Computer infected with spyware, help

[resevil83]

My computer runs terribly slow. Weird popups and system errors occur. Sometimes my internet shuts down automatically. Data is downloaded to my desktop without me doing anything. Here's my HJT file. I'm helping a friend out questolo. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />




Logfile of HijackThis v1.99.1
Scan saved at 2:21:22 AM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\PadsysAssistant\PadsysAssistant.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\pwinsqes.exe
C:\WINNT\winsock32.exe
C:\Program Files\Common Files\AOL\1130113856\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1130113856\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\trafkbdy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\dsvjd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\dsvjd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\dsvjd.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.yieldmanager.com/rw?title=&q...amp;uid=8765607 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: AssistantLibrary - {04CDB16C-AB38-43CD-A86A-6FEB90290939} - C:\Program Files\PadsysAssistant\AssistantLibrary.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16E618CF-418A-4832-BB7B-48F8EEE75711} - C:\WINNT\Help\starter\mxlyss.dll
O2 - BHO: (no name) - {2416E910-CA38-4567-8DCA-4A050DADCABa} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: (no name) - {286D7B76-7883-9B10-E16F-90945C669B40} - C:\WINNT\nttd32.dll (file missing)
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINNT\system32\nodeipproc.dll
O2 - BHO: (no name) - {325B8880-1463-6CCD-40EE-4D918CD788BC} - C:\WINNT\system32\bgnfwko.dll
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINNT\system32\durvilz.dll
O2 - BHO: (no name) - {44A380A3-0821-1E04-C7E1-0755E228F280} - C:\WINNT\system32\rfwmxjb.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA43AA} - C:\Program Files\AdSponsor\AdSponsor.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINNT\system32\ipv6mons.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINNT\system32\ipv6mons.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINNT\cfg32r.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINNT\system32\wsdgotag.dll
O2 - BHO: (no name) - {9AD16D7F-49A6-422C-BE55-7F59270ECDA6} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - C:\Program Files\BHO Plugin\plugin2.dll
O2 - BHO: Jffdjljo Class - {A16AC1F4-BCA7-4401-B5F5-22240F78E776} - C:\WINNT\system32\p2jlseh8.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Yvakt Class - {ABA0ABA4-1C23-42CE-A10B-E07B8609B555} - C:\WINNT\system32\x3cqp0.dll
O2 - BHO: (no name) - {B4AFD5E5-E9C5-4893-95C9-DF0651B15D36} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: 0 - {B86E6737-5BD6-4572-8E8D-75E6D342D22E} - C:\Program Files\MSN Gaming Zone\ryli.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30B0A85A-0AE9-1033-0801-030416200001}\888Bar.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\rqrroll.dll
O2 - BHO: (no name) - {CA82C0E1-0757-24F2-23F8-0C45017C2DE5} - C:\WINNT\system32\vnscct.dll
O2 - BHO: (no name) - {DEB00314-395A-4E70-8686-DCAC63A4DDFe} - C:\WINNT\system32\walikbmv.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30B0A85A-0AE9-1033-0801-030416200001}\888Bar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\pwinsqes.exe SKY001
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\dqquglku.dll",setvm
O4 - HKLM\..\Run: [brwdiag] C:\WINNT\system32\brwconf.exe
O4 - HKLM\..\Run: [vodcyi] C:\WINNT\system32\vwykak.exe reg_run
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKCU\..\Run: [stonedrv] c:\winnt\system32\stonedrv.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [_zlu_zlope04] C:\WINNT\system32\_zsk_zlu_zlope04P\SK^H`VQRIZJNVK.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [_zlu_zlope06] c:\winnt\system32\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe
O4 - HKCU\..\Run: [winsock32] winsock32
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\winnt\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [TaskManager] C:\WINNT\TaskMgr.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [rlkdb] C:\WINNT\system32\vwykak.exe reg_run
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinsqes.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Pop up Blocker Pro - {599125BC-6100-4DC3-BCB9-9452A2192CF5} - C:\Program Files\Pop up Blocker Pro\pdie.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\jpsjisqy.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.189.118/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.wildtangent.com/webdrivers/webinstall/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\IVANTH~1\LOCALS~1\Temp\mma.chm::/alien.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: brwmgr - C:\WINNT\SYSTEM32\brwmgr32.dll
O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\epent97.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mxlyss - C:\WINNT\Help\starter\mxlyss.dll
O20 - Winlogon Notify: Reliability - C:\WINNT\system32\vdscript.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll
O20 - Winlogon Notify: rqrroll - C:\WINNT\SYSTEM32\rqrroll.dll
O20 - Winlogon Notify: RunServices - C:\WINNT\system32\icdkcs32.dll (file missing)
O20 - Winlogon Notify: trafkbdy - C:\WINNT\system32\trafkbdy.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINNT\system32\aspi3048410.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\System32\angelex.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe
O23 - Service: mstlsapi - Unknown owner - C:\WINNT\mstlsapi.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)

[guestolo]

You have a collection of malware in your log, nothing we can't take care of
Follow along closely, do everything I post, if you get stuck on something
Carry on and post what you can

Let's try and clean some and see what we're left with

Download a few tools please,
==Download the latest version of  [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
We will need this later

==Download [color=\"red\"]SDFix[/color] and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
We'll need this later

==Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
We'll need this later

==Download and Install
Ad-Aware SE Personal 1.06
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later

==Download and Install Spybot 1.4 from
HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
Ensure all updates are successful, a GREEN check will indicate this
If you have an error updating, search for updates again and retry the download until all updates are successfully installed
After update is complete
Close Spybot, as we will need it later also

Access your Add/Remove programs and remove any of the following that you can find:
New.dot Net domains
Toolbar 888
DeluxeCommunications
VSToolbar
Adsponsor
DeskBar
PadsysAssistant
Surf Sidekick
DeluxeCommunications
Reboot the computer
In the event that New.Net Domains is not listed in add/remove programs
Download this uninstaller to desktop and run it
http://www.new.net/support/NNuninstall.exe
Follow the onscreen instructions
Ensure that you reboot the computer afterwards

Print the rest of these instructions or save them too a notepad file for reference
This is important!!!

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\dsvjd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\dsvjd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\dsvjd.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.yieldmanager.com/rw?title=&q...amp;uid=8765607 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: AssistantLibrary - {04CDB16C-AB38-43CD-A86A-6FEB90290939} - C:\Program Files\PadsysAssistant\AssistantLibrary.dll

O2 - BHO: (no name) - {16E618CF-418A-4832-BB7B-48F8EEE75711} - C:\WINNT\Help\starter\mxlyss.dll
O2 - BHO: (no name) - {2416E910-CA38-4567-8DCA-4A050DADCABa} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: (no name) - {286D7B76-7883-9B10-E16F-90945C669B40} - C:\WINNT\nttd32.dll (file missing)
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINNT\system32\nodeipproc.dll
O2 - BHO: (no name) - {325B8880-1463-6CCD-40EE-4D918CD788BC} - C:\WINNT\system32\bgnfwko.dll
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINNT\system32\durvilz.dll
O2 - BHO: (no name) - {44A380A3-0821-1E04-C7E1-0755E228F280} - C:\WINNT\system32\rfwmxjb.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA43AA} - C:\Program Files\AdSponsor\AdSponsor.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINNT\system32\ipv6mons.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINNT\system32\ipv6mons.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINNT\cfg32r.dll (file missing)

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINNT\system32\wsdgotag.dll
O2 - BHO: (no name) - {9AD16D7F-49A6-422C-BE55-7F59270ECDA6} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - C:\Program Files\BHO Plugin\plugin2.dll
O2 - BHO: Jffdjljo Class - {A16AC1F4-BCA7-4401-B5F5-22240F78E776} - C:\WINNT\system32\p2jlseh8.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Yvakt Class - {ABA0ABA4-1C23-42CE-A10B-E07B8609B555} - C:\WINNT\system32\x3cqp0.dll
O2 - BHO: (no name) - {B4AFD5E5-E9C5-4893-95C9-DF0651B15D36} - C:\WINNT\system32\walikbmv.dll
O2 - BHO: 0 - {B86E6737-5BD6-4572-8E8D-75E6D342D22E} - C:\Program Files\MSN Gaming Zone\ryli.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30B0A85A-0AE9-1033-0801-030416200001}\888Bar.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\rqrroll.dll
O2 - BHO: (no name) - {CA82C0E1-0757-24F2-23F8-0C45017C2DE5} - C:\WINNT\system32\vnscct.dll
O2 - BHO: (no name) - {DEB00314-395A-4E70-8686-DCAC63A4DDFe} - C:\WINNT\system32\walikbmv.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30B0A85A-0AE9-1033-0801-030416200001}\888Bar.dll
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\pwinsqes.exe SKY001
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\dqquglku.dll",setvm
O4 - HKLM\..\Run: [brwdiag] C:\WINNT\system32\brwconf.exe
O4 - HKLM\..\Run: [vodcyi] C:\WINNT\system32\vwykak.exe reg_run
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKCU\..\Run: [stonedrv] c:\winnt\system32\stonedrv.exe

