successfully.
File C:\WINNT\system32\ppnwtfly.exe deleted successfully.
File C:\WINNT\system32\fbnwtjyv.dll deleted successfully.
File C:\WINNT\system32\yqjdaain.exe deleted successfully.
File C:\WINNT\system32\eaavxxyh.dll deleted successfully.
File C:\WINNT\system32\eroxhqki.dll deleted successfully.
File C:\WINNT\system32\axqvaeyc.exe deleted successfully.
File C:\WINNT\system32\tmp_53.exe deleted successfully.
File C:\WINNT\system32\ypysegdi.exe deleted successfully.
File C:\WINNT\system32\gruywbts.dll deleted successfully.
File C:\WINNT\system32\tqtnehpg.exe deleted successfully.
File C:\WINNT\system32\ltxgobbh.dll deleted successfully.
File C:\WINNT\system32\dtxogqru.dll deleted successfully.
File C:\WINNT\system32\cjhfwtwe.exe deleted successfully.
File C:\WINNT\system32\apuuovoi.dll deleted successfully.
File C:\WINNT\system32\oqlgvwwv.exe deleted successfully.
File C:\WINNT\system32\fvkcgcgp.exe deleted successfully.
File C:\WINNT\system32\ogfljqdk.exe deleted successfully.
File C:\WINNT\system32\tkjikfwr.exe deleted successfully.
File C:\WINNT\system32\rcjvpytp.exe deleted successfully.
File C:\WINNT\system32\uovqmamc.exe deleted successfully.
File C:\WINNT\system32\nklbabai.exe deleted successfully.
File C:\WINNT\system32\rtpqvbys.exe deleted successfully.
File C:\WINNT\druid_unknown.exe deleted successfully.
File C:\WINNT\ms03012890280.exe deleted successfully.
File C:\WINNT\system32\xqbgmkuk.exe deleted successfully.
File C:\WINNT\system32\svch1n.exe deleted successfully.
File C:\WINNT\system32\vjcmgipj.exe deleted successfully.
File C:\WINNT\system32\ogggbrle.exe deleted successfully.
File C:\WINNT\system32\xdqilykk.exe deleted successfully.
File C:\WINNT\system32\mubawksu.exe deleted successfully.
File C:\WINNT\system32\vqibvfpd.exe deleted successfully.
File C:\WINNT\system32\ijllexfp.exe deleted successfully.
File C:\WINNT\system32\rdfhmxlc.dll deleted successfully.
File C:\WINNT\system32\kikjknqf.exe deleted successfully.
File C:\mc44a53.exe deleted successfully.
File C:\WINNT\system32\dpmxumxc.exe deleted successfully.
File C:\WINNT\system32\mtnuvee.dll deleted successfully.
File C:\WINNT\system32\rfwmxjb.dll deleted successfully.
File C:\WINNT\system32\dxvwchqk.exe deleted successfully.
File C:\WINNT\system32\orknai.dll deleted successfully.
File C:\WINNT\hkykagn.exe deleted successfully.
File C:\WINNT\srvipxwlzp.exe deleted successfully.
File C:\WINNT\system32\nrnqetwbz.exe deleted successfully.
File C:\WINNT\system32hlvi6wkjc.exe deleted successfully.
File C:\WINNT\system32\pfbo0yj.exe deleted successfully.
File C:\WINNT\system32\hlvi6wkjc.exe deleted successfully.
File C:\WINNT\system32ysjaevwx.exe deleted successfully.
File C:\WINNT\system32\ysjaevwx.exe deleted successfully.
File C:\WINNT\srvtwmxnqu.exe deleted successfully.
File C:\WINNT\system32\p2jlseh8.dll deleted successfully.
File C:\WINNT\system32nrnqetwbz.exe deleted successfully.
File C:\dacmi.exe deleted successfully.
File C:\oysb.exe deleted successfully.
File C:\WINNT\system32\msvcrl.dll deleted successfully.
File C:\WINNT\winjok.exe deleted successfully.
File C:\WINNT\flash.exe deleted successfully.
File C:\WINNT\system32\ffgdhfbn.dll deleted successfully.
File C:\WINNT\system32\dxvwvyfs.exe deleted successfully.
File C:\WINNT\system32\e0pnii5i6.exe deleted successfully.
File C:\WINNT\system32\tbiu5xkb.exe deleted successfully.
File C:\WINNT\system32\dxvwnmra.exe deleted successfully.
File C:\WINNT\system32\mgngepif.dll deleted successfully.
File C:\WINNT\system32\uudhykiu.exe deleted successfully.
File C:\WINNT\system32\dxvwbbql.exe deleted successfully.
File C:\WINNT\system32\qeksqbpo.dll deleted successfully.
File C:\WINNT\system32\rnwkcdyk.exe deleted successfully.
File C:\WINNT\system32\huygbjqb.dll deleted successfully.
File C:\WINNT\system32\oicfmnal.dll deleted successfully.
File C:\WINNT\system32\yguislss.exe deleted successfully.
Folder C:\DeluxeCommunications deleted successfully.
Folder C:\Program Files\bho plugin deleted successfully.
Folder C:\Program Files\vstoolbar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks|{04CDB16C-AB38-43CD-A86A-6FEB90290939} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|aaa00000 deleted successfully.
Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|cixo
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|cixo failed!
Status: 0xc0000034
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|DllRunning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|brwdiag deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\run|_zlu_zlope06 deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\run|Windows update loader deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\run|_mzu_stonedrv3 deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\run|Key deleted successfully.
Could not delete registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|_zlu_zlope06
Deletion of registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|_zlu_zlope06 failed!
Status: 0xc0000034
Could not delete registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|Windows update loader
Deletion of registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|Windows update loader failed!
Status: 0xc0000034
Could not delete registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|_mzu_stonedrv3
Deletion of registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|_mzu_stonedrv3 failed!
Status: 0xc0000034
Could not delete registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|Key
Deletion of registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|Key failed!
Status: 0xc0000034
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer|ForceActiveDesktopOn deleted successfully.
Could not delete registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer|ForceActiveDesktopOn
Deletion of registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer|ForceActiveDesktopOn failed!
Status: 0xc0000034
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|appinit_dlls replaced with dummy successfully.
Completed script processing.
*******************
Finished! Terminate.
Post by: resevil83 on February 01, 2007, 02:49:59 AM
Scan saved at 1:49:17 AM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\jtxeqilr.dll",setvm
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Pop up Blocker Pro - {599125BC-6100-4DC3-BCB9-9452A2192CF5} - C:\Program Files\Pop up Blocker Pro\pdie.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NNSvc - BioNet Systems, LLC - C:\Program Files\Net Nanny\nnsvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
O23 - Service: TCP and UDP Supp0rt - Unknown owner - C:\WINNT\system32\tccpip.exe (file missing)
Post by: guestolo on February 02, 2007, 12:50:18 AM
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this Exact service
name---- System Startup Service
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Apply and OK it
Do the same for the next one
TCP and UDP Supp0rt
Apply and ok it
Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
Make sure you include "Files to delete:"
=============================================================
[color=\"#0000FF\"]
Files to delete:
C:\WINNT\system32\jtxeqilr.dll
C:\WINNT\system32\umcioavl.exe
C:\WINNT\PID47IER.exe
C:\WINNT\System32\trafkbdy.exe
C:\WINNT\system32\trafkbdy.dll
Folders to delete:
C:\Program Files\cxtpls
C:\Program Files\bpt
Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load | forwas
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | DllRunning[/color]
==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt
* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
* Answer "Yes" twice when prompted.
Avenger should now Reboot your computer
Back in Windows
Can you go to START>>RUN>>copy>paste to the open field the following commands in bold below and click OK after each
sc delete SvcProc
Then this one
sc delete "TCP and UDP Supp0rt"
Afterwards
Download [color=\"blue\"]VundoFix.exe[/color] (http://\"http://www.atribune.org/ccount/click.php?id=4\")
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
Back in Windows
Can you post the following
1. Post a fresh hijackthis log
2. Post the report from Vundofix>>C:\Vundofix.txt
3. Post the log from Avenger>>C:\Avenger.txt
4. Could you also run Combofix again and post the fresh log
5. I want to also add a rootkit scan
Download and save too desktop
F-Secure Blacklight(blbeta.exe) (http://\"https://europe.f-secure.com/exclude/blacklight/blbeta.exe\")
Double click to run blbeta.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log
BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".
I want to also check on a couple files
Could be totally legit, just to ensure they aren't affected
Go to either of these links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
OR
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Use the browse button and navigate to the file on your harddrive
C:\WINNT\system32\sfc_os.dll <-this file
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Could you do the same for this file please
C:\WINNT\smartdownload.exe<-this file,
Post by: resevil83 on February 06, 2007, 01:22:42 AM
Scan saved at 12:21:57 AM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E8D10D4-E7D2-4912-9B8C-7F657584E565} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {129F4CC9-DEC7-4C8D-85D2-BE479760D871} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {13B14BF0-A5DE-449D-9E33-B9BFEB220BE5} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {1E1C49DA-0B86-4CE9-969E-EA1AC998F151} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {2416E910-CA38-4567-8DCA-4A050DADCABa} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {254E362D-5BA0-458A-9A12-3C2D6FCE4D8F} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {286D7B76-7883-9B10-E16F-90945C669B40} - C:\WINNT\nttd32.dll (file missing)
O2 - BHO: (no name) - {2C14287D-0C43-4880-80D6-3526788B0D21} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {2D3F6A04-86CA-4F10-A18B-BC124E04C4CB} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {325B8880-1463-6CCD-40EE-4D918CD788BC} - C:\WINNT\system32\bgnfwko.dll (file missing)
O2 - BHO: (no name) - {44A380A3-0821-1E04-C7E1-0755E228F280} - C:\WINNT\system32\rfwmxjb.dll (file missing)
O2 - BHO: (no name) - {4A7F3263-0A87-431D-BBB4-96A39C916215} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {4A7F8215-D067-419D-912B-394D98E2D6F3} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {52F434D1-1688-4D0F-99D5-5B7C9395B923} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINNT\system32\drivera.dll (file missing)
O2 - BHO: (no name) - {5DA7D1DD-9903-4834-8957-69722CE935E1} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {66328523-C007-4C8C-AC23-FC6E0C6C8D3E} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\iergmope.dll (file missing)
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINNT\cfg32r.dll (file missing)
O2 - BHO: (no name) - {79B29746-03F1-491E-ABB0-089827B3D284} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {897CE532-BBB2-448E-A3D6-570B989DBB8C} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {8DA10DA2-A02C-4806-83AC-011BA56C5B26} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {8FF951B7-7E93-4723-8A90-C8E116166E00} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {905BAC32-C39E-444A-A8E3-5E3EA72DF843} - C:\WINNT\Help\starter\mxlyss.dll (file missing)
O2 - BHO: (no name) - {95BFFAB4-F4E6-4F74-BD0C-0DCA9D54E1C4} - \
O2 - BHO: (no name) - {9AD16D7F-49A6-422C-BE55-7F59270ECDA6} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {9B343A8F-4478-4314-94FB-49CCDE84896F} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - C:\Program Files\BHO Plugin\plugin1.dll (file missing)
O2 - BHO: Jffdjljo Class - {A16AC1F4-BCA7-4401-B5F5-22240F78E776} - C:\WINNT\system32\p2jlseh8.dll (file missing)
O2 - BHO: (no name) - {A1F59C2E-5BDC-4F9B-934D-E275E7C65A46} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: Yvakt Class - {ABA0ABA4-1C23-42CE-A10B-E07B8609B555} - C:\WINNT\system32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {B16B5D1C-D978-4EBC-8146-EEFC81B8CFB8} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {B4AFD5E5-E9C5-4893-95C9-DF0651B15D36} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {BB0CE8AB-2572-44E9-9700-539A8449B026} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\rqrroll.dll (file missing)
O2 - BHO: (no name) - {CA82C0E1-0757-24F2-23F8-0C45017C2DE5} - C:\WINNT\system32\vnscct.dll (file missing)
O2 - BHO: (no name) - {D66722E4-2CDC-4D85-9A78-BAE7C5D2A570} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {DBCC7BEE-E732-4A52-919C-A9026E57C492} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {DEB00314-395A-4E70-8686-DCAC63A4DDFe} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {EA947CE6-B7A4-462C-B9E1-FA1D59E0A9DB} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {ED30650E-088F-48B1-B114-AA1BAA15E6A7} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {FEAC5E67-39F6-459E-BCB9-76A1600952B3} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {FF6167A8-D6C7-4707-A2B0-7811D50617B5} - C:\Program Files\Windows Media Player\nizybico.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Pop up Blocker Pro - {599125BC-6100-4DC3-BCB9-9452A2192CF5} - C:\Program Files\Pop up Blocker Pro\pdie.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O20 - Winlogon Notify: brwmgr - brwmgr32.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: trafkbdy - C:\WINNT\system32\trafkbdy.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
Post by: resevil83 on February 06, 2007, 01:25:09 AM
Checking Java version...
Java version is 1.5.0.3
Scan started at 12:09:23 AM 2/6/2007
Listing files found while scanning....
C:\WINNT\Help\starter\mxlyss.dll
C:\WINNT\Help\starter\ssylxm.bak1
C:\WINNT\Help\starter\ssylxm.bak2
C:\WINNT\Help\starter\ssylxm.ini
C:\WINNT\Help\starter\ssylxm.ini2
C:\WINNT\Help\starter\ssylxm.tmp
C:\WINNT\system32\anugbmlt.dll
C:\WINNT\system32\enylwpnk.dll
C:\WINNT\system32\gjtxqeqm.dll
C:\WINNT\system32\iergmope.dll
C:\WINNT\system32\iyfatcyr.exe
C:\WINNT\system32\knpwlyne.ini
C:\WINNT\system32\pjuxptvk.dll
C:\WINNT\system32\rqrroll.dll
C:\WINNT\system32\rtacltit.dll
C:\WINNT\system32\uqkyekfb.dll
C:\WINNT\system32\wsdgotag.dll
C:\WINNT\system32\yflmiedu.exe
C:\WINNT\system32\yiqviesi.exe
Beginning removal...
Attempting to delete C:\WINNT\Help\starter\mxlyss.dll
C:\WINNT\Help\starter\mxlyss.dll Has been deleted!
Attempting to delete C:\WINNT\Help\starter\ssylxm.bak1
C:\WINNT\Help\starter\ssylxm.bak1 Has been deleted!