O4 - HKCU\..\Run: [_zlu_zlope04] C:\WINNT\system32\_zsk_zlu_zlope04P\SK^H`VQRIZJNVK.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [_zlu_zlope06] c:\winnt\system32\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe
O4 - HKCU\..\Run: [winsock32] winsock32
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\winnt\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [TaskManager] C:\WINNT\TaskMgr.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [rlkdb] C:\WINNT\system32\vwykak.exe reg_run
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinsqes.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\jpsjisqy.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.189.118/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.wildtangent.com/webdrivers/webinstall/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\IVANTH~1\LOCALS~1\Temp\mma.chm::/alien.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: brwmgr - C:\WINNT\SYSTEM32\brwmgr32.dll
O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\epent97.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mxlyss - C:\WINNT\Help\starter\mxlyss.dll
O20 - Winlogon Notify: Reliability - C:\WINNT\system32\vdscript.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll
O20 - Winlogon Notify: rqrroll - C:\WINNT\SYSTEM32\rqrroll.dll
O20 - Winlogon Notify: RunServices - C:\WINNT\system32\icdkcs32.dll (file missing)
O20 - Winlogon Notify: trafkbdy - C:\WINNT\system32\trafkbdy.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINNT\system32\aspi3048410.exe (file missing)
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\System32\angelex.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe
O23 - Service: mstlsapi - Unknown owner - C:\WINNT\mstlsapi.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)



After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis


Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the top of the screen that appears.
Sign in with your normal user account

==Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

==Open the SmitfraudFix folder you extracted to desktop earlier

• Double-click smitfraudfix.cmd
  
• Press any key to continue
• Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
  
  
• You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
  
  
• The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
  

The tool may need to restart your computer to finish the cleaning process.  A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt

If a reboot was not required, remain in safe mode
If a reboot was required, reboot back to safe mode please and follow the remaining instructions!!!!

==Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
Close Ad-Aware

==Open Spybot 1.4
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

SDFix

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  

Back in Normal Windows
DO the following
Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Come back here and post All the following please. Even if it takes more than one reply to do so

1. Post the log from Combofix   >> C:\Combofix.txt
2. Post the log from SDFix>>"Report.txt" within the SDFix folder
3. Post the log from Smitfraudfix>>C:\Rapport.txt
4. Post a fresh Hijackthis log

[resevil83]

"Vince" - 07-01-28  3:31:12    Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Vince.BACKROOM\Desktop"

   [color=\"red\"] ERROR !!! Look2Me section not completed [/color]

(((((((((((((((((((((((((((((((((((((((((((((   Qoologic's Log   )))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
* * *  PRE-RUN - Filepaths extracted from the Registry  * * * * * * * * * * * * * * * * * * * * * *


O4 - HKCU\...\Run   C:\WINNT\system32\vwykak.exe
O4 - HKLM\...\Run   C:\WINNT\system32\vwykak.exe


* * *  PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


C:\WINNT\system32\ceykqsi.dll
C:\WINNT\system32\vwykak.exe
C:\WINNT\system32\xcwrkpw.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\oellg.exe
C:\WINNT\urgqq.dll
C:\WINNT\system32\cuonl.dat
C:\WINNT\system32\mgqoy.exe


* * *  POST-RUN - Files in the Quarantine folder  * * * * * * * * * * * * * * * * * * * * * * * * *


07-01-03  08:41            343040 oellg.exe.qoo
07-01-04  19:24            343040 cuonl.dat.qoo
07-01-04  19:24            343040 vwykak.exe.qoo
07-01-04  19:24            157184 ceykqsi.dll.qoo
07-01-28  03:28               337 urgqq.dll.qoo
06-11-08  21:41                53 bwccvb.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
 
 
((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\ac3_0008.exe
C:\ac3_0003.exe
C:\dfndrff_11a.exe
C:\dfndrff_8.exe
C:\dfndrff_9.exe
C:\dfndrff_e21.exe
C:\dfndrff_e25.exe
C:\drsmartload45a3333a.exe
C:\drsmartload45a3344a.exe
C:\drsmartload45a45a45q.exe
C:\drsmartload45a45b.exe
C:\drsmartload45a45c.exe
C:\drsmartload45a45d.exe
C:\drsmartload45a45e.exe
C:\drsmartload45a45f.exe
C:\drsmartload45a8b9.exe
C:\drsmartload45a8b9abc.exe
C:\drsmartload45a9999a.exe
C:\drsmartload46a3333a.exe
C:\drsmartload46a3344a.exe
C:\drsmartload46a46b.exe
C:\drsmartload46a46c.exe
C:\drsmartload46a46d.exe
C:\drsmartload46a46e.exe
C:\drsmartload46a46f.exe
C:\drsmartload46a8b9.exe
C:\drsmartload46a8b9abc.exe
C:\drsmartload46a9999a.exe
C:\drsmartload849a3333a.exe
C:\drsmartload849a3344a.exe
C:\drsmartload849a849b.exe
C:\drsmartload849a849c.exe
C:\drsmartload849a849d.exe
C:\drsmartload849a849e.exe
C:\drsmartload849a849f.exe
C:\drsmartload849a8b9.exe
C:\drsmartload849a8b9abc.exe
C:\drsmartload849a9999a.exe
C:\WINNT\Duce6.exe
C:\deskbar_e21.exe
C:\kybrdff_11a.exe
C:\kybrdff_8.exe
C:\kybrdff_9.exe
C:\kybrdff_e21.exe
C:\kybrdff_e54.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\nwnmff_11.exe
C:\nwnmff_12.exe
C:\nwnmff_8.exe
C:\nwnmff_9.exe
C:\nwnmff_e21.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINNT\1.exe
C:\WINNT\2.exe
C:\WINNT\uninstall_nmon.vbs
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
C:\DOCUME~1\Alys\Application Data\Dxcknwrd.dll
C:\DOCUME~1\Guest\Application Data\Dxcknwrd.dll
C:\DOCUME~1\O0IIEB~1\Application Data\Dxcknwrd.dll
C:\DOCUME~1\PHILBA~1.000\Application Data\Sskcwrd.dll
C:\DOCUME~1\PHILBA~1.000\Application Data\Sskknwrd.dll
C:\DOCUME~1\PHILBA~1.000\Application Data\Sskuknwrd.dll
C:\DOCUME~1\PHILBA~1.000\Application Data\Dxcknwrd.dll
C:\DOCUME~1\VINCE~1.BAC\Application Data\Dxcknwrd.dll
C:\DOCUME~1\VINCE~1.BAC\Application Data\Dxcuknwrd.dll
C:\WINNT\1.exe
C:\WINNT\2.exe
C:\WINNT\876056.exe
C:\WINNT\system32\aaphpseh.dll
C:\WINNT\system32\aatbvnwg.dll
C:\WINNT\system32\abuiqtyg.dll
C:\WINNT\system32\bodqedes.dll
C:\WINNT\system32\ferpsosk.dll
C:\WINNT\system32\grgstwtk.dll
C:\WINNT\system32\hbcrjtqe.dll
C:\WINNT\system32\htyuadjk.dll
C:\WINNT\system32\kmhparsl.dll
C:\WINNT\system32\lyutbgff.dll
C:\WINNT\system32\msdryrwp.dll
C:\WINNT\system32\nanehhal.dll
C:\WINNT\system32\nntlfwdo.dll
C:\WINNT\system32\orjolaht.dll
C:\WINNT\system32\pmcayljt.dll
C:\WINNT\system32\vhpyadek.dll
C:\WINNT\system32\vmpjruap.dll
C:\WINNT\system32\yvhgihjj.dll
C:\WINNT\system32\aaa00000.sys
C:\WINNT\system32\ftuninst.exe
C:\WINNT\system32\gbe90qs.exe
C:\WINNT\system32\icon_mediamotor.exe
C:\WINNT\system32\mptft.exe
C:\WINNT\system32\nr1rnqm8.exe
C:\WINNT\system32\rnnypbw.exe
C:\WINNT\system32\ssn6tuu.exe
C:\WINNT\system32\tfthot.exe
C:\WINNT\system32\ts_mediamotor.exe
C:\WINNT\system32\WinNB58.dll
C:\WINNT\system32\x3cqp0.dll
C:\mpnaaq7.exe
C:\yz02.exe
C:\zigid003.exe
C:\WINNT\dembat.tm
C:\WINNT\media_motor_bundle.exe
C:\WINNT\MirarSetup_876075.exe
C:\WINNT\offun.exe
C:\WINNT\system32ftuninst.exe
C:\WINNT\System32tfthot.exe
C:\WINNT\uni_e6h.exe
C:\WINNT\uni_ehhhh.exe
C:\WINNT\uninst104.exe
C:\DOCUME~1\LOCALS~1\Application Data\NetMon
C:\Program Files\Common Files\{10B0A~1
C:\Program Files\Common Files\{30B0A~1
C:\Documents and Settings\All Users\Documents\Settings
C:\DOCUME~1\VINCE~1.BAC\Application Data\SearchToolbarCorp
C:\Program Files\CMFibula
C:\Program Files\cmfibula
C:\Program Files\CMIntex
C:\Program Files\snowball wars
C:\Program Files\VSAdd-in
C:\Program Files\windows
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\PPATCH~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\PPATCH~1\w?auboot.exe
C:\qoobox\purity\Program Files\STEM32~1\STEM32~1
C:\qoobox\purity\Program Files\STEM32~1\wuaclt.exe
C:\qoobox\purity\WINNT\ECURIT~1
C:\qoobox\purity\WINNT\YMANTE~1
C:\qoobox\purity\WINNT\system32\MBOLS~1