Attempting to delete C:\WINNT\Help\starter\ssylxm.bak2
C:\WINNT\Help\starter\ssylxm.bak2 Has been deleted!
Attempting to delete C:\WINNT\Help\starter\ssylxm.ini
C:\WINNT\Help\starter\ssylxm.ini Has been deleted!
Attempting to delete C:\WINNT\Help\starter\ssylxm.ini2
C:\WINNT\Help\starter\ssylxm.ini2 Has been deleted!
Attempting to delete C:\WINNT\Help\starter\ssylxm.tmp
C:\WINNT\Help\starter\ssylxm.tmp Has been deleted!
Attempting to delete C:\WINNT\system32\enylwpnk.dll
C:\WINNT\system32\enylwpnk.dll Has been deleted!
Attempting to delete C:\WINNT\system32\iyfatcyr.exe
C:\WINNT\system32\iyfatcyr.exe Has been deleted!
Attempting to delete C:\WINNT\system32\knpwlyne.ini
C:\WINNT\system32\knpwlyne.ini Has been deleted!
Attempting to delete C:\WINNT\system32\rqrroll.dll
C:\WINNT\system32\rqrroll.dll Has been deleted!
Attempting to delete C:\WINNT\system32\yflmiedu.exe
C:\WINNT\system32\yflmiedu.exe Has been deleted!
Attempting to delete C:\WINNT\system32\yiqviesi.exe
C:\WINNT\system32\yiqviesi.exe Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pqjjlnss
*******************
Script file located at: \??\C:\Program Files\xoyeewot.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINNT\system32\jtxeqilr.dll deleted successfully.
File C:\WINNT\system32\umcioavl.exe deleted successfully.
File C:\WINNT\PID47IER.exe deleted successfully.
File C:\WINNT\System32\trafkbdy.exe not found!
Deletion of file C:\WINNT\System32\trafkbdy.exe failed!
Could not process line:
C:\WINNT\System32\trafkbdy.exe
Status: 0xc0000034
File C:\WINNT\system32\trafkbdy.dll not found!
Deletion of file C:\WINNT\system32\trafkbdy.dll failed!
Could not process line:
C:\WINNT\system32\trafkbdy.dll
Status: 0xc0000034
Folder C:\Program Files\cxtpls deleted successfully.
Folder C:\Program Files\bpt deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load|forwas deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|DllRunning deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Post by: resevil83 on February 06, 2007, 01:32:26 AM
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Vince.BACKROOM\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\VSAdd-in
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\PPATCH~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\PPATCH~1\w?auboot.exe
C:\qoobox\purity\Program Files\STEM32~1\STEM32~1
C:\qoobox\purity\Program Files\STEM32~1\wuaclt.exe
C:\qoobox\purity\WINNT\ECURIT~1
C:\qoobox\purity\WINNT\YMANTE~1
C:\qoobox\purity\WINNT\system32\MBOLS~1
((((((((((((((((((((((((((((((( Files Created from 2007-01-06 to 2007-02-06 ))))))))))))))))))))))))))))))))))
2007-02-06 00:09 <DIR> d-------- C:\VundoFix Backups
2007-02-06 00:03 <DIR> d-------- C:\avenger
2007-02-01 00:09 <DIR> d-------- C:\DOCUME~1\VINCE~1.BAC\DoctorWeb
2007-01-30 00:10 <DIR> d-------- C:\Rustbfix
2007-01-28 01:48 2,388 --a------ C:\WINNT\system32\tmp.reg
2007-01-28 01:47 79,360 --a------ C:\WINNT\system32\swxcacls.exe
2007-01-28 01:47 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-01-28 01:47 40,960 --a------ C:\WINNT\system32\swsc.exe
2007-01-28 01:47 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-01-28 01:47 135,168 --a------ C:\WINNT\system32\swreg.exe
2007-01-27 23:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-27 23:35 <DIR> d-------- C:\DOCUME~1\VINCE~1.BAC\Application Data\Lavasoft
2007-01-25 01:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-25 01:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-01-25 01:22 <DIR> d-------- C:\SDFix
2007-01-21 02:17 <DIR> d-------- C:\HJT
2007-01-15 16:50 <DIR> d-------- C:\Program Files\Exolon
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-06 00:16 -------- dr------- C:\Program Files\net nanny
2007-02-01 01:33 -------- d---s---- C:\DOCUME~1\VINCE~1.BAC\Application Data\microsoft
2007-02-01 01:27 -------- d-------- C:\Program Files\msn gaming zone
2007-02-01 01:24 -------- d-------- C:\Program Files\Common Files\java
2007-01-27 23:35 -------- d-------- C:\Program Files\lavasoft
2007-01-04 19:14 -------- d-------- C:\Program Files\limewire
2006-12-28 19:00 -------- d-------- C:\Program Files\aim
2006-12-25 23:29 -------- d-------- C:\DOCUME~1\VINCE~1.BAC\Application Data\limewire
2006-12-25 17:17 -------- d-------- C:\Program Files\itunes
2006-12-25 17:17 -------- d-------- C:\Program Files\ipod
2006-12-25 17:14 -------- d-------- C:\Program Files\quicktime
2006-12-25 17:11 -------- d-------- C:\Program Files\apple software update
2006-11-08 21:26 656 --a------ C:\WINNT\system32\sfc_os.dll
2006-11-08 21:26 17920 --a------ C:\WINNT\system32\ntio256.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"NNTray"="C:\\Program Files\\Net Nanny\\nnstart.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\trafkbdy
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job
Completion time: 07-02-06 0:30:35
C:\ComboFix2.txt ... 07-02-01 01:43
C:\ComboFix3.txt ... 07-01-30 00:36
Post by: resevil83 on February 06, 2007, 01:47:23 AM
02/06/07 00:33:28 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/06/07 00:33:29 [Note]: 7019 4
02/06/07 00:33:29 [Note]: 7005 0
02/06/07 00:33:35 [Note]: 7006 0
02/06/07 00:33:35 [Note]: 7011 1048
02/06/07 00:33:35 [Note]: 7026 0
02/06/07 00:33:35 [Note]: 7026 0
02/06/07 00:33:35 [Note]: 7024 3
02/06/07 00:33:35 [Info]: Hidden process: C:\WINNT\system32\protector.exe
02/06/07 00:33:43 [Note]: FSRAW library version 1.7.1021
02/06/07 00:37:48 [Info]: Hidden file: c:\WINNT\River Sumida.bmp:ieneb
02/06/07 00:37:48 [Info]: Hidden file: c:\WINNT\rqnti.dat:dagbm
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q329441.log:fofyo
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q331958.log:crodu
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q810243.log:mfxtx
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q810577.log:mnoir
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q810833.log:vhvjn
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q811493.log:oefon
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q811493.log:yipuz
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q811630.log:fztmf
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q814033.log:mjkkz
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q814696.log:xgiet
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q814995.log:ntdgh
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q814995.log:rihhb
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q817287.log:hlgzv
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\bootstat.dat:iiqau
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\mxqrg.dat:nlste
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\FaxSetup.log:lwbtn
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\FaxSetup.log:usmigl
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\fcuaf.dat:enfvx
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\wiaservc.log:pwgsi
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\slcplappl.ico:ttven
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\SmCfg.exe:qfugm
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\SmCfg.exe:zgeme
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\smdat32a.sys:eavbn
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\smscfg.ini:xhbpk
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:pkiwr
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:yzgar
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:mtnuo
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:xwoak
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\ogrri.dat:fbqiy
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\ogrri.dat:rnfho
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\ogrri.dat:zvdly
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\owdoq.dat:szixf
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:lgjqq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:sunyq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:lgjqq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:sunyq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:lgjqq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:sunyq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:lgjqq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:sunyq
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:lgjqq
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:sehrs
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:vmpun
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:lgjqq
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:sunyq
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16.exe:sunyq
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_32(2).exe:grupmz
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\lndpd.dat:rwvfu
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\gftgk.dat:sackje
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\atid.ini:cpsln
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\Q819696.log:wjmnv
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\qbvjw.dat:rzgza
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:eaqsy
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:ltxkk
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\KB282010.log:kfgkp
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\KB821557.log:flwmz
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\KB822603.log:cfrpr
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\KB828741.log:zofiid
02/06/07 00:37:55 [Info]: Hidden file: c:\WINNT\mscr(2).exe:oepfd
02/06/07 00:37:55 [Info]: Hidden file: c:\WINNT\mscr(3).exe:oepfd
02/06/07 00:37:55 [Info]: Hidden file: c:\WINNT\mscr(4).exe:oepfd
02/06/07 00:37:55 [Info]: Hidden file: c:\WINNT\msdfmap.ini:qgwhy
02/06/07 00:37:55 [Info]: Hidden file: c:\WINNT\msdp(2).exe:tzvdcd
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\yohdo.dat:buvoa
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\yohdo.dat:zljca
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\Prairie Wind.bmp:xffdp
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\Q323255.log:reqiv
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\Q327979.log:pgxij
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\Q329115.log:wnlvc
02/06/07 00:37:57 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:mjopy
02/06/07 00:37:57 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:qiuqc
02/06/07 00:37:57 [Info]: Hidden file: c:\WINNT\Coffee Bean.bmp:rgbfh
02/06/07 00:37:57 [Info]: Hidden file: c:\WINNT\Sti_Trace.log:obnjg
02/06/07 00:37:58 [Info]: Hidden file: c:\WINNT\winnt.bmp:qmbnt
02/06/07 00:37:58 [Info]: Hidden file: c:\WINNT\winstart(2).bat:llhxhj
02/06/07 00:37:58 [Info]: Hidden file: c:\WINNT\winstart(3).bat:llhxhj
02/06/07 00:37:58 [Info]: Hidden file: c:\WINNT\winstart(4).bat:llhxhj
02/06/07 00:37:58 [Info]: Hidden file: c:\WINNT\msym.exe:ppgbb
02/06/07 00:37:59 [Info]: Hidden file: c:\WINNT\ieuninst.exe:gcaua
02/06/07 00:37:59 [Info]: Hidden file: c:\WINNT\iimvz.dat:szdrz
02/06/07 00:37:59 [Info]: Hidden file: c:\WINNT\iimvz.dat:yohyk
02/06/07 00:37:59 [Info]: Hidden file: c:\WINNT\DHCPUPG.LOG:yxqvpx
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\setupact.log:owidb
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\setuplog.txt:hxtqv
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\setuplog.txt:smgtu
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\ocgen.log:ycllv
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\ODBCINST.INI:pfhkn
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\SchedLgU.Txt:fwreb
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\ScUnin.exe:ovjwz
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\_default(11).pif:pjvze
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\_default(21).pif:pjvze
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\_default(31).pif:pjvze
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\ujqrh.dat:nwmmg
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\UNNeroBurnRights.cfg:yuodc
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain(2).dll:gmyvs
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain(3).dll:gmyvs
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain(4).dll:gmyvs
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain(5).dll:gmyvs
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain.dll:gmyvs
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:gmkuzw
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:jojhk
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:gmkuzw
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:jojhk
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:gmkuzw
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:jojhk
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:gmkuzw
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:jojhk
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\wininit.ini:gliiz
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(9).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(6).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(7).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(10).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(12).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(13).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(14).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(15).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(16).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(17).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(18).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(19).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(2).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(20).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(23).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(24).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(25).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(26).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(27).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(28).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(29).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(3).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(30).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(32).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(33).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(34).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(35).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(37).pif:wnvjb
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(4).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(5).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(8).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default.pif:zwypt
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(22).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\siwik.dat:bdeet
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\twdbl.dat:wafwr
02/06/07 00:38:06 [Info]: Hidden file: c:\WINNT\KB842773.log:xsddaf
02/06/07 00:42:07 [Info]: Hidden file: c:\WINNT\system32\ntio256.sys
02/06/07 00:42:07 [Note]: 7002 0
02/06/07 00:42:07 [Note]: 7003 1
02/06/07 00:42:07 [Note]: 10002 1
02/06/07 00:42:11 [Info]: Hidden file: C:\WINNT\system32\protector.exe
02/06/07 00:42:11 [Note]: 7002 0
02/06/07 00:42:11 [Note]: 7003 1
02/06/07 00:42:11 [Note]: 10002 1
02/06/07 00:43:26 [Note]: 2000 1012
02/06/07 00:46:13 [Note]: 7007 0
Post by: resevil83 on February 06, 2007, 01:53:51 AM
AntiVir
Found TR/Agent.YC.2
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found Trojan.Spy.Goldun.DA
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
The above scan was for sfc_os.dll
The scan below was for smartdownload.exe
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Post by: guestolo on February 11, 2007, 12:26:09 PM
I'll try and stick with you now as I have more time
Since I've been away, can we ensure that things haven't changed too much
Can I have you run blbeta.exe again and post a fresh log please
Also, delete this folder
C:\qoobox <-this folder
Run Combofix again and post a fresh log
Just the above 2 logs then we'll try and kill this thing
Again, I apologize for the long delay
Post by: resevil83 on February 13, 2007, 01:00:44 AM
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Vince.BACKROOM\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))
2007-02-06 00:09 <DIR> d-------- C:\VundoFix Backups
2007-02-06 00:03 <DIR> d-------- C:\avenger
2007-02-01 00:09 <DIR> d-------- C:\DOCUME~1\VINCE~1.BAC\DoctorWeb
2007-01-30 00:10 <DIR> d-------- C:\Rustbfix
2007-01-28 01:48 2,388 --a------ C:\WINNT\system32\tmp.reg
2007-01-28 01:47 79,360 --a------ C:\WINNT\system32\swxcacls.exe
2007-01-28 01:47 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-01-28 01:47 40,960 --a------ C:\WINNT\system32\swsc.exe
2007-01-28 01:47 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-01-28 01:47 135,168 --a------ C:\WINNT\system32\swreg.exe
2007-01-27 23:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-27 23:35 <DIR> d-------- C:\DOCUME~1\VINCE~1.BAC\Application Data\Lavasoft
2007-01-25 01:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-25 01:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-01-25 01:22 <DIR> d-------- C:\SDFix
2007-01-21 02:17 <DIR> d-------- C:\HJT
2007-01-15 16:50 <DIR> d-------- C:\Program Files\Exolon
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-12 23:38 -------- dr------- C:\Program Files\net nanny
2007-02-01 01:33 -------- d---s---- C:\DOCUME~1\VINCE~1.BAC\Application Data\microsoft
2007-02-01 01:27 -------- d-------- C:\Program Files\msn gaming zone
2007-02-01 01:24 -------- d-------- C:\Program Files\Common Files\java
2007-01-27 23:35 -------- d-------- C:\Program Files\lavasoft
2007-01-04 19:14 -------- d-------- C:\Program Files\limewire
2006-12-28 19:00 -------- d-------- C:\Program Files\aim
2006-12-25 23:29 -------- d-------- C:\DOCUME~1\VINCE~1.BAC\Application Data\limewire