(((((((((((((((((((((((((((((((   Files Created from 2006-12-28 to 2007-01-28  ))))))))))))))))))))))))))))))))))
 
 
2007-01-28 03:29   88,035   --a------   C:\WINNT\PID47IER.exe
2007-01-28 03:26   88,340   --a------   C:\WINNT\system32\vhnkhijq.exe
2007-01-28 03:26   118,804   --a------   C:\WINNT\system32\slcyabmh.dll
2007-01-28 01:48   2,388   --a------   C:\WINNT\system32\tmp.reg
2007-01-28 01:47   79,360   --a------   C:\WINNT\system32\swxcacls.exe
2007-01-28 01:47   53,248   --a------   C:\WINNT\system32\Process.exe
2007-01-28 01:47   51,200   --a------   C:\WINNT\system32\dumphive.exe
2007-01-28 01:47   40,960   --a------   C:\WINNT\system32\swsc.exe
2007-01-28 01:47   288,417   --a------   C:\WINNT\system32\SrchSTS.exe
2007-01-28 01:47   135,168   --a------   C:\WINNT\system32\swreg.exe
2007-01-28 00:13   88,340   --a------   C:\WINNT\system32\muqaqicc.exe
2007-01-27 23:52   88,340   --a------   C:\WINNT\system32\ojxrusoa.exe
2007-01-27 23:37   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-27 23:35   <DIR>   d--------   C:\DOCUME~1\VINCE~1.BAC\Application Data\Lavasoft
2007-01-27 22:42   88,340   --a------   C:\WINNT\system32\hjtqjijb.exe
2007-01-27 22:42   118,804   --a------   C:\WINNT\system32\mlheylhy.dll
2007-01-27 22:10   88,340   --a------   C:\WINNT\system32\bjmvqrjr.exe
2007-01-27 21:56   49,152   --ah-----   C:\WINNT\system32\brwconf.exe
2007-01-27 21:48   88,340   --a------   C:\WINNT\system32\kobsamws.exe
2007-01-27 21:48   118,804   --a------   C:\WINNT\system32\idbuhqtr.dll
2007-01-27 21:39   95,744   --a------   C:\WINNT\system32\drivera.exe
2007-01-27 21:39   150,016   --a------   C:\WINNT\system32\drivera.dll
2007-01-27 21:38   95,744   --a------   C:\WINNT\monterreya_unknown.exe
2007-01-27 14:48   88,340   --a------   C:\WINNT\system32\bdkifmhs.exe
2007-01-27 14:47   118,804   --a------   C:\WINNT\system32\pcitmcrp.dll
2007-01-27 13:35   95,744   --a------   C:\WINNT\system32\monterreya_unknown.exe
2007-01-27 13:35   88,340   --a------   C:\WINNT\system32\citgwfcc.exe
2007-01-25 01:42   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-25 01:42   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-01-25 01:22   <DIR>   d--------   C:\SDFix
2007-01-21 02:17   <DIR>   d--------   C:\HJT
2007-01-18 22:39   88,340   --a------   C:\WINNT\system32\dvhuhvmq.exe
2007-01-18 22:39   118,804   --a------   C:\WINNT\system32\dqquglku.dll
2007-01-18 21:28   88,340   --a------   C:\WINNT\system32\pejcrrpg.exe
2007-01-18 21:28   118,804   --a------   C:\WINNT\system32\rlaswfmy.dll
2007-01-18 21:22   95,744   --a------   C:\WINNT\system32\durvilz.exe
2007-01-18 21:22   95,744   --a------   C:\WINNT\system32\druidz_unknown.exe
2007-01-18 21:22   150,016   --a------   C:\WINNT\system32\durvilz.dll
2007-01-15 16:50   <DIR>   d--------   C:\Program Files\Exolon
2007-01-15 16:49   100,843   --a------   C:\WINNT\tpup.exe
2007-01-07 20:27   931   --a------   C:\WINNT\system32\winpfz32.sys
2007-01-07 20:24   88,340   --a------   C:\WINNT\system32\eawvpssc.exe
2007-01-06 23:42   88,340   --a------   C:\WINNT\system32\iffdupbs.exe
2007-01-06 23:41   88,340   --a------   C:\WINNT\system32\kblayvxm.exe
2007-01-06 21:23   88,340   --a------   C:\WINNT\system32\gtrsykbu.exe
2007-01-05 05:31   184,432   --a------   C:\WINNT\system32\pwinsqeb.exe
2007-01-04 19:31   184,395   --a------   C:\WINNT\system32\pwinsqed.exe
2007-01-04 19:25   88,340   --a------   C:\WINNT\system32\ppgmkvoa.exe
2007-01-04 19:13   88,340   --a------   C:\WINNT\system32\hvyicstj.exe
2007-01-04 19:09   93,696   --a------   C:\WINNT\system32\wdokbye.dll
2007-01-03 16:07   13,098   --a------   C:\WINNT\system32\731402ld.exe
2007-01-03 08:42   <DIR>   d--------   C:\DeluxeCommunications
2007-01-03 08:39   93,696   --a------   C:\WINNT\system32\hrcopul.dll
2007-01-03 08:39   9,767   --a------   C:\bghtcbd.exe
2007-01-03 08:39   3,648   --a------   C:\klnl.exe
2007-01-03 08:39   23,552   --a------   C:\bhbn.exe
2007-01-03 00:37   88,340   --a------   C:\WINNT\system32\rishhgwu.exe
2007-01-02 23:50   88,340   --a------   C:\WINNT\system32\harqceks.exe
2006-12-31 11:37   81,684   --a------   C:\WINNT\system32\bulpyxam.dll
2006-12-31 11:36   88,340   --a------   C:\WINNT\system32\ehvsduuw.exe
2006-12-31 11:34   88,340   --a------   C:\WINNT\system32\jqjhitpr.exe
2006-12-31 11:21   35,840   --a------   C:\WINNT\TaskMgr.exe
2006-12-31 03:18   88,340   --a------   C:\WINNT\system32\yvglruse.exe
2006-12-29 14:25   88,340   --a------   C:\WINNT\system32\elmjmvsr.exe
2006-12-29 13:42   88,340   --a------   C:\WINNT\system32\ipndxohb.exe
2006-12-28 18:44   88,340   --a------   C:\WINNT\system32\gncpdkqf.exe
2006-12-28 18:30   88,340   --a------   C:\WINNT\system32\iowdatel.exe
2006-12-28 18:30   44,060   --a------   C:\WINNT\system32\wsdgotag.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))

[color=\"red\"]Rootkit driver pe386 is present. A rootkit scan is required[/color]