2006-12-25 17:17 -------- d-------- C:\Program Files\itunes
2006-12-25 17:17 -------- d-------- C:\Program Files\ipod
2006-12-25 17:14 -------- d-------- C:\Program Files\quicktime
2006-12-25 17:11 -------- d-------- C:\Program Files\apple software update
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"NNTray"="C:\\Program Files\\Net Nanny\\nnstart.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\trafkbdy
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job
Completion time: 07-02-12 23:57:49
C:\ComboFix2.txt ... 07-02-06 00:30
C:\ComboFix3.txt ... 07-02-01 01:43
Post by: resevil83 on February 13, 2007, 01:19:14 AM
02/13/07 00:02:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/13/07 00:02:48 [Note]: 7019 4
02/13/07 00:02:48 [Note]: 7005 0
02/13/07 00:02:50 [Note]: 7006 0
02/13/07 00:02:50 [Note]: 7011 1248
02/13/07 00:02:50 [Note]: 7026 0
02/13/07 00:02:50 [Note]: 7026 0
02/13/07 00:02:50 [Note]: 7024 3
02/13/07 00:02:50 [Info]: Hidden process: C:\WINNT\system32\protector.exe
02/13/07 00:02:58 [Note]: FSRAW library version 1.7.1021
02/13/07 00:06:59 [Info]: Hidden file: c:\WINNT\River Sumida.bmp:ieneb
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\rqnti.dat:dagbm
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q329441.log:fofyo
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q331958.log:crodu
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q810243.log:mfxtx
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q810577.log:mnoir
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q810833.log:vhvjn
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q811493.log:oefon
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q811493.log:yipuz
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q811630.log:fztmf
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q814033.log:mjkkz
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q814696.log:xgiet
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q814995.log:ntdgh
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\Q814995.log:rihhb
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\Q817287.log:hlgzv
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\bootstat.dat:iiqau
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\mxqrg.dat:nlste
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\FaxSetup.log:lwbtn
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\FaxSetup.log:usmigl
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\fcuaf.dat:enfvx
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\wiaservc.log:pwgsi
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\slcplappl.ico:ttven
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\SmCfg.exe:qfugm
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\SmCfg.exe:zgeme
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\smdat32a.sys:eavbn
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\smscfg.ini:xhbpk
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:pkiwr
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:yzgar
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:mtnuo
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:xwoak
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\ogrri.dat:fbqiy
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\ogrri.dat:rnfho
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\ogrri.dat:zvdly
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\owdoq.dat:szixf
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:lgjqq
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:sunyq
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:lgjqq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:sunyq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:lgjqq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:sunyq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:lgjqq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:sunyq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:lgjqq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:sehrs
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:vmpun
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:lgjqq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:sunyq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16.exe:sunyq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_32(2).exe:grupmz
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\lndpd.dat:rwvfu
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\gftgk.dat:sackje
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\atid.ini:cpsln
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\Q819696.log:wjmnv
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\qbvjw.dat:rzgza
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:eaqsy
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:ltxkk
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\KB282010.log:kfgkp
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\KB821557.log:flwmz
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\KB822603.log:cfrpr
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\KB828741.log:zofiid
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\mscr(2).exe:oepfd
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\mscr(3).exe:oepfd
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\mscr(4).exe:oepfd
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\msdfmap.ini:qgwhy
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\msdp(2).exe:tzvdcd
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\yohdo.dat:buvoa
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\yohdo.dat:zljca
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\Prairie Wind.bmp:xffdp
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\Q323255.log:reqiv
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\Q327979.log:pgxij
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\Q329115.log:wnlvc
02/13/07 00:07:06 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:mjopy
02/13/07 00:07:06 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:qiuqc
02/13/07 00:07:06 [Info]: Hidden file: c:\WINNT\Coffee Bean.bmp:rgbfh
02/13/07 00:07:06 [Info]: Hidden file: c:\WINNT\Sti_Trace.log:obnjg
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\winnt.bmp:qmbnt
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\winstart(2).bat:llhxhj
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\winstart(3).bat:llhxhj
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\winstart(4).bat:llhxhj
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\msym.exe:ppgbb
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\ieuninst.exe:gcaua
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\iimvz.dat:szdrz
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\iimvz.dat:yohyk
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\DHCPUPG.LOG:yxqvpx
02/13/07 00:07:08 [Info]: Hidden file: c:\WINNT\setupact.log:owidb
02/13/07 00:07:08 [Info]: Hidden file: c:\WINNT\setuplog.txt:hxtqv
02/13/07 00:07:08 [Info]: Hidden file: c:\WINNT\setuplog.txt:smgtu
02/13/07 00:07:08 [Info]: Hidden file: c:\WINNT\ocgen.log:ycllv
02/13/07 00:07:08 [Info]: Hidden file: c:\WINNT\ODBCINST.INI:pfhkn
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\SchedLgU.Txt:fwreb
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\ScUnin.exe:ovjwz
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\_default(11).pif:pjvze
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\_default(21).pif:pjvze
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\_default(31).pif:pjvze
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\ujqrh.dat:nwmmg
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\UNNeroBurnRights.cfg:yuodc
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\twain(2).dll:gmyvs
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\twain(3).dll:gmyvs
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\twain(4).dll:gmyvs
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain(5).dll:gmyvs
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain.dll:gmyvs
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:gmkuzw
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:jojhk
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:gmkuzw
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:jojhk
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:gmkuzw
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:jojhk
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:gmkuzw
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:jojhk
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\wininit.ini:gliiz
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\_default(9).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(6).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(7).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(10).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(12).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(13).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(14).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(15).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(16).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(17).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(18).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(19).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(2).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(20).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(23).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(24).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(25).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(26).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(27).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(28).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(29).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(3).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(30).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(32).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(33).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(34).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(35).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(37).pif:wnvjb
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(4).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(5).pif:pjvze
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\_default(8).pif:pjvze
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\_default.pif:zwypt
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\_default(22).pif:pjvze
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\siwik.dat:bdeet
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\twdbl.dat:wafwr
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\KB842773.log:xsddaf
02/13/07 00:11:26 [Info]: Hidden file: c:\WINNT\system32\ntio256.sys
02/13/07 00:11:26 [Note]: 7002 0
02/13/07 00:11:26 [Note]: 7003 1
02/13/07 00:11:26 [Note]: 10002 1
02/13/07 00:11:30 [Info]: Hidden file: C:\WINNT\system32\protector.exe
02/13/07 00:11:30 [Note]: 7002 0
02/13/07 00:11:30 [Note]: 7003 1
02/13/07 00:11:30 [Note]: 10002 1
02/13/07 00:12:43 [Note]: 2000 1012
02/13/07 00:16:13 [Note]: 7007 0
Post by: resevil83 on February 13, 2007, 01:24:08 AM
Post by: guestolo on February 13, 2007, 10:19:12 AM
Going off of the last hijackthis log I seen
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: (no name) - {0E8D10D4-E7D2-4912-9B8C-7F657584E565} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {129F4CC9-DEC7-4C8D-85D2-BE479760D871} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {13B14BF0-A5DE-449D-9E33-B9BFEB220BE5} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {1E1C49DA-0B86-4CE9-969E-EA1AC998F151} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {2416E910-CA38-4567-8DCA-4A050DADCABa} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {254E362D-5BA0-458A-9A12-3C2D6FCE4D8F} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {286D7B76-7883-9B10-E16F-90945C669B40} - C:\WINNT\nttd32.dll (file missing)
O2 - BHO: (no name) - {2C14287D-0C43-4880-80D6-3526788B0D21} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {2D3F6A04-86CA-4F10-A18B-BC124E04C4CB} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {325B8880-1463-6CCD-40EE-4D918CD788BC} - C:\WINNT\system32\bgnfwko.dll (file missing)
O2 - BHO: (no name) - {44A380A3-0821-1E04-C7E1-0755E228F280} - C:\WINNT\system32\rfwmxjb.dll (file missing)
O2 - BHO: (no name) - {4A7F3263-0A87-431D-BBB4-96A39C916215} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {4A7F8215-D067-419D-912B-394D98E2D6F3} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {52F434D1-1688-4D0F-99D5-5B7C9395B923} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINNT\system32\drivera.dll (file missing)
O2 - BHO: (no name) - {5DA7D1DD-9903-4834-8957-69722CE935E1} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {66328523-C007-4C8C-AC23-FC6E0C6C8D3E} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\iergmope.dll (file missing)
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINNT\cfg32r.dll (file missing)
O2 - BHO: (no name) - {79B29746-03F1-491E-ABB0-089827B3D284} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {897CE532-BBB2-448E-A3D6-570B989DBB8C} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {8DA10DA2-A02C-4806-83AC-011BA56C5B26} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {8FF951B7-7E93-4723-8A90-C8E116166E00} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {905BAC32-C39E-444A-A8E3-5E3EA72DF843} - C:\WINNT\Help\starter\mxlyss.dll (file missing)
O2 - BHO: (no name) - {95BFFAB4-F4E6-4F74-BD0C-0DCA9D54E1C4} - \
O2 - BHO: (no name) - {9AD16D7F-49A6-422C-BE55-7F59270ECDA6} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {9B343A8F-4478-4314-94FB-49CCDE84896F} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - C:\Program Files\BHO Plugin\plugin1.dll (file missing)
O2 - BHO: Jffdjljo Class - {A16AC1F4-BCA7-4401-B5F5-22240F78E776} - C:\WINNT\system32\p2jlseh8.dll (file missing)
O2 - BHO: (no name) - {A1F59C2E-5BDC-4F9B-934D-E275E7C65A46} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: Yvakt Class - {ABA0ABA4-1C23-42CE-A10B-E07B8609B555} - C:\WINNT\system32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {B16B5D1C-D978-4EBC-8146-EEFC81B8CFB8} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {B4AFD5E5-E9C5-4893-95C9-DF0651B15D36} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {BB0CE8AB-2572-44E9-9700-539A8449B026} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\rqrroll.dll (file missing)
O2 - BHO: (no name) - {CA82C0E1-0757-24F2-23F8-0C45017C2DE5} - C:\WINNT\system32\vnscct.dll (file missing)
O2 - BHO: (no name) - {D66722E4-2CDC-4D85-9A78-BAE7C5D2A570} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {DBCC7BEE-E732-4A52-919C-A9026E57C492} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {DEB00314-395A-4E70-8686-DCAC63A4DDFe} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {EA947CE6-B7A4-462C-B9E1-FA1D59E0A9DB} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {ED30650E-088F-48B1-B114-AA1BAA15E6A7} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {FEAC5E67-39F6-459E-BCB9-76A1600952B3} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {FF6167A8-D6C7-4707-A2B0-7811D50617B5} - C:\Program Files\Windows Media Player\nizybico.dll
O20 - Winlogon Notify: brwmgr - brwmgr32.dll (file missing)
O20 - Winlogon Notify: trafkbdy - C:\WINNT\system32\trafkbdy.dll (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Open blbeta.exe (blacklight) again.
Click Scan>>>Next
When it's done
It will show you all those files again
Now select each of those entries and click the 'rename' button.
Do this for all of them.
Blacklight adds the rename to those entries.
Click next and it will tell you that those files will get renamed and if you are sure. Click
Yes>>OK
Then it will ask you to reboot.
Click yes.
Your system must reboot now.
Back in Windows
Download [color=\"blue\"]haxfix.exe[/color] (http://\"http://users.telenet.be/marcvn/tools/haxfix.exe\")
and save it to your desktop.
- Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
- Checkmark "Create a desktop icon"
- Click "Next"
- When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
- Click "Finish"
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix
- Select option 1. Make logfile by typing 1 and then pressing Enter
- Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt
- Copy the contents of that logfile and paste it into this thread. (c:\haxfix.txt)
1. A fresh hijackthis log
2. Delete the logs made from blbeta.exe, run a fresh scan and post it's log
3. Download SREng from
HERE (http://\"http://www.kztechs.com/sreng/sreng2.zip\")
Extract it to Desktop and double click SREng.exe to run it
Select: Smart Scan and click on the [Scan] button.
Let the scan finish, may take a couple minutes
When finished, click on the 'Save Reports' button and save the log to Desktop
Please post the SREng log in your reply.
Post by: resevil83 on February 14, 2007, 01:14:59 AM
version 4.37
Tue 02/13/2007 23:56:06.40
--- Checking for Haxdoor ---
checking for a3d files
a3d files not found
checking for matching notify keys
no matching notify keys found
checking for matching services
no matching services found
checking for matching safeboot services
no matching safeboot services found
checking for other Haxdoor-files
no other Haxdoor-files found
--- Checking for Goldun ---
checking for SSODL keys
no ssodl keys found
checking for notify keys
no notify keys found
checking for services
no services found
checking for other Goldun-files
no other Goldun-files found
checking iexplore.exe
iexplore.exe is infected!!
iexplore.exe not found in dllcache
no tmp-files found in temp-folder
no backups of iexplore.exe found!!
checking sfc_os.dll
sfc_os.dll is infected!!
sfc_os.dll not found in dllcache
no tmp-files found in temp-folder
no backups found of sfc_os.dll!!
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 11:58:20 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NNSvc - BioNet Systems, LLC - C:\Program Files\Net Nanny\nnsvc.exe
02/13/07 23:59:08 [Info]: BlackLight Engine 1.0.55 initialized
02/13/07 23:59:08 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/13/07 23:59:09 [Note]: 7019 4
02/13/07 23:59:09 [Note]: 7005 0
02/13/07 23:59:12 [Note]: 7006 0
02/13/07 23:59:12 [Note]: 7011 1040
02/13/07 23:59:12 [Note]: 7026 0
02/13/07 23:59:13 [Note]: 7026 0
02/13/07 23:59:24 [Note]: FSRAW library version 1.7.1021
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\River Sumida.bmp:ieneb
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\rqnti.dat:dagbm
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\Q329441.log:fofyo
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\Q331958.log:crodu
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\Q810243.log:mfxtx
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\Q810577.log:mnoir
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q810833.log:vhvjn
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q811493.log:oefon
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q811493.log:yipuz
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q811630.log:fztmf
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q814033.log:mjkkz
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q814696.log:xgiet
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q814995.log:ntdgh
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q814995.log:rihhb
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q817287.log:hlgzv
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\bootstat.dat:iiqau
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\mxqrg.dat:nlste
02/14/07 00:03:37 [Info]: Hidden file: c:\WINNT\FaxSetup.log:lwbtn
02/14/07 00:03:37 [Info]: Hidden file: c:\WINNT\FaxSetup.log:usmigl
02/14/07 00:03:37 [Info]: Hidden file: c:\WINNT\fcuaf.dat:enfvx
02/14/07 00:03:37 [Info]: Hidden file: c:\WINNT\wiaservc.log:pwgsi
02/14/07 00:03:37 [Info]: Hidden file: c:\WINNT\slcplappl.ico:ttven
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\SmCfg.exe:qfugm
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\SmCfg.exe:zgeme
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\smdat32a.sys:eavbn
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\smscfg.ini:xhbpk
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:pkiwr
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:yzgar
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:mtnuo
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:xwoak
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\ogrri.dat:fbqiy
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\ogrri.dat:rnfho
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\ogrri.dat:zvdly
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\owdoq.dat:szixf
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:lgjqq
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:lgjqq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:lgjqq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:lgjqq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:lgjqq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:sehrs
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:vmpun
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:lgjqq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16.exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_32(2).exe:grupmz
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\lndpd.dat:rwvfu
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\gftgk.dat:sackje
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\atid.ini:cpsln
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\Q819696.log:wjmnv
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\qbvjw.dat:rzgza
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:eaqsy
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:ltxkk
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\KB282010.log:kfgkp
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\KB821557.log:flwmz
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\KB822603.log:cfrpr
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\KB828741.log:zofiid
02/14/07 00:03:41 [Info]: Hidden file: c:\WINNT\mscr(2).exe:oepfd
02/14/07 00:03:41 [Info]: Hidden file: c:\WINNT\mscr(3).exe:oepfd
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\mscr(4).exe:oepfd
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\msdfmap.ini:qgwhy
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\msdp(2).exe:tzvdcd
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\yohdo.dat:buvoa
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\yohdo.dat:zljca
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\Prairie Wind.bmp:xffdp
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\Q323255.log:reqiv
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\Q327979.log:pgxij
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\Q329115.log:wnlvc
02/14/07 00:03:43 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:mjopy
02/14/07 00:03:43 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:qiuqc
02/14/07 00:03:43 [Info]: Hidden file: c:\WINNT\Coffee Bean.bmp:rgbfh
02/14/07 00:03:43 [Info]: Hidden file: c:\WINNT\Sti_Trace.log:obnjg
02/14/07 00:03:44 [Info]: Hidden file: c:\WINNT\winnt.bmp:qmbnt
02/14/07 00:03:44 [Info]: Hidden file: c:\WINNT\winstart(2).bat:llhxhj
02/14/07 00:03:44 [Info]: Hidden file: c:\WINNT\winstart(3).bat:llhxhj
02/14/07 00:03:44 [Info]: Hidden file: c:\WINNT\winstart(4).bat:llhxhj
02/14/07 00:03:44 [Info]: Hidden file: c:\WINNT\msym.exe:ppgbb
02/14/07 00:03:45 [Info]: Hidden file: c:\WINNT\ieuninst.exe:gcaua
02/14/07 00:03:45 [Info]: Hidden file: c:\WINNT\iimvz.dat:szdrz
02/14/07 00:03:45 [Info]: Hidden file: c:\WINNT\iimvz.dat:yohyk
02/14/07 00:03:45 [Info]: Hidden file: c:\WINNT\DHCPUPG.LOG:yxqvpx
02/14/07 00:03:46 [Info]: Hidden file: c:\WINNT\setupact.log:owidb
02/14/07 00:03:46 [Info]: Hidden file: c:\WINNT\setuplog.txt:hxtqv
02/14/07 00:03:46 [Info]: Hidden file: c:\WINNT\setuplog.txt:smgtu
02/14/07 00:03:46 [Info]: Hidden file: c:\WINNT\ocgen.log:ycllv
02/14/07 00:03:46 [Info]: Hidden file: c:\WINNT\ODBCINST.INI:pfhkn
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\SchedLgU.Txt:fwreb
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\ScUnin.exe:ovjwz
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\_default(11).pif:pjvze
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\_default(21).pif:pjvze
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\_default(31).pif:pjvze
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\ujqrh.dat:nwmmg
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\UNNeroBurnRights.cfg:yuodc
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain(2).dll:gmyvs
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain(3).dll:gmyvs
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain(4).dll:gmyvs
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain(5).dll:gmyvs
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain.dll:gmyvs
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:gmkuzw
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:jojhk
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:gmkuzw
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:jojhk
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:gmkuzw
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:jojhk
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:gmkuzw
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:jojhk
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\wininit.ini:gliiz
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(9).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(6).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(7).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(10).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(12).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(13).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(14).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(15).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(16).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(17).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(18).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(19).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(2).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(20).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(23).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(24).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(25).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(26).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(27).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(28).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(29).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(3).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(30).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(32).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(33).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(34).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(35).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(37).pif:wnvjb
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(4).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(5).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(8).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default.pif:zwypt
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(22).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\siwik.dat:bdeet
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\twdbl.dat:wafwr
02/14/07 00:03:52 [Info]: Hidden file: c:\WINNT\KB842773.log:xsddaf
02/14/07 00:09:50 [Note]: 2000 1012
02/14/07 00:13:48 [Note]: 7007 0
Post by: resevil83 on February 14, 2007, 01:50:58 AM
Code: [Select]
2007-02-14,00:42:01
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IgfxTray><C:\WINNT\System32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINNT\System32\hkcmd.exe> [(Verified)Intel Corporation]
<NeroCheck><C:\WINNT\System32\NeroCheck.exe> [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Corporation]
<{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Corporation]
<SysTray><C:\WINNT\System32\stobject.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
<WinlogonNotify: wzcnotif><wzcdlg.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Corporation]
==================================
Startup Folders
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MI1933~1\Office10\OSA.EXE [Microsoft Corporation]><N>
==================================
Services
[ANIWZCSd Service / ANIWZCSdService][Stopped/Auto Start]
<C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe><Alpha Networks Inc.>
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe><GRISOFT, s.r.o.>
[Creative Service for CDROM Access / Creative Service for CDROM Access][Running/Auto Start]
<C:\WINNT\system32\CTsvcCDA.EXE><Creative Technology Ltd>
[iPod Service / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[ISEXEng / ISEXEng][Stopped/Disabled]
<C:\WINNT\System32\angelex.exe><N/A>
[mstlsapi / mstlsapi][Stopped/Disabled]
<"C:\WINNT\mstlsapi.exe"><N/A>
[Intel NCS NetService / NetSvc][Stopped/Manual Start]
<C:\Program Files\Intel\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[Windows Media Connect (WMC) / WmcCds][Stopped/Manual Start]
<c:\program files\windows media connect\mswmccds.exe><Microsoft Corporation>
[Windows Media Connect (WMC) Helper / WmcCdsLs][Stopped/Manual Start]
<C:\Program Files\Windows Media Connect\mswmcls.exe><Microsoft Corporation>
[NNSvc / NNSvc][Stopped/Auto Start]
<C:\Program Files\Net Nanny\nnsvc.exe><BioNet Systems, LLC>
==================================
Drivers
[D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) / A3AB][Running/Manual Start]
<system32\DRIVERS\A3AB.sys><D-Link Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ANIO Service / ANIO][Running/Auto Start]
<\??\C:\WINNT\system32\ANIO.SYS><Alpha Networks Inc.>
[AVG7 Kernel / Avg7Core][Running/System Start]
<\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW][Running/System Start]
<\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP][Running/System Start]
<\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG Network Redirector / AvgTdi][Running/Auto Start]
<\??\C:\WINNT\System32\Drivers\avgtdi.sys><GRISOFT, s.r.o.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<System32\DRIVERS\e100b325.sys><Intel Corporation>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[HPFECP06 / HPFECP06][Running/Auto Start]
<\SystemRoot\System32\drivers\HPFECP06.SYS><N/A>
[ialm / ialm][Running/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel Integrated RAID / iaStor][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\iaStor.sys><Intel Corporation>
[IntelC51 / IntelC51][Running/Manual Start]
<System32\DRIVERS\IntelC51.sys><Intel Corporation>
[IntelC52 / IntelC52][Running/Manual Start]
<System32\DRIVERS\IntelC52.sys><Intel Corporation>
[IntelC53 / IntelC53][Running/Manual Start]
<System32\DRIVERS\IntelC53.sys><Intel Corporation>
[mohfilt / mohfilt][Running/Manual Start]
<System32\DRIVERS\mohfilt.sys><Intel Corporation>
[Mtlmnt5 / Mtlmnt5][Stopped/Manual Start]
<System32\DRIVERS\Mtlmnt5.sys><Smart Link>
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
<System32\DRIVERS\Mtlstrm.sys><Smart Link>
[Input and output operations / ntio256][Stopped/Auto Start]
<\??\C:\WINNT\system32\ntio256.sys><N/A>
[NtMtlFax / NtMtlFax][Stopped/Manual Start]
<System32\DRIVERS\NtMtlFax.sys><Smart Link>
[nv / nv][Stopped/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PfModNT / PfModNT][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\PfModNT.sys><Creative Technology Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RecAgent / RecAgent][Stopped/Manual Start]
<\??\C:\WINNT\System32\DRIVERS\RecAgent.sys><Smart Link>
[Secdrv / Secdrv][Running/Auto Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SmartLink AMR_PCI Driver / Slntamr][Stopped/Manual Start]
<System32\DRIVERS\slntamr.sys><Smart Link>
[SlNtHal / SlNtHal][Stopped/Manual Start]
<System32\DRIVERS\Slnthal.sys><Smart Link>
[SlWdmSup / SlWdmSup][Stopped/Manual Start]
<System32\DRIVERS\SlWdmSup.sys><Vireo Software>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
<System32\DRIVERS\wanatw4.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>
==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[AOL Toolbar Launcher]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[AOL Toolbar]
{3369AF0D-62E9-4bda-8103-B4C75499B578} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[AIM]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:\Program Files\AIM\aim.exe, America Online, Inc.>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINNT\System32\Shdocvw.dll, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[HouseCall Control]
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} <C:\WINNT\DOWNLO~1\xscan60.ocx, Trend Micro Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINNT\System32\LegitCheckControl.DLL, Microsoft® Corporation>
[Java Plug-in 1.5.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll, Sun Microsystems, Inc.>
[compid Class]
{9A57B18E-2F5D-11D5-8997-00104BD12D94} <C:\WINNT\Downloaded Program Files\gwCID.dll, PC Pitstop LLC>
[Java Plug-in 1.5.0_03]
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[]
{013A653B-49A6-4F76-8B68-E4875EA6BA54} <C:\WINNT\system32\pjuxptvk.dll, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{1DAEFCB9-06C8-47C6-8F20-3FB54B244DAA} <C:\WINNT\system32\uqkyekfb.dll, N/A>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\System32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINNT\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AOL Toolbar Launcher]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[]
{7DA39570-5FD2-4F18-94B4-20730CB3F727} <C:\WINNT\system32\wsdgotag.dll, N/A>
[]
{849B9523-785F-4014-9CAF-079FB4A74C61} <C:\WINNT\system32\gjtxqeqm.dll, N/A>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINNT\System32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINNT\System32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[AOL Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[]
{F18F04B0-9CF1-4B93-B004-77A288BEE28B} <C:\WINNT\system32\rtacltit.dll, N/A>
[&AOL Toolbar Search]
<c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html, N/A>
==================================
Running Processes
[PID: 644][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 996][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1140][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1224][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1320][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1736][C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe] [GRISOFT, s.r.o., 7,1,0,365]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7,1,0,321]
[C:\Program Files\Grisoft\AVG Free\avglng.dll] [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgamint.dll] [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgamsps.dll] [GRISOFT, s.r.o., 7,1,0,285]
[PID: 1800][C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe] [GRISOFT, s.r.o., 7,1,0,349]
[PID: 1860][C:\WINNT\system32\CTsvcCDA.EXE] [Creative Technology Ltd, 1.0.1.0]
[PID: 248][C:\WINNT\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1040][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[PID: 1124][C:\WINNT\System32\hkcmd.exe] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\hccutils.DLL] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxdev.dll] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxhk.dll] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxres.dll] [Intel Corporation, 3.0.0.2209]
[PID: 1208][C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe] [GRISOFT, s.r.o., 7,1,0,371]
[C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7,1,0,321]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avglng.dll] [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgscan.dll] [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgunarc.dll] [GRISOFT, s.r.o., 7,1,0,381]
[C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll] [GRISOFT, s.r.o., 7,1,0,300]
[C:\Program Files\Grisoft\AVG Free\avgmail.dll] [GRISOFT, s.r.o., 7,1,0,358]
[PID: 1216][C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe] [D-Link, 3, 3, 1, 50324]
[C:\WINNT\system32\wlanapi.dll] [Alpha Networks Inc., 1, 3, 19, 50222]
[C:\WINNT\system32\ANIOApi.dll] [Alpha Networks Inc., 2, 0, 0, 40127]
[C:\WINNT\system32\AQCKGen.dll] [Alpha Networks Inc., 1, 0, 0, 30603]
[C:\WINNT\system32\WlanApp.dll] [Alpha Networks Inc., 1, 0, 10, 50316]
[PID: 1180][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 7.0.2.16]
[PID: 136][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla, 1.0.7]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll] [N/A, N/A]
[C:\Program Files\Mozilla Firefox\components\qfaservices.dll] [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\components\FULLSOFT.DLL] [Full Circle Software, Inc., 2.2.unofficial]
[C:\Program Files\Java\jre1.5.0_03\bin\NPOJI610.dll] [Sun Microsystems, Inc., 5.0.30.7]
[C:\Program Files\Java\jre1.5.0_03\bin\jpioji.dll] [Sun Microsystems, Inc., 5.0.30.7]
[C:\Program Files\Java\jre1.5.0_03\bin\jpinscp.dll] [Sun Microsystems, Inc., 5.0.30.7]
[C:\Program Files\Java\jre1.5.0_03\bin\jpishare.dll] [Sun Microsystems, Inc., 5.0.30.7]
[C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.7.12: 2005091517]
[C:\PROGRA~1\MOZILL~1\nssckbi.dll] [Netscape Communications Corporation, 1.42]
[PID: 1984][C:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 7.0.2.16]
[PID: 1960][C:\Documents and Settings\Vince.BACKROOM\Desktop\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
Post by: guestolo on February 15, 2007, 12:25:40 AM
One more round of fixes
Can you delete the log from Dr.Web and delete Dr.Web.cureit.exe on desktop
Redownload Dr.Web Cureit from the link
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")
Save too desktop
We'll need it again, and it always updates
Your version of Iexplore.exe and sfc_os.dll are infected
From the bottom of this reply box I've uploaded a file called Backup.zip
Which includes a clean file of both
NOTE: Iexplore.exe is the correct version for IE6 sp2, not to be used with IE7
There is also a version for IE7 but you won't need it
Extract the Backup folder too desktop for now
Note: you may have to be logged into the forum to properly download the file
Can you Print these instructions or save them too a text file on desktop
[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.6 MB).