2007-01-28 03:38   --------   dr-------   C:\Program Files\net nanny
2007-01-28 03:28   --------   d--------   C:\Program Files\msn gaming zone
2007-01-28 02:54   --------   d--h-----   C:\Program Files\bho plugin
2007-01-28 02:54   --------   d--------   C:\Program Files\vstoolbar
2007-01-27 23:35   --------   d--------   C:\Program Files\lavasoft
2007-01-27 23:35   --------   d--------   C:\Documents and Settings\Vince.BACKROOM\Application Data\lavasoft
2007-01-18 22:39   929   --a------   C:\WINNT\system32\winpfg32.sys
2007-01-04 19:14   --------   d--------   C:\Program Files\limewire
2007-01-03 08:39   6687   --a------   C:\WINNT\system32\ldcore.dll
2006-12-28 19:00   --------   d--------   C:\Program Files\aim
2006-12-27 02:40   88340   --a------   C:\WINNT\system32\cxobntju.exe
2006-12-26 12:04   88340   --a------   C:\WINNT\system32\avrchesr.exe
2006-12-26 12:01   88340   --a------   C:\WINNT\system32\gcfcxcap.exe
2006-12-26 10:35   88340   --a------   C:\WINNT\system32\jkdmblhc.exe
2006-12-25 23:29   --------   d--------   C:\Documents and Settings\Vince.BACKROOM\Application Data\limewire
2006-12-25 22:14   --------   d---s----   C:\Documents and Settings\Vince.BACKROOM\Application Data\microsoft
2006-12-25 21:27   88340   --a------   C:\WINNT\system32\auyejhtg.exe
2006-12-25 17:24   88340   --a------   C:\WINNT\system32\xwltmfom.exe
2006-12-25 17:24   60436   --a------   C:\WINNT\system32\rtacltit.dll
2006-12-25 17:17   --------   d--------   C:\Program Files\itunes
2006-12-25 17:17   --------   d--------   C:\Program Files\ipod
2006-12-25 17:14   --------   d--------   C:\Program Files\quicktime
2006-12-25 17:11   --------   d--------   C:\Program Files\apple software update
2006-12-25 15:02   88340   --a------   C:\WINNT\system32\yxxseknn.exe
2006-12-25 14:49   88340   --a------   C:\WINNT\system32\vdbyqyll.exe
2006-12-25 14:43   88340   --a------   C:\WINNT\system32\pjnealoc.exe
2006-12-25 13:34   2   --a------   C:\WINNT\system32\wnstssv.exe
2006-12-25 13:33   88340   --a------   C:\WINNT\system32\piolqvwg.exe
2006-12-21 00:31   0   --a------   C:\WINNT\ff9n1vvm.exe
2006-12-19 08:16   44052   --a------   C:\WINNT\system32\anugbmlt.dll
2006-12-19 08:15   93696   --a------   C:\WINNT\system32\ansfsrg.dll
2006-12-19 08:15   88340   --a------   C:\WINNT\system32\iiyhgqcc.exe
2006-12-19 08:13   118804   --a------   C:\WINNT\system32\quidooai.dll
2006-12-18 09:13   53248   --ah-----   C:\WINNT\system32\confbrw.dll
2006-12-18 09:13   49152   --ah-----   C:\WINNT\system32\brwprf32.dll
2006-12-18 09:13   40960   --ah-----   C:\WINNT\system32\brwperf.exe
2006-12-18 09:13   335872   --ah-----   C:\WINNT\system32\brwmgr32.dll
2006-12-18 09:13   126976   --ah-----   C:\WINNT\system32\brwstat.dll
2006-12-14 15:23   89088   --a------   C:\WINNT\system32\qfyqakn.dll
2006-12-14 15:22   17592   --a------   C:\3456346345643.exe
2006-12-14 15:18   88340   --a------   C:\WINNT\system32\dfcdcxxc.exe
2006-12-14 15:18   66048   --a------   C:\WINNT\system32\durvily.dll
2006-12-14 15:18   126996   --a------   C:\WINNT\system32\ghycmvth.dll
2006-12-14 15:18   121856   --a------   C:\WINNT\system32\durvily.exe
2006-12-14 15:18   121856   --a------   C:\WINNT\system32\druidy_unknown.exe
2006-12-12 21:24   88340   --a------   C:\WINNT\system32\mfqlgnxp.exe
2006-12-12 21:24   126996   --a------   C:\WINNT\system32\dsiyhtkx.dll
2006-12-12 21:21   60436   --a------   C:\WINNT\system32\cetiovja.dll
2006-12-12 21:19   69632   --a------   C:\WINNT\system32\kbfgldbp.dll
2006-12-11 07:44   58880   --a------   C:\WINNT\system32\vnscct.dll
2006-12-04 22:32   10613   -r-h-----   C:\WINNT\system32\tmp_7.exe
2006-12-04 22:32   10613   -r-h-----   C:\WINNT\system32\svch32q.exe
2006-12-04 14:43   88340   --a------   C:\WINNT\system32\redtociv.exe
2006-12-03 15:03   88340   --a------   C:\WINNT\system32\ujhwysvc.exe
2006-12-03 15:03   42516   --a------   C:\WINNT\system32\elrmoxli.dll
2006-12-03 15:02   9216   --a------   C:\WINNT\system32\e1.dll
2006-11-28 15:01   56320   --a------   C:\WINNT\system32\bgnfwko.dll
2006-11-25 11:51   126996   --a------   C:\WINNT\system32\lmckjhjk.dll
2006-11-25 11:51   110612   --a------   C:\WINNT\system32\ttdmysqp.exe
2006-11-25 11:49   110612   --a------   C:\WINNT\system32\woaiwyag.exe
2006-11-25 11:48   126996   --a------   C:\WINNT\system32\tmlbhinh.dll
2006-11-25 11:47   110612   --a------   C:\WINNT\system32\dhclwbme.exe
2006-11-25 00:33   126996   --a------   C:\WINNT\system32\eeqaaxun.dll
2006-11-25 00:33   110612   --a------   C:\WINNT\system32\enkedeea.exe
2006-11-25 00:32   110612   --a------   C:\WINNT\system32\xocmqlfs.exe
2006-11-24 22:11   38420   --a------   C:\WINNT\system32\pjuxptvk.dll
2006-11-24 22:11   126996   --a------   C:\WINNT\system32\twxkcqjp.dll
2006-11-24 22:11   110612   --a------   C:\WINNT\system32\mqtblbef.exe
2006-11-24 11:33   110612   --a------   C:\WINNT\system32\yrurktth.exe
2006-11-22 21:14   110612   --a------   C:\WINNT\system32\tayaxkyc.exe
2006-11-22 21:13   126996   --a------   C:\WINNT\system32\kgpfbhct.dll
2006-11-22 16:16   126996   --a------   C:\WINNT\system32\bwlesyvf.dll
2006-11-22 16:16   110612   --a------   C:\WINNT\system32\jnkxpkqt.exe
2006-11-22 16:15   110612   --a------   C:\WINNT\system32\egepfwmh.exe
2006-11-22 16:14   110612   --a------   C:\WINNT\system32\vxxtccqx.exe
2006-11-22 15:11   126996   --a------   C:\WINNT\system32\jkugjkcy.dll
2006-11-22 15:11   110612   --a------   C:\WINNT\system32\pplgksfc.exe
2006-11-18 10:59   126996   --a------   C:\WINNT\system32\cofrnicq.dll
2006-11-18 10:59   110612   --a------   C:\WINNT\system32\cyunnojo.exe
2006-11-18 07:15   110612   --a------   C:\WINNT\system32\qspcuvkm.exe
2006-11-18 07:14   131604   --a------   C:\WINNT\system32\walikbmv.dll
2006-11-18 07:14   126996   --a------   C:\WINNT\system32\xbcooiwr.dll
2006-11-17 18:49   126996   --a------   C:\WINNT\system32\dxedjwrs.dll
2006-11-17 18:48   110612   --a------   C:\WINNT\system32\ppnwtfly.exe
2006-11-17 18:25   126996   --a------   C:\WINNT\system32\fbnwtjyv.dll
2006-11-17 18:25   110612   --a------   C:\WINNT\system32\yqjdaain.exe
2006-11-17 15:52   126996   --a------   C:\WINNT\system32\eaavxxyh.dll
2006-11-17 15:19   126996   --a------   C:\WINNT\system32\eroxhqki.dll
2006-11-17 15:19   110612   --a------   C:\WINNT\system32\axqvaeyc.exe
2006-11-17 14:43   10609   -r-h-----   C:\WINNT\system32\tmp_53.exe
2006-11-17 13:39   110612   --a------   C:\WINNT\system32\ypysegdi.exe
2006-11-17 13:38   126996   --a------   C:\WINNT\system32\gruywbts.dll
2006-11-16 18:15   110612   --a------   C:\WINNT\system32\tqtnehpg.exe
2006-11-16 18:14   126996   --a------   C:\WINNT\system32\ltxgobbh.dll
2006-11-16 17:17   126996   --a------   C:\WINNT\system32\dtxogqru.dll
2006-11-16 17:16   110612   --a------   C:\WINNT\system32\cjhfwtwe.exe
2006-11-16 13:46   126996   --a------   C:\WINNT\system32\apuuovoi.dll
2006-11-16 13:46   110612   --a------   C:\WINNT\system32\oqlgvwwv.exe
2006-11-15 20:16   110612   --a------   C:\WINNT\system32\fvkcgcgp.exe
2006-11-15 20:03   110612   --a------   C:\WINNT\system32\ogfljqdk.exe
2006-11-15 19:59   110612   --a------   C:\WINNT\system32\tkjikfwr.exe
2006-11-15 19:23   110612   --a------   C:\WINNT\system32\rcjvpytp.exe
2006-11-15 19:20   110612   --a------   C:\WINNT\system32\uovqmamc.exe
2006-11-15 19:10   110612   --a------   C:\WINNT\system32\nklbabai.exe
2006-11-15 14:05   110612   --a------   C:\WINNT\system32\rtpqvbys.exe
2006-11-14 19:06   0   --a------   C:\WINNT\druid_unknown.exe
2006-11-14 19:04   167936   --a------   C:\WINNT\ms03012890280.exe
2006-11-14 13:12   110612   --a------   C:\WINNT\system32\xqbgmkuk.exe
2006-11-14 07:28   10509   -r-h-----   C:\WINNT\system32\svch1n.exe
2006-11-13 14:52   110612   --a------   C:\WINNT\system32\vjcmgipj.exe
2006-11-13 14:37   110612   --a------   C:\WINNT\system32\ogggbrle.exe
2006-11-12 20:41   110612   --a------   C:\WINNT\system32\xdqilykk.exe
2006-11-12 20:40   110612   --a------   C:\WINNT\system32\mubawksu.exe
2006-11-12 19:12   110612   --a------   C:\WINNT\system32\vqibvfpd.exe
2006-11-12 02:08   110612   --a------   C:\WINNT\system32\ijllexfp.exe
2006-11-09 17:02   118804   --a------   C:\WINNT\system32\rdfhmxlc.dll
2006-11-09 17:02   110612   --a------   C:\WINNT\system32\kikjknqf.exe