- Close any programs you may have running - especially any web browsers.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Right Click on MyComputer icon and left click Properties
Click the Hardware tab>>Device Manager
In Device Manager click on VIEW>>Show Hidden Devices
Expand (+) on "Non Plug and Play Drivers" in the list
Look for "Input and output operations"
Right click on it and choose UNINSTALL
Don't reboot when done but exit Device Manager
Open SrEng.exe
Click on the BOOT ITEMS button
Select SERVICES tab
Select Drivers button
Let it scan, when it's done, look thru the list
left click to Highlight
"Input and output operations"
Select Delete Service radio button then choose SET
Click NO to delete the Service
Don't reboot yet if prompted
Close the Drivers box
and click to open the "Win32 Services" button
Let it finish it's scan
Hightlight the next entry
ISEXEng / ISEXEng
Select the Delete Service radio button>>choose SET
Click No to the prompt
Again don't reboot
Do the same for
mstlsapi / mstlsapi
This time
Allow the computer to
Reboot into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the top of the screen that appears.
Sign in with your normal user account
In Safe mode
Find and delete these files if they exist
C:\WINNT\System32\angelex.exe <-file
C:\WINNT\mstlsapi.exe <-file
C:\WINNT\system32\pjuxptvk.dll <-file
C:\WINNT\system32\uqkyekfb.dll <-file
C:\WINNT\system32\wsdgotag.dll <-file
C:\WINNT\system32\gjtxqeqm.dll <-file
Some, or all of the above files may not exist, but take a look
Still in safe mode
Open SrEng.exe again
This time click the System Repair button
Then choose "Browser Addon" tab
Use your mouse and expand CLSID 1 so you read the entire entry
Left click to Highlight then Delete Selected all the following
{013A653B-49A6-4F76-8B68-E4875EA6BA54}
{1DAEFCB9-06C8-47C6-8F20-3FB54B244DAA}
{7DA39570-5FD2-4F18-94B4-20730CB3F727}
{849B9523-785F-4014-9CAF-079FB4A74C61}
Exit SrEng.exe afterwards, but remain in safe mode
Open the BACKUP folder on desktop you extracted earlier
Right click on iexplore.exe and choose COPY
Navigate to the following folders and PASTE a copy of iexplore.exe in each
C:\WINNT\System32\dllcache
C:\Program Files\Internet Explorer <-allow to overwrite if prompted
Back in the BACKUP folder
Right click on sfc_os.dll and choose COPY
Navigate to the following folder and choose PASTE
C:\WINNT\System32 <-allow to overwrite if prompted
Dr.Web CureIt
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
- Back at the main window, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found: (http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif)
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
(http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif)
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. - After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer back to Normal Windows!!
After Java is installed
Can you again do the following
Vundofix
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
Back in Windows
Can you post all the following please, hopefully this is the last round of many logs
1. Post a fresh hijackthis log
2. Post the new report from Dr. Web cureit
3. Can you run another Smart Scan with SrEng.exe and post it's new log
4. Can you reopen Hijackthis
Open the MISC TOOLS SECTION
Open ADS SPY...
UNCHECK "Quick Scan"
Then click the SCAN button, when it's done, save the log and post it back here please if not empty
Post by: resevil83 on February 19, 2007, 02:21:44 AM
Scan saved at 1:20:12 AM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
Post by: resevil83 on February 19, 2007, 02:23:03 AM
winjok.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.DownLoader.18451;Deleted.;
monterreya_unknown.exe;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Trojan.Durvil;Deleted.;
~ds39990.tmp;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Trojan.Durvil;Deleted.;
Process.exe;C:\Program Files\HaxFix;Tool.Prockill;Incurable.Moved.;
A0649215.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.Spysheriff;Incurable.Moved.;
A0651319.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652326.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652327.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652328.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652342.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652343.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652377.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652378.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652381.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652401.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652402.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652403.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652410.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0655169.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655213.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655214.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655216.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655223.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655244.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.18451;Deleted.;
A0655282.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655358.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.18451;Deleted.;
A0655558.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.14427;Deleted.;
A0655559.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Click.1166;Deleted.;
A0655560.exe:umclwx;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655561.exe:mmnyqa;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655562.ini:rgnrm;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655563.exe:ugzpr;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Sip;Deleted.;
A0655564.exe:nhkul;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655565.dll:dadsqe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655566.exe:obwfkg;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655567.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655568.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655569.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655570.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655571.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655572.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655573.exe:oyxso;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655574.ini:kuiff;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655575.ini:ggcid;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655576.ini:appvi;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655577.INI:jxirm;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655578.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Generic.1372;Deleted.;
A0655579.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.14767;Deleted.;
A0655580.exe:auxoq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655581.exe:evkvhm;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655582.dll:dmszm;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655583.exe:qpcnsc;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655584.dll:frbvo;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655585.exe:cxynan;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655586.exe:cxynan;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655586.exe:xgece;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1457;Deleted.;
A0655587.exe:cxynan;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655588.exe:oepfd;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655589.ini:azphn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655590.exe:hfilf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655591.exe:hfilf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655592.exe:duxnpq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655593.exe:duxnpq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655594.exe:tnseqv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655595.exe:tnseqv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655596.exe:tnseqv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655597.exe:kfimp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655598.INI:maxce;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655598.INI:sbrdw;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655599.exe:ngmjd;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1029;Deleted.;
A0655600.INI:lfxbg;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655601.OLD:ikjwj;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655602.exe:wtnpf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655603.dll:lrtwyv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655604.exe:rugiv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655605.dll:waiys;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1029;Deleted.;
A0655606.INI:jpvfy;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655607.old:ckbmm;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1101;Deleted.;
A0655608.dll:bsznx;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655608.dll:funsz;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1029;Deleted.;
A0655608.dll:wyauw;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1029;Deleted.;
A0655609.INI:ztflz;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655610.ico:qnqlv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655611.exe:fgqkq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655612.sys:busvk;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1029;Deleted.;
A0655613.sys:xppls;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655614.ini:caupl;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655615.exe:zukiux;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655616.exe:zukiux;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655617.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spybi;Deleted.;
A0655618.exe:qttjl;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655619.bat:rsjvl;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655620.dll:adwmp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655621.dll:adwmp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655622.dll:adwmp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655623.dll:adwmp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655624.dll:adwmp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655625.dll:dlxol;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655626.dll:dlxol;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655627.dll:dlxol;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655628.dll:dlxol;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655629.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655629.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655629.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655630.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655630.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655630.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655631.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655631.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655631.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655632.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655632.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655632.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655633.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655633.exe:mbsubu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655633.exe:sunyq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655634.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655634.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655634.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655635.exe:lgjqq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655635.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655635.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655636.exe:dbxwfo;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655637.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Click.1166;Deleted.;
A0655638.cfg:vnkji;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655639.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655640.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655641.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655642.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655643.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655644.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655645.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Generic.1372;Deleted.;
A0655646.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655647.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655648.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655649.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655650.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655651.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655652.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655653.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655654.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655655.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655656.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655657.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655658.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655659.ini:audqv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655660.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655661.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655662.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655663.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655664.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655665.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655666.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655667.exe:slosnh;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655668.exe:slosnh;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655669.exe:slosnh;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655670.bat:hwihc;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655671.bat:hwihc;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655672.bat:hwihc;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655673.bat:hwihc;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655674.dll:yujzl;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655675.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655675.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655676.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655676.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655677.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655677.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655678.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655678.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655679.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655679.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655680.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655680.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655681.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655681.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655682.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655682.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655683.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655683.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655684.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655684.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655685.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655685.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655686.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655686.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655687.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655687.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655688.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655688.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655689.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655689.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655690.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655690.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655691.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655691.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655692.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655692.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655693.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655693.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655694.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655694.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655695.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655695.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655696.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655696.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655697.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655697.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655698.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655698.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655699.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655699.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655700.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655700.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655701.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655701.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655702.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655702.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655703.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655703.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655704.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655705.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655705.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655706.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655706.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655707.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655707.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655708.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655708.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655709.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655709.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655710.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655710.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655711.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655712.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spambot;Deleted.;
A0655713.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spambot;Deleted.;
A0655714.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spambot;Deleted.;
A0655715.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spambot;Deleted.;
A0655716.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spambot;Deleted.;
A0655717.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655718.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.14427;Deleted.;
A0655719.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.PurityAd;Deleted.;
A0655720.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655721.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655722.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655723.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655724.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.AproposAd;Deleted.;
A0655725.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Ykemi;Incurable.Moved.;
A0655726.EXE;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.NewDotNet;Incurable.Moved.;
A0655727.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Ykemi;Incurable.Moved.;
A0655728.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Tool.Prockill;Incurable.Moved.;
A0655729.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Tool.ShutDown.11;Incurable.Moved.;
A0655730.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Broadcap;Incurable.Moved.;
A0655731.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Broadcap;Incurable.Moved.;
A0655732.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Broadcap;Incurable.Moved.;
A0655733.cfg;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Broadcap;Incurable.Moved.;
A0655734.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Broadcap;Incurable.Moved.;
A0655735.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Apropos;Incurable.Moved.;
A0655736.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Apropos;Incurable.Moved.;
A0655737.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Apropos;Incurable.Moved.;
A0655738.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655739.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655740.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655741.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655742.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655743.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655744.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655745.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655746.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655747.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655748.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655749.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655750.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655751.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655752.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655753.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655754.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655755.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655756.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655757.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655758.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MyWay;Incurable.Moved.;
A0655759.EXE;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MyWay;Incurable.Moved.;
A0655760.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MyWay;Incurable.Moved.;
A0655761.EXE;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655762.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MWS;Incurable.Moved.;
A0655763.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655764.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MWS;Incurable.Moved.;
A0655765.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655766.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655767.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MWS;Incurable.Moved.;
A0655768.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655769.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655770.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655771.EXE;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655772.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MWS;Incurable.Moved.;
A0655773.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Zango;Incurable.Moved.;
A0655774.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Tool.Prockill;Incurable.Moved.;
A0655775.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.nCase;Incurable.Moved.;
A0655776.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655777.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655778.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655779.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MediaTicket;Incurable.Moved.;
A0655780.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.NewDotNet;Incurable.Moved.;
A0655781.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.NewDotNet;Incurable.Moved.;
A0655782.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655783.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655784.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655785.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655786.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Adpower;Incurable.Moved.;
A0655787.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655788.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655789.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655790.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655791.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655792.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.ZenoSearch;Incurable.Moved.;
A0655793.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Tool.Prockill;Incurable.Moved.;
A0655794.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.ZenoSearch;Incurable.Moved.;
A0655795.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.ZenoSearch;Incurable.Moved.;
A0655796.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.ZenoSearch;Incurable.Moved.;
A0655797.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655798.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655799.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Adlogix;Incurable.Moved.;
A0655801.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0656880.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Adware.TopSearch;Incurable.Moved.;
A0656888.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Trojan.Virtumod;Deleted.;
A0656890.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Adware.TopSearch;Incurable.Moved.;
A0656898.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Adware.TopSearch;Incurable.Moved.;
A0656900.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Trojan.Virtumod;Deleted.;
A0656902.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Adware.TopSearch;Incurable.Moved.;
A0656903.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Trojan.Virtumod;Deleted.;
A0656904.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Adware.TopSearch;Incurable.Moved.;
A0658036.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP897;Trojan.Sklog;Deleted.;
A0658037.sys;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP897;Trojan.Sklog;Deleted.;
enylwpnk.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
iyfatcyr.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Moved.;
mxlyss.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
rqrroll.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
yflmiedu.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Moved.;
yiqviesi.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Moved.;
cdPlayer.ini:mjopy;C:\WINNT;Trojan.Feat.2;Deleted.;
Coffee Bean.bmp:rgbfh;C:\WINNT;Trojan.DownLoader.568;Deleted.;
DHCPUPG.LOG:yxqvpx;C:\WINNT;BackDoor.Netag;Deleted.;
FaxSetup.log:lwbtn;C:\WINNT;Trojan.DownLoader.568;Deleted.;
fcuaf.dat:enfvx;C:\WINNT;Trojan.Feat.2;Deleted.;
gftgk.dat:sackje;C:\WINNT;BackDoor.Netag;Deleted.;
ieuninst.exe:gcaua;C:\WINNT;Trojan.Feat.2;Deleted.;
iimvz.dat:szdrz;C:\WINNT;Trojan.DownLoader.568;Deleted.;
KB282010.log:kfgkp;C:\WINNT;Trojan.Feat.2;Deleted.;
KB821557.log:flwmz;C:\WINNT;Trojan.DownLoader.568;Deleted.;
KB822603.log:cfrpr;C:\WINNT;Trojan.DownLoader.530;Deleted.;
KB842773.log:xsddaf;C:\WINNT;Trojan.StartPage.563;Deleted.;
lndpd.dat:rwvfu;C:\WINNT;Trojan.Feat.2;Deleted.;
mscr(2).exe:oepfd;C:\WINNT;Trojan.Feat.2;Deleted.;
mscr(3).exe:oepfd;C:\WINNT;Trojan.Feat.2;Deleted.;
mscr(4).exe:oepfd;C:\WINNT;Trojan.Feat.2;Deleted.;
msdfmap.ini:qgwhy;C:\WINNT;BackDoor.Netag;Deleted.;
msdp(2).exe:tzvdcd;C:\WINNT;Trojan.StartPage.563;Deleted.;
mxqrg.dat:nlste;C:\WINNT;Trojan.Feat.2;Deleted.;
ocgen.log:ycllv;C:\WINNT;Trojan.Feat.2;Deleted.;
ODBCINST.INI:pfhkn;C:\WINNT;Trojan.DownLoader.568;Deleted.;
ogrri.dat:fbqiy;C:\WINNT;Trojan.DownLoader.530;Deleted.;
Prairie Wind.bmp:xffdp;C:\WINNT;Trojan.Feat.2;Deleted.;
Q323255.log:reqiv;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q327979.log:pgxij;C:\WINNT;Trojan.DownLoader.530;Deleted.;
Q329115.log:wnlvc;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q329441.log:fofyo;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q331958.log:crodu;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q810243.log:mfxtx;C:\WINNT;Trojan.Feat.2;Deleted.;
Q810577.log:mnoir;C:\WINNT;Trojan.Feat.2;Deleted.;
Q810833.log:vhvjn;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q811493.log:oefon;C:\WINNT;Trojan.Feat.2;Deleted.;
Q811630.log:fztmf;C:\WINNT;Trojan.Feat.2;Deleted.;
Q814033.log:mjkkz;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q814696.log:xgiet;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q814995.log:ntdgh;C:\WINNT;Trojan.Feat.2;Deleted.;
Q817287.log:hlgzv;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q819696.log:wjmnv;C:\WINNT;Trojan.DownLoader.568;Deleted.;
rqnti.dat:dagbm;C:\WINNT;Trojan.Feat.2;Deleted.;
SchedLgU.Txt:fwreb;C:\WINNT;Trojan.Feat.2;Deleted.;
setupact.log:owidb;C:\WINNT;Trojan.Feat.2;Deleted.;
setuplog.txt:hxtqv;C:\WINNT;Trojan.DownLoader.568;Deleted.;
slcplappl.ico:ttven;C:\WINNT;Trojan.DownLoader.568;Deleted.;
SmCfg.exe:qfugm;C:\WINNT;Trojan.DownLoader.568;Deleted.;
smdat32a.sys:eavbn;C:\WINNT;Trojan.DownLoader.568;Deleted.;
smscfg.ini:xhbpk;C:\WINNT;Trojan.DownLoader.530;Deleted.;
Soap Bubbles.bmp:yzgar;C:\WINNT;Trojan.Feat.2;Deleted.;
SpyBlocs_IsFirstTime.txt:mtnuo;C:\WINNT;Trojan.DownLoader.530;Deleted.;
Sti_Trace.log:obnjg;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twain_32(2).dll:gmkuzw;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
twain_32(3).dll:gmkuzw;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
twain_32(4).dll:gmkuzw;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
twain_32(5).dll:gmkuzw;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
twunk_16(2).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(3).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(4).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(5).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(6).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(6).exe:vmpun;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(7).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16.exe:sunyq;C:\WINNT;Trojan.Feat.2;Deleted.;
twunk_32(2).exe:grupmz;C:\WINNT;Trojan.StartPage.563;Deleted.;
ujqrh.dat:nwmmg;C:\WINNT;Trojan.Feat.2;Deleted.;
UNNeroBurnRights.cfg:yuodc;C:\WINNT;Trojan.DownLoader.530;Deleted.;
wiaservc.log:pwgsi;C:\WINNT;Trojan.DownLoader.530;Deleted.;
wininit.ini:gliiz;C:\WINNT;Trojan.Feat.2;Deleted.;
winnt.bmp:qmbnt;C:\WINNT;Trojan.DownLoader.568;Deleted.;
winstart(2).bat:llhxhj;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
winstart(3).bat:llhxhj;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
winstart(4).bat:llhxhj;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
yohdo.dat:zljca;C:\WINNT;Trojan.DownLoader.568;Deleted.;
_default(10).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(11).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(12).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(13).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(14).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(15).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(16).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(17).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(18).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(19).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(20).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(21).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(22).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(23).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(24).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(25).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(26).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(27).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(28).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(29).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(3).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(30).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(31).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(32).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(33).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(34).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(35).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(37).pif:wnvjb;C:\WINNT;Trojan.DownLoader.530;Deleted.;
_default(4).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(5).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(6).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(7).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(8).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(9).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default.pif:zwypt;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
explorer.exe:kjhwx;C:\WINNT\$NtServicePackUninstall$;Trojan.Feat.2;Deleted.;
slrundll.exe:xksrl;C:\WINNT\$NtServicePackUninstall$;Trojan.DownLoader.568;Deleted.;
ntio256.sys.ren;C:\WINNT\system32;Trojan.Sklog;Deleted.;
process.exe;C:\WINNT\system32;Tool.Prockill;Incurable.Moved.;
protector.exe.ren;C:\WINNT\system32;Trojan.Sklog;Deleted.;
Post by: resevil83 on February 19, 2007, 02:25:00 AM
Code: [Select]
2007-02-19,01:23:04
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IgfxTray><C:\WINNT\System32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINNT\System32\hkcmd.exe> [(Verified)Intel Corporation]
<NeroCheck><C:\WINNT\System32\NeroCheck.exe> [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}><> [N/A]
==================================
Startup Folders
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MI1933~1\Office10\OSA.EXE [Microsoft Corporation]><N>
==================================
Services
[ANIWZCSd Service / ANIWZCSdService][Stopped/Auto Start]
<C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe><Alpha Networks Inc.>
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe><GRISOFT, s.r.o.>
[Creative Service for CDROM Access / Creative Service for CDROM Access][Running/Auto Start]
<C:\WINNT\system32\CTsvcCDA.EXE><Creative Technology Ltd>
[iPod Service / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Intel NCS NetService / NetSvc][Stopped/Manual Start]
<C:\Program Files\Intel\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[Windows Media Connect (WMC) / WmcCds][Stopped/Manual Start]
<c:\program files\windows media connect\mswmccds.exe><Microsoft Corporation>
[Windows Media Connect (WMC) Helper / WmcCdsLs][Stopped/Manual Start]
<C:\Program Files\Windows Media Connect\mswmcls.exe><Microsoft Corporation>
==================================
Drivers
[D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) / A3AB][Running/Manual Start]
<system32\DRIVERS\A3AB.sys><D-Link Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ANIO Service / ANIO][Running/Auto Start]
<\??\C:\WINNT\system32\ANIO.SYS><Alpha Networks Inc.>
[AVG7 Kernel / Avg7Core][Running/System Start]
<\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW][Running/System Start]
<\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP][Running/System Start]
<\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG Network Redirector / AvgTdi][Running/Auto Start]
<\??\C:\WINNT\System32\Drivers\avgtdi.sys><GRISOFT, s.r.o.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<System32\DRIVERS\e100b325.sys><Intel Corporation>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[HPFECP06 / HPFECP06][Running/Auto Start]
<\SystemRoot\System32\drivers\HPFECP06.SYS><N/A>
[ialm / ialm][Running/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel Integrated RAID / iaStor][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\iaStor.sys><Intel Corporation>
[IntelC51 / IntelC51][Running/Manual Start]
<System32\DRIVERS\IntelC51.sys><Intel Corporation>
[IntelC52 / IntelC52][Running/Manual Start]
<System32\DRIVERS\IntelC52.sys><Intel Corporation>
[IntelC53 / IntelC53][Running/Manual Start]
<System32\DRIVERS\IntelC53.sys><Intel Corporation>
[mohfilt / mohfilt][Running/Manual Start]
<System32\DRIVERS\mohfilt.sys><Intel Corporation>
[Mtlmnt5 / Mtlmnt5][Stopped/Manual Start]
<System32\DRIVERS\Mtlmnt5.sys><Smart Link>
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
<System32\DRIVERS\Mtlstrm.sys><Smart Link>
[NtMtlFax / NtMtlFax][Stopped/Manual Start]
<System32\DRIVERS\NtMtlFax.sys><Smart Link>
[nv / nv][Stopped/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PfModNT / PfModNT][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\PfModNT.sys><Creative Technology Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RecAgent / RecAgent][Stopped/Manual Start]
<\??\C:\WINNT\System32\DRIVERS\RecAgent.sys><Smart Link>
[Secdrv / Secdrv][Running/Auto Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SmartLink AMR_PCI Driver / Slntamr][Stopped/Manual Start]
<System32\DRIVERS\slntamr.sys><Smart Link>
[SlNtHal / SlNtHal][Stopped/Manual Start]
<System32\DRIVERS\Slnthal.sys><Smart Link>
[SlWdmSup / SlWdmSup][Stopped/Manual Start]
<System32\DRIVERS\SlWdmSup.sys><Vireo Software>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
<System32\DRIVERS\wanatw4.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>
==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[AOL Toolbar Launcher]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[Java Plug-in 1.6.0]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll, Sun Microsystems, Inc.>
[AOL Toolbar]
{3369AF0D-62E9-4bda-8103-B4C75499B578} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[AIM]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:\Program Files\AIM\aim.exe, America Online, Inc.>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINNT\System32\Shdocvw.dll, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[HouseCall Control]
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} <C:\WINNT\DOWNLO~1\xscan60.ocx, Trend Micro Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINNT\System32\LegitCheckControl.DLL, Microsoft® Corporation>
[Java Plug-in 1.6.0]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll, Sun Microsystems, Inc.>
[compid Class]
{9A57B18E-2F5D-11D5-8997-00104BD12D94} <C:\WINNT\Downloaded Program Files\gwCID.dll, PC Pitstop LLC>
[Java Plug-in 1.6.0]
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\System32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINNT\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AOL Toolbar Launcher]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINNT\System32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINNT\System32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[AOL Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[]
{F18F04B0-9CF1-4B93-B004-77A288BEE28B} <C:\WINNT\system32\rtacltit.dll, N/A>
[&AOL Toolbar Search]
<c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html, N/A>
==================================
Running Processes
[PID: 644][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1152][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1332][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1572][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINNT\system32\HPFlpm06.dll] [N/A, N/A]
[C:\WINNT\system32\HPFCOM06.DLL] [N/A, N/A]
[C:\WINNT\system32\HPFIOP06.DLL] [N/A, N/A]
[C:\WINNT\system32\HPFMLC06.dll] [N/A, N/A]
[C:\WINNT\system32\HPFMEM06.dll] [N/A, N/A]
[PID: 1796][C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe] [GRISOFT, s.r.o., 7,1,0,365]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7,1,0,321]
[C:\Program Files\Grisoft\AVG Free\avglng.dll] [GRISOFT, s.r.o., 7,1,0,349]
[PID: 1812][C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe] [GRISOFT, s.r.o., 7,1,0,349]
[PID: 1864][C:\WINNT\system32\CTsvcCDA.EXE] [Creative Technology Ltd, 1.0.1.0]
[PID: 260][C:\WINNT\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 628][C:\WINNT\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 1312][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINNT\System32\igfxpph.dll] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\hccutils.DLL] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxdev.dll] [Intel Corporation, 3.0.0.2209]
[PID: 1524][C:\WINNT\System32\hkcmd.exe] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\hccutils.DLL] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxdev.dll] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxhk.dll] [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxres.dll] [Intel Corporation, 3.0.0.2209]
[PID: 1648][C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe] [GRISOFT, s.r.o., 7,1,0,371]