2006-11-09 16:57   2654   --a------   C:\mc44a53.exe
2006-11-09 16:57   110612   --a------   C:\WINNT\system32\dpmxumxc.exe
2006-11-08 21:52   94720   --a------   C:\WINNT\system32\mtnuvee.dll
2006-11-08 21:52   72192   --a------   C:\WINNT\system32\rfwmxjb.dll
2006-11-08 21:38   41520   --a------   C:\WINNT\system32\dxvwchqk.exe
2006-11-08 21:36   161280   --a------   C:\WINNT\system32\orknai.dll
2006-11-08 21:35   45056   --a------   C:\WINNT\hkykagn.exe
2006-11-08 21:34   217346   --a------   C:\WINNT\srvipxwlzp.exe
2006-11-08 21:33   45056   --a------   C:\WINNT\system32\nrnqetwbz.exe
2006-11-08 21:33   28672   --a------   C:\WINNT\system32hlvi6wkjc.exe
2006-11-08 21:33   28672   --a------   C:\WINNT\system32\pfbo0yj.exe
2006-11-08 21:33   28672   --a------   C:\WINNT\system32\hlvi6wkjc.exe
2006-11-08 21:33   24576   --a------   C:\WINNT\system32ysjaevwx.exe
2006-11-08 21:33   24576   --a------   C:\WINNT\system32\ysjaevwx.exe
2006-11-08 21:33   217346   --a------   C:\WINNT\srvtwmxnqu.exe
2006-11-08 21:33   200704   --a------   C:\WINNT\system32\p2jlseh8.dll
2006-11-08 21:33   0   --a------   C:\WINNT\system32nrnqetwbz.exe
2006-11-08 21:27   1465   --a------   C:\dacmi.exe
2006-11-08 21:26   656   --a------   C:\WINNT\system32\sfc_os.dll
2006-11-08 21:26   62464   --a------   C:\oysb.exe
2006-11-08 21:26   55296   --a------   C:\WINNT\system32\msvcrl.dll
2006-11-08 21:22   7114   --a------   C:\WINNT\winjok.exe
2006-11-08 21:22   7114   --a------   C:\WINNT\flash.exe
2006-11-08 20:50   69632   --a------   C:\WINNT\system32\ffgdhfbn.dll
2006-11-08 20:50   41520   --a------   C:\WINNT\system32\dxvwvyfs.exe
2006-11-08 08:27   135168   --a------   C:\WINNT\system32\e0pnii5i6.exe
2006-11-08 02:52   24576   --a------   C:\WINNT\system32\tbiu5xkb.exe
2006-11-06 15:14   155648   --a------   C:\WINNT\system32\dxvwnmra.exe
2006-11-06 14:35   118804   --a------   C:\WINNT\system32\mgngepif.dll
2006-11-06 14:35   110612   --a------   C:\WINNT\system32\uudhykiu.exe
2006-11-06 14:33   201728   --a------   C:\WINNT\system32\dxvwbbql.exe
2006-11-04 15:42   360448   --a------   C:\WINNT\smartdownload.exe
2006-11-04 14:45   118804   --a------   C:\WINNT\system32\qeksqbpo.dll
2006-11-04 14:45   110612   --a------   C:\WINNT\system32\rnwkcdyk.exe
2006-11-03 14:36   60436   --a------   C:\WINNT\system32\huygbjqb.dll
2006-11-03 14:36   118804   --a------   C:\WINNT\system32\oicfmnal.dll
2006-11-03 14:36   110612   --a------   C:\WINNT\system32\yguislss.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"NNTray"="C:\\Program Files\\Net Nanny\\nnstart.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"brwdiag"="C:\\WINNT\\system32\\brwconf.exe"
"DllRunning"="rundll32.exe \"C:\\WINNT\\system32\\slcyabmh.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"forwas"=hex:15,26,db,fb,69
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="confbrw.dll brwstat.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""
"{04CDB16C-AB38-43CD-A86A-6FEB90290939}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"_zlu_zlope06"="c:\\winnt\\system32\\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe"
"Windows update loader"="C:\\Windows\\xpupdate.exe"
"_mzu_stonedrv3"="C:\\WINNT\\system32\\_mzu_stonedrv3.exe"
"Key"="C:\\WINNT\\TEMP\\14D.tmp"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"_zlu_zlope06"="c:\\winnt\\system32\\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe"
"Windows update loader"="C:\\Windows\\xpupdate.exe"
"_mzu_stonedrv3"="C:\\WINNT\\system32\\_mzu_stonedrv3.exe"
"Key"="C:\\WINNT\\TEMP\\14D.tmp"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CSCSettings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mxlyss
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Reliability
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrroll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RunServices
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\trafkbdy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService
HTTPFilter   REG_MULTI_SZ      HTTPFilter
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070128-003430-961
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\System32\angelex.exe (file missing)
backup-20070128-003430-758
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe
backup-20070128-003429-984
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
backup-20070128-003430-701
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
backup-20070128-003430-551
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
backup-20070128-003430-541
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
backup-20070128-003430-367
O23 - Service: mstlsapi - Unknown owner - C:\WINNT\mstlsapi.exe (file missing)
backup-20070128-003430-314
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINNT\system32\aspi3048410.exe (file missing)
backup-20070128-003428-593
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
backup-20070128-003428-206
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
backup-20070128-003427-641
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\IVANTH~1\LOCALS~1\Temp\mma.chm::/alien.cab
backup-20070128-003427-739
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
backup-20070128-003427-317
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.wildtangent.com/webdrivers/webinstall/Install.cab
backup-20070128-003426-112
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
backup-20070128-003426-938
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.189.118/winsearchie32.chm::/winsearchie32.exe
backup-20070128-003426-652
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\jpsjisqy.exe
backup-20070128-003426-987
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\winnt\system32\_mzu_stonedrv3.exe
backup-20070128-003426-141
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
backup-20070128-003426-282
O4 - HKCU\..\Run: [TaskManager] C:\WINNT\TaskMgr.exe
backup-20070128-003426-340
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
backup-20070128-003426-614
O4 - HKCU\..\Run: [rlkdb] C:\WINNT\system32\vwykak.exe reg_run
backup-20070128-003426-626
O4 - HKCU\..\Run: [_zlu_zlope06] c:\winnt\system32\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe
backup-20070128-003426-105
O4 - HKCU\..\Run: [winsock32] winsock32
backup-20070128-003426-727
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinsqes.exe
backup-20070128-003426-720
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
backup-20070128-003426-549
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\mlheylhy.dll",setvm
backup-20070128-003426-278
O4 - HKCU\..\Run: [stonedrv] c:\winnt\system32\stonedrv.exe
backup-20070128-003426-854
O4 - HKCU\..\Run: [_zlu_zlope04] C:\WINNT\system32\_zsk_zlu_zlope04P\SK^H`VQRIZJNVK.exe
backup-20070128-003426-892
O4 - HKLM\..\Run: [winsock32] winsock32
backup-20070128-003426-570
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\pwinsqes.exe SKY001
backup-20070128-003426-295
O4 - HKLM\..\Run: [vodcyi] C:\WINNT\system32\vwykak.exe reg_run
backup-20070128-003426-213
O4 - HKLM\..\Run: [brwdiag] C:\WINNT\system32\brwconf.exe
backup-20070128-003426-840
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30B0A85A-0AE9-1033-0801-030416200001}\888Bar.dll
backup-20070128-003426-584
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\dsvjd.dll/sp.html#37049
backup-20070128-003426-492
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20070128-003426-488
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20070128-003426-349
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
backup-20070128-003426-221
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\dsvjd.dll/sp.html#37049
backup-20070128-003426-356
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20070128-003426-398
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20070128-003426-189
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\dsvjd.dll/sp.html#37049
backup-20070128-003426-687
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.yieldmanager.com/rw?title=&q...amp;uid=8765607 (obfuscated)
backup-20070128-003426-409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
backup-20070128-003426-103
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job