[C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7,1,0,321]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avglng.dll] [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgscan.dll] [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgunarc.dll] [GRISOFT, s.r.o., 7,1,0,381]
[C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll] [GRISOFT, s.r.o., 7,1,0,300]
[C:\Program Files\Grisoft\AVG Free\avgmail.dll] [GRISOFT, s.r.o., 7,1,0,358]
[PID: 1736][C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe] [D-Link, 3, 3, 1, 50324]
[C:\WINNT\system32\wlanapi.dll] [Alpha Networks Inc., 1, 3, 19, 50222]
[C:\WINNT\system32\ANIOApi.dll] [Alpha Networks Inc., 2, 0, 0, 40127]
[C:\WINNT\system32\AQCKGen.dll] [Alpha Networks Inc., 1, 0, 0, 30603]
[C:\WINNT\system32\WlanApp.dll] [Alpha Networks Inc., 1, 0, 10, 50316]
[PID: 1992][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 7.0.2.16]
[PID: 148][C:\Program Files\Java\jre1.6.0\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.0.105]
[PID: 244][C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe] [Adobe Systems Incorporated, 7.0.0.0]
[PID: 2024][C:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 7.0.2.16]
[PID: 2536][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla, 1.0.7]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll] [N/A, N/A]
[C:\Program Files\Mozilla Firefox\components\qfaservices.dll] [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\components\FULLSOFT.DLL] [Full Circle Software, Inc., 2.2.unofficial]
[C:\Program Files\Java\jre1.6.0\bin\npoji610.dll] [Sun Microsystems, Inc., 6.0.0.105]
[C:\Program Files\Java\jre1.6.0\bin\jpioji.dll] [Sun Microsystems, Inc., 6.0.0.105]
[C:\Program Files\Java\jre1.6.0\bin\jpinscp.dll] [Sun Microsystems, Inc., 6.0.0.105]
[C:\Program Files\Java\jre1.6.0\bin\jpishare.dll] [Sun Microsystems, Inc., 6.0.0.105]
[C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.7.12: 2005091517]
[C:\PROGRA~1\MOZILL~1\nssckbi.dll] [Netscape Communications Corporation, 1.42]
[PID: 1404][C:\WINNT\system32\msiexec.exe] [Microsoft Corporation, 3.1.4000.1823]
[PID: 3472][C:\Documents and Settings\Vince.BACKROOM\Desktop\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
Post by: resevil83 on February 19, 2007, 02:33:25 AM
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655567.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655568.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655569.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655570.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655571.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655572.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655574.ini : mjopy (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655574.ini : qiuqc (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655575.ini : xbfrv (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655575.ini : yixir (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655580.exe : gcaua (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655580.exe : kppcb (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655584.dll : tuwqy (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655585.exe : azlyab (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655585.exe : oepfd (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655586.exe : oepfd (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655587.exe : oepfd (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655589.ini : qgwhy (12043 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655590.exe : tzvdcd (66560 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655598.INI : gmuxs (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655598.INI : pfhkn (26624 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655600.INI : fegqo (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655601.OLD : slzvn (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655602.exe : caryg (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655602.exe : ovjwz (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655603.dll : jpijq (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655603.dll : nbkda (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655604.exe : bqtok (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655604.exe : hsvbx (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655606.INI : bqsju (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655606.INI : lgoqz (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655606.INI : qvgbz (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655608.dll : bwjun (3362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655608.dll : dmiof (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655608.dll : tqdxo (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655609.INI : pkmvx (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655609.INI : wiriv (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655610.ico : ttven (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655611.exe : qfugm (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655611.exe : zgeme (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655612.sys : eavbn (26624 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655612.sys : xjprx (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655613.sys : jgswc (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655614.ini : xhbpk (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655618.exe : gmnku (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655620.dll : gmyvs (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655620.dll : rphrwz (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655621.dll : gmyvs (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655621.dll : rphrwz (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655622.dll : gmyvs (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655622.dll : rphrwz (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655623.dll : gmyvs (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655623.dll : mlcfx (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655623.dll : rphrwz (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655624.dll : gmyvs (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655625.dll : gmkuzw (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655625.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655626.dll : gmkuzw (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655626.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655627.dll : gmkuzw (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655627.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655628.dll : gmkuzw (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655628.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655629.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655629.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655630.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655630.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655630.exe : uaapzr (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655631.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655631.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655632.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655632.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655633.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655633.exe : sehrs (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655633.exe : vmpun (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655634.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655634.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655635.exe : sbnmbe (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655635.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655636.exe : grupmz (66560 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655636.exe : ohshd (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655636.exe : qluzd (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655638.cfg : rnlcsx (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655638.cfg : yuodc (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655639.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655639.ini : ryeaqz (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655640.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655641.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655642.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655643.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655644.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655646.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655647.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655648.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655649.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655650.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655651.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655659.ini : gliiz (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655670.bat : llhxhj (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655671.bat : llhxhj (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655672.bat : llhxhj (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655674.dll : obobw (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655675.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655676.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655677.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655678.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655679.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655680.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655681.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655682.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655683.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655684.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655685.pif : pjvze (102697 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655686.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655687.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655688.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655689.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655690.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655691.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655692.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655693.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655694.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655695.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655696.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655697.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655698.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655699.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655700.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655701.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655702.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655703.pif : pjvze (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655704.pif : wnvjb (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655705.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655706.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655707.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655708.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655709.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655710.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655711.pif : nrwyg (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655711.pif : zwypt (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667272.ini : mjopy (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667272.ini : qiuqc (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667273.exe : gcaua (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667273.exe : kppcb (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667274.exe : azlyab (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667274.exe : oepfd (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667275.exe : oepfd (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667276.exe : oepfd (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667277.ini : qgwhy (12043 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667278.exe : tzvdcd (66560 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667279.INI : gmuxs (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667279.INI : pfhkn (26624 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667280.ico : ttven (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667281.exe : qfugm (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667281.exe : zgeme (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667282.sys : eavbn (26624 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667282.sys : xjprx (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667283.ini : xhbpk (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667284.dll : gmkuzw (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667284.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667285.dll : gmkuzw (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667285.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667286.dll : gmkuzw (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667286.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667287.dll : gmkuzw (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667287.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667288.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667288.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667289.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667289.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667289.exe : uaapzr (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667290.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667290.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667291.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667291.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667292.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667292.exe : sehrs (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667292.exe : vmpun (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667293.exe : lgjqq (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667293.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667294.exe : sbnmbe (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667294.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667295.exe : grupmz (66560 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667295.exe : ohshd (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667295.exe : qluzd (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667296.cfg : rnlcsx (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667296.cfg : yuodc (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667297.ini : gliiz (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667298.bat : llhxhj (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667299.bat : llhxhj (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667300.bat : llhxhj (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667301.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667302.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667303.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667304.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667305.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667306.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667307.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667308.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667309.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667310.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667311.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667312.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667313.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667314.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667315.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667316.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667317.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667318.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667319.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667320.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667321.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667322.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667323.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667324.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667325.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667326.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667327.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667328.pif : wnvjb (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667329.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667330.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667331.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667332.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667333.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667334.pif : pjvze (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667335.pif : nrwyg (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667335.pif : zwypt (96362 bytes)
C:\WINNT\$NtServicePackUninstall$\slrundll.exe : eqfed (11591 bytes)
C:\WINNT\$NtServicePackUninstall$\twain_32.dll : jojhk (56832 bytes)
C:\WINNT\addvl32.dll : evlei (11388 bytes)
C:\WINNT\addvl32.dll : failv (11591 bytes)
C:\WINNT\appxu(2).exe : wowyqt (3567 bytes)
C:\WINNT\appxu(3).exe : wowyqt (3567 bytes)
C:\WINNT\appxu(4).exe : wowyqt (3567 bytes)
C:\WINNT\appxu(5).exe : wowyqt (3567 bytes)
C:\WINNT\appxu(6).exe : wowyqt (3567 bytes)
C:\WINNT\appxu(7).exe : wowyqt (3567 bytes)
C:\WINNT\atid.ini : cpsln (56320 bytes)
C:\WINNT\atlyr.exe : ufbxb (11591 bytes)
C:\WINNT\bootstat.dat : iiqau (56320 bytes)
C:\WINNT\cdPlayer.ini : qiuqc (56320 bytes)
C:\WINNT\clock.avi : eavlt (11591 bytes)
C:\WINNT\Coffee Bean.bmp : gheux (11591 bytes)
C:\WINNT\control.ini : xbfrv (11388 bytes)
C:\WINNT\control.ini : yixir (11388 bytes)
C:\WINNT\creb.dll : puyep (11388 bytes)
C:\WINNT\d3jg(2).exe : kxznra (3567 bytes)
C:\WINNT\d3nz32.exe : kzqtsk (11736 bytes)
C:\WINNT\DHCPUPG.LOG : ntvji (0 bytes)
C:\WINNT\DtcInstall.log : bcvwgz (7473 bytes)
C:\WINNT\DtcInstall.log : cbwuz (11388 bytes)
C:\WINNT\enhtb(2).dll : ibhwtm (11736 bytes)
C:\WINNT\enhtb(3).dll : ibhwtm (11736 bytes)
C:\WINNT\evnso.dat : mqfkr (56832 bytes)
C:\WINNT\ewqeb.dat : gcvzy (56320 bytes)
C:\WINNT\explorer.scf : qqqkpo (11736 bytes)
C:\WINNT\FaxSetup.log : usmigl (66560 bytes)
C:\WINNT\FinalAlert2.ini : gfstl (11591 bytes)
C:\WINNT\Gone Fishing.bmp : ljiee (11388 bytes)
C:\WINNT\Gone Fishing.bmp : mvvtw (56832 bytes)
C:\WINNT\Greenstone.bmp : ngdhx (11388 bytes)
C:\WINNT\ieuninst.exe : kppcb (11388 bytes)
C:\WINNT\iimvz.dat : yohyk (10626 bytes)
C:\WINNT\iis6.log : ntvvvb (800 bytes)
C:\WINNT\Instcomp.lyt : fuoaxl (800 bytes)
C:\WINNT\jatym.dat : zhdtaq (3567 bytes)
C:\WINNT\javadh.exe : azlfc (11591 bytes)
C:\WINNT\KB821187.log : hyhkh (11591 bytes)
C:\WINNT\KB821187.log : yiyms (11591 bytes)
C:\WINNT\KB821187.log : zodoc (11388 bytes)
C:\WINNT\KB821557.log : cyhfkh (11736 bytes)
C:\WINNT\KB821557.log : hnncgb (3547 bytes)
C:\WINNT\KB824146.log : qjrrm (7305 bytes)
C:\WINNT\KB824146.log : zyzpk (11591 bytes)
C:\WINNT\KB828741.log : uzssmk (13874 bytes)
C:\WINNT\KB828741.log : zofiid (68096 bytes)
C:\WINNT\KB835732.log : jjbfg (3347 bytes)
C:\WINNT\KB840987.log : nrkxgu (3567 bytes)
C:\WINNT\KB873333.log : uznaki (11736 bytes)
C:\WINNT\KB885835.log : maygnt (7473 bytes)
C:\WINNT\KB888302.log : fbrthd (3567 bytes)
C:\WINNT\macromix.dll : tuwqy (11388 bytes)
C:\WINNT\mfcdf32.exe : fqemfh (800 bytes)
C:\WINNT\mfcqt32.exe : ntpcj (11388 bytes)
C:\WINNT\msaq32(2).exe : iyskfq (7473 bytes)
C:\WINNT\mscr(2).exe : azlyab (3567 bytes)
C:\WINNT\msgsocm.log : feeent (7473 bytes)
C:\WINNT\msna.dll : kzdjw (11591 bytes)
C:\WINNT\msna.dll : mnldc (11591 bytes)
C:\WINNT\msoffice.ini : eovje (11591 bytes)
C:\WINNT\msuz.exe : xpowz (3347 bytes)
C:\WINNT\msym.exe : ppgbb (56320 bytes)
C:\WINNT\mxqrg.dat : uplgj (11591 bytes)