Completion time: 07-01-28  3:41:54

[resevil83]

SDFix: Version 1.62

Sun 01/28/2007 -  3:13:23.15

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
General Network Service
MsaSvc
MZU_RK
TCP and UDP Support
TCP and UDP Supp0rt

Path:
c:\windows\winsocks32.exe
C:\WINNT\system32\msasvc.exe
\??\C:\WINNT\system32\MZU_DRV.sys
C:\WINNT\system32\tcpip.exe /winnt
C:\WINNT\system32\tccpip.exe /winnt

General Network Service Deleted
MsaSvc Deleted
MZU_RK Deleted
TCP and UDP Support Deleted
TCP and UDP Supp0rt Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File

Killing PID 136 \'smss.exe\'
Killing PID 208 \'winlogon.exe\'
Killing PID 208 \'winlogon.exe\'
Killing PID 208 \'winlogon.exe\'
Reset AppInit_DLLs value


Rebooting...

Normal Mode:
Checking Files:

Files will be copied to Backups folder and removed:

C:\WINNT\SYSTEM32\SVCH1V.DLL - Deleted
C:\WINNT\SYSTEM32\SVCH61L.DLL - Deleted
C:\WINNT\SYSTEM32\SYSTJ1.DLL - Deleted
C:\WINNT\SYSTEM32\TMP_YMA.DLL - Deleted
C:\WINNT\system32\se.exe.exe - Deleted
C:\WINNT\system32\ss.exe.exe - Deleted
C:\WINNT\system32\w.exe.exe - Deleted
C:\WINNT\system32\google.png.exe - Deleted
C:\dbg.txt - Deleted
C:\sstray.exe - Deleted
C:\svhost.exe - Deleted
C:\syst.exe - Deleted
C:\tskmgr.exe - Deleted
C:\WINNT\csrss.exe - Deleted
C:\WINNT\dsrss.exe - Deleted
C:\WINNT\emdat.tm - Deleted
C:\WINNT\emdat.tmp - Deleted
C:\WINNT\ie-hook.txt - Deleted
C:\WINNT\ieredir.exe - Deleted
C:\WINNT\preredir.exe - Deleted
C:\WINNT\s32.txt - Deleted
C:\WINNT\smss.exe - Deleted
C:\WINNT\system32\1.txt - Deleted
C:\WINNT\system32\2.txt - Deleted
C:\WINNT\system32\adirss.exe - Deleted
C:\WINNT\system32\dlh9jkd1q8.exe - Deleted
C:\WINNT\system32\durvil1.exe - Deleted
C:\WINNT\system32\dwdsregt.exe - Deleted
C:\WINNT\system32\form.txt - Deleted
C:\WINNT\system32\ib14.dll - Deleted
C:\WINNT\system32\info.txt - Deleted
C:\WINNT\system32\ipv6monr.dll - Deleted
C:\WINNT\system32\ipv6mons.dll - Deleted
C:\WINNT\system32\kernels1118.exe - Deleted
C:\WINNT\system32\kernels88.exe - Deleted
C:\WINNT\system32\ldinfo.ldr - Deleted
C:\WINNT\system32\mini3tone.ini - Deleted
C:\WINNT\system32\msasvc.exe - Deleted
C:\WINNT\system32\msnav32.ax - Deleted
C:\WINNT\system32\MZU_DRV.sys - Deleted
C:\WINNT\system32\rpcc.dll - Deleted
C:\WINNT\system32\tcpip.exe - Deleted
C:\WINNT\system32\vxga4me1.exe - Deleted
C:\WINNT\system32\vxga5me3.exe - Deleted
C:\WINNT\tcb.pmw - Deleted
C:\WINNT\temp.exe - Deleted
C:\WINNT\Uninst2.htm - Deleted
C:\WINNT\Unist1.htm - Deleted
C:\WINNT\winSock32.exe - Deleted
C:\WINNT\ws386.ini - Deleted



Alternate Streams Check:

C:\WINNT\system32
  :lzx32.sys                              69038
Total size: 69038 bytes.

 Removing ADS...

system32: deleted 69038 bytes in 1 streams.

Checking for remaining Streams

C:\WINNT\system32
No streams found.

                                 Final Check:

Remaining Services:
------------------

[color=\"RED\"]Rootkit PE386 Found![/color]

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\NTDETECT.COM
C:\Documents and Settings\Alys\Local Settings\Temp\ayityfod.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\icqgveqh.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\jovrshtr.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\nblkyfwd.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\nnrttpxm.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\pxgcoqvq.dll
C:\Documents and Settings\o0iie bobs\Local Settings\Temp\qshpyjnq.dll
C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp\lxgbeiad.dll
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883\A0649161.dll
C:\WINNT\apcbw.dll
C:\WINNT\dsvjd.dll
C:\WINNT\rffpo.dll
C:\WINNT\xzmbh.dll
C:\WINNT\Help\starter\mxlyss.dll
C:\WINNT\system32\brwmgr32.dll
C:\WINNT\system32\brwprf32.dll
C:\WINNT\system32\brwstat.dll
C:\WINNT\system32\confbrw.dll
C:\WINNT\system32\hxjqx.dll
C:\WINNT\system32\nkjzp.dll
C:\WINNT\system32\rqrroll.dll
C:\WINNT\system32\tncst.dll
C:\WINNT\system32\urqqpmn.dll
C:\WINNT\system32\vturrrp.dll
C:\WINNT\system32\zlobm.dll
C:\WINNT\system32\zlvcq.dll
C:\Documents and Settings\Alys\Local Settings\Temp\stdrun11.exe
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun11.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun18.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun22.exe
C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp\axcruetn.exe
C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp\qgfxkuck.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\Program Files\à?pPatch\w?auboot.exe
C:\Program Files\??stem32\wuaclt.exe
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP864\A0631953.exe
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP865\A0634981.exe
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883\A0650161.exe
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889\A0650309.exe
C:\WINNT\ntoo.exe
C:\WINNT\wincb.exe
C:\WINNT\system32\addbb.exe
C:\WINNT\system32\atlqh32.exe
C:\WINNT\system32\brwconf.exe
C:\WINNT\system32\brwperf.exe
C:\WINNT\system32\cdplayer.exe.manifest
C:\WINNT\system32\logonui.exe.manifest
C:\WINNT\system32\svch1n.exe
C:\WINNT\system32\svch32q.exe
C:\WINNT\system32\tmp_53.exe
C:\WINNT\system32\tmp_7.exe
C:\WINNT\Temp\stdrun11.exe
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINNT\Help\starter\ssylxm.tmp
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\6752e343d22c025be1f290a6267a146d\BIT66.tmp
C:\WINNT\Temp\77a1rvwi.TMP
C:\WINNT\Temp\jrf82p98.TMP
C:\WINNT\Temp\win18DB.tmp
C:\WINNT\Temp\win2445.tmp
C:\WINNT\Temp\win3C2B.tmp
C:\WINNT\Temp\win437F.tmp
C:\WINNT\Temp\win7955.tmp
C:\WINNT\Temp\win9192.tmp
C:\WINNT\Temp\winB959.tmp
C:\WINNT\Temp\winC420.tmp
C:\WINNT\Temp\winC71C.tmp
C:\WINNT\Temp\winDE97.tmp
C:\WINNT\Temp\winFF6C.tmp