C:\WINNT\mxqrg.dat : ygelam (3567 bytes)
C:\WINNT\ntaf.dll : qoglu (11591 bytes)
C:\WINNT\nurtq.dat : bguui (11591 bytes)
C:\WINNT\n_gekqpb.dat : eaqsy (56832 bytes)
C:\WINNT\n_gekqpb.dat : ltxkk (56832 bytes)
C:\WINNT\n_gekqpb.dat : yqslt (11591 bytes)
C:\WINNT\n_ohjnir.txt : wjiuns (800 bytes)
C:\WINNT\n_ygelam.dat : ydqgpq (7473 bytes)
C:\WINNT\ocgen.log : olkkx (11591 bytes)
C:\WINNT\ODBCINST.INI : gmuxs (11591 bytes)
C:\WINNT\OEWABLog.txt : zmncu (11591 bytes)
C:\WINNT\ofwei.dat : twzlg (11591 bytes)
C:\WINNT\ogrri.dat : pfmzp (11591 bytes)
C:\WINNT\ogrri.dat : rnfho (56832 bytes)
C:\WINNT\ogrri.dat : zvdly (56832 bytes)
C:\WINNT\oobeact.log : dvxgg (11388 bytes)
C:\WINNT\orun32.ini : vvqla (11388 bytes)
C:\WINNT\owdoq.dat : szixf (56832 bytes)
C:\WINNT\Prairie Wind.bmp : zihzq (11591 bytes)
C:\WINNT\Q327979.log : qalhja (7473 bytes)
C:\WINNT\Q328310.log : cjsjm (56832 bytes)
C:\WINNT\Q329115.log : jaevdc (3567 bytes)
C:\WINNT\Q811493.log : yipuz (26624 bytes)
C:\WINNT\Q814995.log : rihhb (26992 bytes)
C:\WINNT\Q814995.log : vfkbk (11591 bytes)
C:\WINNT\Q817287.log : oydge (11388 bytes)
C:\WINNT\Q817357.log : ebrtec (11736 bytes)
C:\WINNT\Q817357.log : tqvqt (11591 bytes)
C:\WINNT\Q819636.log : bcksq (11591 bytes)
C:\WINNT\Q819636.log : gyntg (11388 bytes)
C:\WINNT\Q819636.log : opcyy (11591 bytes)
C:\WINNT\qavzl.dat : gpvds (11388 bytes)
C:\WINNT\qavzl.dat : uddxs (11388 bytes)
C:\WINNT\qbvjw.dat : rzgza (56320 bytes)
C:\WINNT\QUICKEN.INI : fegqo (56832 bytes)
C:\WINNT\REGLOCS.OLD : slzvn (56832 bytes)
C:\WINNT\River Sumida.bmp : ieneb (102697 bytes)
C:\WINNT\rqnti.dat : lugdc (11388 bytes)
C:\WINNT\ScUnin.exe : caryg (11591 bytes)
C:\WINNT\ScUnin.exe : ovjwz (56832 bytes)
C:\WINNT\sdkfj32(2).dll : jpijq (11591 bytes)
C:\WINNT\sdkfj32(2).dll : nbkda (11591 bytes)
C:\WINNT\sdkfj32.dll : jpijq (11591 bytes)
C:\WINNT\sdkfj32.dll : nbkda (11591 bytes)
C:\WINNT\sdkkm.exe : bqtok (11388 bytes)
C:\WINNT\sdkkm.exe : hsvbx (11591 bytes)
C:\WINNT\sdkok32.dll : ftvrc (56320 bytes)
C:\WINNT\Setup32.INI : bqsju (11591 bytes)
C:\WINNT\Setup32.INI : lgoqz (11591 bytes)
C:\WINNT\Setup32.INI : qvgbz (11591 bytes)
C:\WINNT\setupapi.log.0.old : iwqht (11591 bytes)
C:\WINNT\setuplog.txt : jcmyz (11591 bytes)
C:\WINNT\setuplog.txt : smgtu (56832 bytes)
C:\WINNT\shpbn.dll : bwjun (3362 bytes)
C:\WINNT\shpbn.dll : dmiof (11591 bytes)
C:\WINNT\shpbn.dll : tqdxo (11591 bytes)
C:\WINNT\SIERRA.INI : pkmvx (56832 bytes)
C:\WINNT\SIERRA.INI : wiriv (11591 bytes)
C:\WINNT\siwik.dat : bdeet (56832 bytes)
C:\WINNT\siwik.dat : uqyxv (11591 bytes)
C:\WINNT\sl.lng : byued (0 bytes)
C:\WINNT\sl.lng : gjknp (56832 bytes)
C:\WINNT\sl.lng : yfheg (11591 bytes)
C:\WINNT\slykm.dat : rgaja (11388 bytes)
C:\WINNT\SmCfg.exe : zgeme (56832 bytes)
C:\WINNT\smdat32a.sys : xjprx (11591 bytes)
C:\WINNT\smdat32m.sys : jgswc (11388 bytes)
C:\WINNT\Soap Bubbles.bmp : pkiwr (56832 bytes)
C:\WINNT\SpyBlocs_IsFirstTime.txt : xwoak (10626 bytes)
C:\WINNT\system.ini : kwuja (56832 bytes)
C:\WINNT\tgvjv.dat : bykya (11591 bytes)
C:\WINNT\tgvjv.dat : ckcxu (11591 bytes)
C:\WINNT\TLCUninstall.exe : gmnku (11591 bytes)
C:\WINNT\tmpdelis.bat : tyudc (11388 bytes)
C:\WINNT\tqdvm.log : mmxpfr (11736 bytes)
C:\WINNT\tslcr.log : dpzzvc (7473 bytes)
C:\WINNT\tsoc.log : fmpczc (13874 bytes)
C:\WINNT\twain(2).dll : gmyvs (55808 bytes)
C:\WINNT\twain(2).dll : rphrwz (11736 bytes)
C:\WINNT\twain(3).dll : gmyvs (55808 bytes)
C:\WINNT\twain(3).dll : rphrwz (11736 bytes)
C:\WINNT\twain(4).dll : gmyvs (55808 bytes)
C:\WINNT\twain(4).dll : rphrwz (11736 bytes)
C:\WINNT\twain(5).dll : gmyvs (55808 bytes)
C:\WINNT\twain(5).dll : mlcfx (0 bytes)
C:\WINNT\twain(5).dll : rphrwz (11736 bytes)
C:\WINNT\twain.dll : gmyvs (55808 bytes)
C:\WINNT\twain_32(2).dll : jojhk (56832 bytes)
C:\WINNT\twain_32(3).dll : jojhk (56832 bytes)
C:\WINNT\twain_32(4).dll : jojhk (56832 bytes)
C:\WINNT\twain_32(5).dll : jojhk (56832 bytes)
C:\WINNT\twdbl.dat : tvohk (11591 bytes)
C:\WINNT\twdbl.dat : wafwr (56832 bytes)
C:\WINNT\twdbl.dat : wgicj (11591 bytes)
C:\WINNT\twdbl.dat : xnahce (3567 bytes)
C:\WINNT\twunk_16(2).exe : sunyq (10626 bytes)
C:\WINNT\twunk_16(3).exe : sunyq (10626 bytes)
C:\WINNT\twunk_16(3).exe : uaapzr (3567 bytes)
C:\WINNT\twunk_16(4).exe : sunyq (10626 bytes)
C:\WINNT\twunk_16(5).exe : sunyq (10626 bytes)
C:\WINNT\twunk_16(6).exe : sehrs (27012 bytes)
C:\WINNT\twunk_16(7).exe : sunyq (10626 bytes)
C:\WINNT\twunk_16.exe : sbnmbe (800 bytes)
C:\WINNT\twunk_32(2).exe : ohshd (11388 bytes)
C:\WINNT\twunk_32(2).exe : qluzd (11591 bytes)
C:\WINNT\twunk_32.exe : ohshd (11388 bytes)
C:\WINNT\twunk_32.exe : qluzd (11591 bytes)
C:\WINNT\ujqrh.dat : ouhjec (800 bytes)
C:\WINNT\ujqrh.dat : pptjk (11591 bytes)
C:\WINNT\umclw.dat : ynsoym (800 bytes)
C:\WINNT\uninst.exe : arwtg (3063 bytes)
C:\WINNT\UNNeroBurnRights.cfg : rnlcsx (800 bytes)
C:\WINNT\UNNeroBurnRights.exe : wqoda (11591 bytes)
C:\WINNT\vb(2).ini : ldqxg (3063 bytes)
C:\WINNT\vb(2).ini : ryeaqz (800 bytes)
C:\WINNT\vb(3).ini : ldqxg (3063 bytes)
C:\WINNT\vb(4).ini : ldqxg (3063 bytes)
C:\WINNT\vb(5).ini : ldqxg (3063 bytes)
C:\WINNT\vb(6).ini : ldqxg (3063 bytes)
C:\WINNT\vb(7).ini : ldqxg (3063 bytes)
C:\WINNT\vb.ini : ldqxg (3063 bytes)
C:\WINNT\vbaddin.ini : czhtmu (800 bytes)
C:\WINNT\vsapi32.dll : usaygw (800 bytes)
C:\WINNT\winhelp(2).exe : egsqrg (3567 bytes)
C:\WINNT\winhelp(3).exe : egsqrg (3567 bytes)
C:\WINNT\winhelp(4).exe : egsqrg (3567 bytes)
C:\WINNT\winhelp(5).exe : egsqrg (3567 bytes)
C:\WINNT\winhelp(6).exe : egsqrg (3567 bytes)
C:\WINNT\winhelp(7).exe : egsqrg (3567 bytes)
C:\WINNT\WMSysPrx.prx : hcnsx (3063 bytes)
C:\WINNT\xvtja.dll : obobw (3063 bytes)
C:\WINNT\yohdo.dat : buvoa (56832 bytes)
C:\WINNT\_default(2).pif : pjvze (102697 bytes)
C:\WINNT\_default(36).pif : pjvze (0 bytes)
C:\WINNT\_default.pif : nrwyg (0 bytes)
Post by: guestolo on February 19, 2007, 07:11:13 PM
Seems like more infected files
Can you do the following
Reboot your computer into safe mode
Sign in with your normal account
Run Hijackthis again>>Open the MISC TOOLS SECTION
Open ADS SPY...
UNCHECK "Quick Scan"
Then click the SCAN button,
When it's done Put a check in all items found
Then select the "Remove Selected" button
OK any prompt you get
Reboot back to Normal windows
Post a fresh hijackthis log
Also run ADS spy again and post it 's log
I totally forgot about the Vundofix log last time
Can you post it's last log too
C:\Vundofix.txt
Let me know how things are running please
Post by: resevil83 on February 20, 2007, 01:40:57 AM
Scan saved at 12:39:41 AM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
Post by: resevil83 on February 20, 2007, 01:48:51 AM
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667370.pif : nrwyg (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667371.pif : pjvze (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667372.pif : pjvze (102697 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667373.dll : obobw (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667374.prx : hcnsx (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667375.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667376.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667377.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667378.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667379.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667380.exe : egsqrg (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667381.dll : usaygw (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667382.ini : czhtmu (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667383.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667384.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667385.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667386.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667387.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667388.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667389.ini : ldqxg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667389.ini : ryeaqz (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667390.exe : wqoda (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667391.cfg : rnlcsx (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667392.exe : arwtg (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667393.exe : ohshd (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667393.exe : qluzd (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667394.exe : ohshd (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667394.exe : qluzd (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667395.exe : sbnmbe (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667396.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667397.exe : sehrs (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667398.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667399.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667400.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667400.exe : uaapzr (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667401.exe : sunyq (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667402.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667403.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667404.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667405.dll : jojhk (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667406.dll : gmyvs (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667407.dll : gmyvs (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667407.dll : mlcfx (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667407.dll : rphrwz (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667408.dll : gmyvs (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667408.dll : rphrwz (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667409.dll : gmyvs (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667409.dll : rphrwz (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667410.dll : gmyvs (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667410.dll : rphrwz (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667411.bat : tyudc (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667412.exe : gmnku (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667413.sys : jgswc (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667414.sys : xjprx (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667415.exe : zgeme (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667416.INI : pkmvx (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667416.INI : wiriv (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667417.dll : bwjun (3362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667417.dll : dmiof (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667417.dll : tqdxo (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667418.old : iwqht (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667419.INI : bqsju (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667419.INI : lgoqz (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667419.INI : qvgbz (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667420.dll : ftvrc (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667421.exe : bqtok (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667421.exe : hsvbx (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667422.dll : jpijq (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667422.dll : nbkda (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667423.dll : jpijq (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667423.dll : nbkda (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667424.exe : caryg (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667424.exe : ovjwz (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667425.OLD : slzvn (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667426.INI : fegqo (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667427.ini : vvqla (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667428.INI : gmuxs (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667429.dll : qoglu (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667430.exe : ppgbb (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667431.exe : xpowz (3347 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667432.ini : eovje (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667433.dll : kzdjw (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667433.dll : mnldc (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667434.exe : azlyab (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667435.exe : iyskfq (7473 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667436.exe : ntpcj (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667437.exe : fqemfh (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667438.dll : tuwqy (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667439.exe : azlfc (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667440.exe : kppcb (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667441.ini : gfstl (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667442.dll : ibhwtm (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667443.dll : ibhwtm (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667444.exe : kzqtsk (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667445.exe : kxznra (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667446.dll : puyep (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667447.ini : xbfrv (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667447.ini : yixir (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667448.ini : qiuqc (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667449.exe : ufbxb (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667450.ini : cpsln (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667451.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667452.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667453.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667454.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667455.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667456.exe : wowyqt (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667457.dll : evlei (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667457.dll : failv (11591 bytes)
Post by: resevil83 on February 20, 2007, 02:01:24 AM
VundoFix V6.3.5
Checking Java version...
Java version is 1.5.0.3
Scan started at 12:09:23 AM 2/6/2007
Listing files found while scanning....
C:\WINNT\Help\starter\mxlyss.dll
C:\WINNT\Help\starter\ssylxm.bak1
C:\WINNT\Help\starter\ssylxm.bak2
C:\WINNT\Help\starter\ssylxm.ini
C:\WINNT\Help\starter\ssylxm.ini2
C:\WINNT\Help\starter\ssylxm.tmp
C:\WINNT\system32\anugbmlt.dll
C:\WINNT\system32\enylwpnk.dll
C:\WINNT\system32\gjtxqeqm.dll
C:\WINNT\system32\iergmope.dll
C:\WINNT\system32\iyfatcyr.exe
C:\WINNT\system32\knpwlyne.ini
C:\WINNT\system32\pjuxptvk.dll
C:\WINNT\system32\rqrroll.dll
C:\WINNT\system32\rtacltit.dll
C:\WINNT\system32\uqkyekfb.dll
C:\WINNT\system32\wsdgotag.dll
C:\WINNT\system32\yflmiedu.exe
C:\WINNT\system32\yiqviesi.exe
Beginning removal...
Attempting to delete C:\WINNT\Help\starter\mxlyss.dll
C:\WINNT\Help\starter\mxlyss.dll Has been deleted!
Attempting to delete C:\WINNT\Help\starter\ssylxm.bak1
C:\WINNT\Help\starter\ssylxm.bak1 Has been deleted!
Attempting to delete C:\WINNT\Help\starter\ssylxm.bak2
C:\WINNT\Help\starter\ssylxm.bak2 Has been deleted!
Attempting to delete C:\WINNT\Help\starter\ssylxm.ini
C:\WINNT\Help\starter\ssylxm.ini Has been deleted!
Attempting to delete C:\WINNT\Help\starter\ssylxm.ini2
C:\WINNT\Help\starter\ssylxm.ini2 Has been deleted!
Attempting to delete C:\WINNT\Help\starter\ssylxm.tmp
C:\WINNT\Help\starter\ssylxm.tmp Has been deleted!
Attempting to delete C:\WINNT\system32\enylwpnk.dll
C:\WINNT\system32\enylwpnk.dll Has been deleted!
Attempting to delete C:\WINNT\system32\iyfatcyr.exe
C:\WINNT\system32\iyfatcyr.exe Has been deleted!
Attempting to delete C:\WINNT\system32\knpwlyne.ini
C:\WINNT\system32\knpwlyne.ini Has been deleted!
Attempting to delete C:\WINNT\system32\rqrroll.dll
C:\WINNT\system32\rqrroll.dll Has been deleted!
Attempting to delete C:\WINNT\system32\yflmiedu.exe
C:\WINNT\system32\yflmiedu.exe Has been deleted!
Attempting to delete C:\WINNT\system32\yiqviesi.exe
C:\WINNT\system32\yiqviesi.exe Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.5
Checking Java version...
Java version is 1.5.0.3
Scan started at 1:11:07 AM 2/19/2007
Listing files found while scanning....
C:\WINNT\system32\anugbmlt.dll
C:\WINNT\system32\rtacltit.dll
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.3.5
Checking Java version...
Java version is 1.5.0.3
Scan started at 12:48:41 AM 2/20/2007
Listing files found while scanning....
C:\WINNT\system32\anugbmlt.dll
C:\WINNT\system32\rtacltit.dll
Post by: resevil83 on March 01, 2007, 12:05:19 AM
Post by: guestolo on March 10, 2007, 09:44:46 AM
How is everything running on your end now?
We still had a bit more cleaning to do, do you still have access to the computer?
Can you post a fresh hijackthis log if your still around
Again, I apologize for the extreme long delay in getting back to you
Post by: resevil83 on March 20, 2007, 11:43:57 PM
How is everything running on your end now?
We still had a bit more cleaning to do, do you still have access to the computer?
Can you post a fresh hijackthis log if your still around
Again, I apologize for the extreme long delay in getting back to you[/quote]
I just got access to the computer again. I will be able to get to this computer more often now. Get back to me when you get a chance... Here's the log file.
Logfile of HijackThis v1.99.1
Scan saved at 10:41:15 PM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
Post by: guestolo on March 22, 2007, 07:09:06 PM
Can you do the following
Find and delete these files if they are still hanging around
C:\WINNT\system32\rtacltit.dll <-this file
C:\WINNT\system32\anugbmlt.dll <-this file
To stop Net Nanny from popping up at startup
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Open SrEng.exe again
Click the System Repair button
Then choose "Browser Addon" tab
Use your mouse and expand CLSID 1 so you read the entire entry
Left click to Highlight then Delete Selected on only this one entry
{F18F04B0-9CF1-4B93-B004-77A288BEE28B}
Exit SrEng.exe afterwards
Reboot the computer, back in Windows
If everything is running better
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Give it a name and click Create
When that's done
Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating
Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made
Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning
You should give your computer a bit more protection
Install
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
In addition, utilize the Immunization feature in Spybot 1.4
After every update
Click the "Immunize" button>>OK the prompt>>Immunize again at the top green cross
If there are other user profiles on the computer, have them login and enable all protections with Spywareblaster
and Immunize with Spybot after every update
Hope that helps
Post by: resevil83 on March 27, 2007, 11:20:04 PM
I just hit ok and everything is fine, I was just wondering if I could ger rid of this error message?
Post by: guestolo on March 29, 2007, 10:26:34 AM
I assume it's AVG free edition
Can we try a reinstall
Download the installer package from HERE (http://\"http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-virus-free\")
and save too desktop
You'll find the installer under AVG Free for Windows installation files
Don't install yet
Access your add/remove programs and remove AVG AntiVirus
Reboot the computer afterwards
Back in Windows
Find and delete this folder
C:\Program Files\Grisoft\AVG Free
Reinstall AVG from the installer on desktop
Reboot again
Does that help?
If not, can you do the following
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as find.bat
Save this file on the desktop, ensure it has the .bat extension
Code: [Select]
dir %Systemdrive%\mfc71.dll /a h /s > files.txt
start notepad files.txtDouble click on find.bat, give this time to search
A text file should open, can you copy>Paste back here the contents
Post by: guestolo on June 09, 2007, 04:29:09 PM