                                 Finished


SmitFraudFix v2.135

Scan done at  1:53:56.00, Sun 01/28/2007
Run from C:\Documents and Settings\Vince.BACKROOM\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler\'s .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

[resevil83]

Logfile of HijackThis v1.99.1
Scan saved at 3:50:32 AM, on 1/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\tccpip.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\WINNT\system32\cmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brwdiag] C:\WINNT\system32\brwconf.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\slcyabmh.dll",setvm
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Pop up Blocker Pro - {599125BC-6100-4DC3-BCB9-9452A2192CF5} - C:\Program Files\Pop up Blocker Pro\pdie.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O20 - AppInit_DLLs:  confbrw.dll brwstat.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)

[guestolo]

Sorry for the delay
Can you do the following please

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O4 - HKLM\..\Run: [brwdiag] C:\WINNT\system32\brwconf.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\slcyabmh.dll",setvm

O20 - AppInit_DLLs: confbrw.dll brwstat.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Afterwards
Download Rustbfix from one of these locations:
http://www.uploads.ejvindh.net/rustbfix.exe
http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe
...and save it to your desktop.

Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.

In addition to the above logs, can you run Combofix again and post a new log please

[resevil83]

************************* Rustock.b-fix -- By ejvindh *************************
Tue 01/30/2007  0:10:32.39

******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
No streams found.

Looking for Rustock.b-files in the System32-folder:
system32\lzx32.sys FOUND!
attempting to delete lzx32.sys from system32-folder


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile ********************************



//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Error:  could not create zip file.
Error code: 80


Error:  could not create reboot file.
Error code: 80


Error:  could not create reboot batch.
Error code: 80


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mbhfjbti

*******************

Script file located at: \??\C:\Documents and Settings\rcfg^cha.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished!  Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\acgqcjyx

*******************

Script file located at: \??\C:\Documents and Settings\vbmvxddd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key \Registry\Machine\System\CurrentControlSet\Services\PE386 not found!
Unload of driver PE386 failed!

Could not process line:
PE386
Status: 0xc0000034

Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished!  Terminate.






//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Error:  could not create zip file.
Error code: 80


Error:  could not create reboot file.
Error code: 80


Error:  could not create reboot batch.
Error code: 80


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mbhfjbti

*******************

Script file located at: \??\C:\Documents and Settings\rcfg^cha.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished!  Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\acgqcjyx

*******************

Script file located at: \??\C:\Documents and Settings\vbmvxddd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key \Registry\Machine\System\CurrentControlSet\Services\PE386 not found!
Unload of driver PE386 failed!

Could not process line:
PE386
Status: 0xc0000034

Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished!  Terminate.

[resevil83]

"Vince" - 07-01-30  0:23:18    Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Vince.BACKROOM\Desktop"

(((((((((((((((((((((((((((((((((((((((((((((   Look2Me's Log   ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{0f07c7e9-2dcc-412b-85da-d83e0b23248e}]

[HKEY_CLASSES_ROOT\clsid\{0f07c7e9-2dcc-412b-85da-d83e0b23248e}\InprocServer32]Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{b3d063f3-da51-4e84-9c0a-dbd29d6f3d2a}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{b3d063f3-da51-4e84-9c0a-dbd29d6f3d2a}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{b3d063f3-da51-4e84-9c0a-dbd29d6f3d2a}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{b3d063f3-da51-4e84-9c0a-dbd29d6f3d2a}\InprocServer32]
@="C:\\WINNT\\system32\\vdscript.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{4fc84ece-c733-4bc3-b09b-d19f68ac93ca}]

[HKEY_CLASSES_ROOT\clsid\{4fc84ece-c733-4bc3-b09b-d19f68ac93ca}\InprocServer32]Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{25495b92-f17d-4efa-b756-446393248d0c}]

[HKEY_CLASSES_ROOT\clsid\{25495b92-f17d-4efa-b756-446393248d0c}\InprocServer32]Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{938be103-acb4-4a8e-bec7-f70faaf9b367}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{938be103-acb4-4a8e-bec7-f70faaf9b367}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{938be103-acb4-4a8e-bec7-f70faaf9b367}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{938be103-acb4-4a8e-bec7-f70faaf9b367}\InprocServer32]
@="C:\\WINNT\\system32\\epent97.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{3f59d475-f3d3-4667-a1d4-f54828a38d15}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{3f59d475-f3d3-4667-a1d4-f54828a38d15}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{3f59d475-f3d3-4667-a1d4-f54828a38d15}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{3f59d475-f3d3-4667-a1d4-f54828a38d15}\InprocServer32]
@="C:\\WINNT\\system32\\icdkcs32.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


 Granting SeDebugPrivilege to Administrators   ... successful


((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\w002ece6.dll
C:\WINNT\system32\w002ed54.dll
C:\WINNT\system32\w0032953.dll
C:\WINNT\system32\w0032d3b.dll
C:\WINNT\system32\w0037a71.dll
C:\WINNT\system32\w0037e49.dll
C:\WINNT\system32\w003ae13.dll
C:\WINNT\system32\w003aea0.dll
C:\WINNT\system32\w003bfc7.dll
C:\WINNT\system32\w003c361.dll
C:\WINNT\system32\w0043332.dll
C:\WINNT\system32\w0043852.dll
C:\WINNT\system32\w004ba63.dll
C:\WINNT\system32\w004c020.dll
C:\WINNT\system32\w005696f.dll
C:\WINNT\system32\w00569cd.dll
C:\Program Files\VSAdd-in
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\PPATCH~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\PPATCH~1\w?auboot.exe
C:\qoobox\purity\Program Files\STEM32~1\STEM32~1
C:\qoobox\purity\Program Files\STEM32~1\wuaclt.exe
C:\qoobox\purity\WINNT\ECURIT~1
C:\qoobox\purity\WINNT\YMANTE~1
C:\qoobox\purity\WINNT\system32\MBOLS~1


(((((((((((((((((((((((((((((((   Files Created from 2006-12-30 to 2007-01-30  ))))))))))))))))))))))))))))))))))
 
 
2007-01-30 00:20   88,340   --a------   C:\WINNT\system32\tdsoeyvo.exe
2007-01-30 00:20   76,412   --a------   C:\WINNT\system32\cgovxpdh.dll
2007-01-30 00:20   44,165   --a------   C:\WINNT\system32\iergmope.dll
2007-01-30 00:19   118,804   --a------   C:\WINNT\system32\bnseatjn.dll
2007-01-30 00:17   <DIR>   d--------   C:\avenger
2007-01-30 00:10   <DIR>   d--------   C:\Rustbfix
2007-01-30 00:02   57,344   --a------   C:\WINNT\system32\aaa000002c.dll
2007-01-29 23:54   93,564   --a------   C:\WINNT\PID47IER.exe
2007-01-29 23:53   93,564   --a------   C:\WINNT\PID53IER.exe
2007-01-29 11:28   110,592   --a------   C:\TTC.dll
2007-01-28 03:43   17,920   --a------   C:\WINNT\system32\tccpip.exe
2007-01-28 03:42   88,340   --a------   C:\WINNT\system32\issuwnjf.exe
2007-01-28 03:26   88,340   --a------   C:\WINNT\system32\vhnkhijq.exe
2007-01-28 03:26   118,804   --a------   C:\WINNT\system32\slcyabmh.dll
2007-01-28 01:48   2,388   --a------   C:\WINNT\system32\tmp.reg
2007-01-28 01:47   79,360   --a------   C:\WINNT\system32\swxcacls.exe
2007-01-28 01:47   53,248   --a------   C:\WINNT\system32\Process.exe
2007-01-28 01:47   51,200   --a------   C:\WINNT\system32\dumphive.exe
2007-01-28 01:47   40,960   --a------   C:\WINNT\system32\swsc.exe
2007-01-28 01:47   288,417   --a------   C:\WINNT\system32\SrchSTS.exe
2007-01-28 01:47   135,168   --a------   C:\WINNT\system32\swreg.exe
2007-01-28 00:13   88,340   --a------   C:\WINNT\system32\muqaqicc.exe
2007-01-27 23:52   88,340   --a------   C:\WINNT\system32\ojxrusoa.exe
2007-01-27 23:37   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-27 23:35   <DIR>   d--------   C:\DOCUME~1\VINCE~1.BAC\Application Data\Lavasoft
2007-01-27 22:42   88,340   --a------   C:\WINNT\system32\hjtqjijb.exe
2007-01-27 22:42   118,804   --a------   C:\WINNT\system32\mlheylhy.dll
2007-01-27 22:10   88,340   --a------   C:\WINNT\system32\bjmvqrjr.exe
2007-01-27 21:56   49,152   --ah-----   C:\WINNT\system32\brwconf.exe
2007-01-27 21:48   88,340   --a------   C:\WINNT\system32\kobsamws.exe
2007-01-27 21:48   118,804   --a------   C:\WINNT\system32\idbuhqtr.dll
2007-01-27 21:39   95,744   --a------   C:\WINNT\system32\drivera.exe
2007-01-27 21:39   150,016   --a------   C:\WINNT\system32\drivera.dll
2007-01-27 21:38   95,744   --a------   C:\WINNT\monterreya_unknown.exe
2007-01-27 14:48   88,340   --a------   C:\WINNT\system32\bdkifmhs.exe
2007-01-27 14:47   118,804   --a------   C:\WINNT\system32\pcitmcrp.dll
2007-01-27 13:35   95,744   --a------   C:\WINNT\system32\monterreya_unknown.exe
2007-01-27 13:35   88,340   --a------   C:\WINNT\system32\citgwfcc.exe
2007-01-25 01:42   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-25 01:42   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-01-25 01:22   <DIR>   d--------   C:\SDFix
2007-01-21 02:17   <DIR>   d--------   C:\HJT
2007-01-18 22:39   88,340   --a------   C:\WINNT\system32\dvhuhvmq.exe
2007-01-18 22:39   118,804   --a------   C:\WINNT\system32\dqquglku.dll
2007-01-18 21:28   88,340   --a------   C:\WINNT\system32\pejcrrpg.exe
2007-01-18 21:28   118,804   --a------   C:\WINNT\system32\rlaswfmy.dll
2007-01-18 21:22   95,744   --a------   C:\WINNT\system32\durvilz.exe
2007-01-18 21:22   95,744   --a------   C:\WINNT\system32\druidz_unknown.exe
2007-01-18 21:22   150,016   --a------   C:\WINNT\system32\durvilz.dll
2007-01-15 16:50   <DIR>   d--------   C:\Program Files\Exolon
2007-01-15 16:49   100,843   --a------   C:\WINNT\tpup.exe
2007-01-07 20:27   931   --a------   C:\WINNT\system32\winpfz32.sys
2007-01-07 20:24   88,340   --a------   C:\WINNT\system32\eawvpssc.exe
2007-01-06 23:42   88,340   --a------   C:\WINNT\system32\iffdupbs.exe
2007-01-06 23:41   88,340   --a------   C:\WINNT\system32\kblayvxm.exe
2007-01-06 21:23   88,340   --a------   C:\WINNT\system32\gtrsykbu.exe
2007-01-05 05:31   184,432   --a------   C:\WINNT\system32\pwinsqeb.exe
2007-01-04 19:31   184,395   --a------   C:\WINNT\system32\pwinsqed.exe
2007-01-04 19:25   88,340   --a------   C:\WINNT\system32\ppgmkvoa.exe
2007-01-04 19:13   88,340   --a------   C:\WINNT\system32\hvyicstj.exe
2007-01-04 19:09   93,696   --a------   C:\WINNT\system32\wdokbye.dll
2007-01-03 16:07   13,098   --a------   C:\WINNT\system32\731402ld.exe
2007-01-03 08:42   <DIR>   d--------   C:\DeluxeCommunications
2007-01-03 08:39   93,696   --a------   C:\WINNT\system32\hrcopul.dll
2007-01-03 08:39   9,767   --a------   C:\bghtcbd.exe
2007-01-03 08:39   3,648   --a------   C:\klnl.exe
2007-01-03 08:39   23,552   --a------   C:\bhbn.exe
2007-01-03 00:37   88,340   --a------   C:\WINNT\system32\rishhgwu.exe
2007-01-02 23:50   88,340   --a------   C:\WINNT\system32\harqceks.exe
2006-12-31 11:37   81,684   --a------   C:\WINNT\system32\bulpyxam.dll
2006-12-31 11:36   88,340   --a------   C:\WINNT\system32\ehvsduuw.exe
2006-12-31 11:34   88,340   --a------   C:\WINNT\system32\jqjhitpr.exe
2006-12-31 11:21   35,840   --a------   C:\WINNT\TaskMgr.exe
2006-12-31 03:18   88,340   --a------   C:\WINNT\system32\yvglruse.exe


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-30 00:31   --------   d--------   C:\Program Files\msn gaming zone
2007-01-30 00:17   --------   dr-------   C:\Program Files\net nanny
2007-01-29 23:54   6737   --a------   C:\WINNT\system32\ldcore.dll
2007-01-28 03:44   --------   d--h-----   C:\Program Files\bho plugin
2007-01-28 02:54   --------   d--------   C:\Program Files\vstoolbar
2007-01-27 23:35   --------   d--------   C:\Program Files\lavasoft
2007-01-27 23:35   --------   d--------   C:\Documents and Settings\Vince.BACKROOM\Application Data\lavasoft
2007-01-18 22:39   929   --a------   C:\WINNT\system32\winpfg32.sys
2007-01-04 19:14   --------   d--------   C:\Program Files\limewire
2006-12-29 14:25   88340   --a------   C:\WINNT\system32\elmjmvsr.exe
2006-12-29 13:42   88340   --a------   C:\WINNT\system32\ipndxohb.exe
2006-12-28 19:00   --------   d--------   C:\Program Files\aim
2006-12-28 18:44   88340   --a------   C:\WINNT\system32\gncpdkqf.exe
2006-12-28 18:30   88340   --a------   C:\WINNT\system32\iowdatel.exe
2006-12-28 18:30   44060   --a------   C:\WINNT\system32\wsdgotag.dll
2006-12-27 02:40   88340   --a------   C:\WINNT\system32\cxobntju.exe
2006-12-26 12:04   88340   --a------   C:\WINNT\system32\avrchesr.exe
2006-12-26 12:01   88340   --a------   C:\WINNT\system32\gcfcxcap.exe
2006-12-26 10:35   88340   --a------   C:\WINNT\system32\jkdmblhc.exe
2006-12-25 23:29   --------   d--------   C:\Documents and Settings\Vince.BACKROOM\Application Data\limewire
2006-12-25 22:14   --------   d---s----   C:\Documents and Settings\Vince.BACKROOM\Application Data\microsoft
2006-12-25 21:27   88340   --a------   C:\WINNT\system32\auyejhtg.exe
2006-12-25 17:24   88340   --a------   C:\WINNT\system32\xwltmfom.exe
2006-12-25 17:24   60436   --a------   C:\WINNT\system32\rtacltit.dll
2006-12-25 17:17   --------   d--------   C:\Program Files\itunes
2006-12-25 17:17   --------   d--------   C:\Program Files\ipod
2006-12-25 17:14   --------   d--------   C:\Program Files\quicktime
2006-12-25 17:11   --------   d--------   C:\Program Files\apple software update
2006-12-25 15:02   88340   --a------   C:\WINNT\system32\yxxseknn.exe
2006-12-25 14:49   88340   --a------   C:\WINNT\system32\vdbyqyll.exe
2006-12-25 14:43   88340   --a------   C:\WINNT\system32\pjnealoc.exe
2006-12-25 13:34   2   --a------   C:\WINNT\system32\wnstssv.exe
2006-12-25 13:33   88340   --a------   C:\WINNT\system32\piolqvwg.exe
2006-12-21 00:31   0   --a------   C:\WINNT\ff9n1vvm.exe
2006-12-19 08:16   44052   --a------   C:\WINNT\system32\anugbmlt.dll
2006-12-19 08:15   93696   --a------   C:\WINNT\system32\ansfsrg.dll
2006-12-19 08:15   88340   --a------   C:\WINNT\system32\iiyhgqcc.exe
2006-12-19 08:13   118804   --a------   C:\WINNT\system32\quidooai.dll
2006-12-18 09:13   53248   --ah-----   C:\WINNT\system32\confbrw.dll
2006-12-18 09:13   49152   --ah-----   C:\WINNT\system32\brwprf32.dll
2006-12-18 09:13   40960   --ah-----   C:\WINNT\system32\brwperf.exe
2006-12-18 09:13   335872   --ah-----   C:\WINNT\system32\brwmgr32.dll
2006-12-18 09:13   126976   --ah-----   C:\WINNT\system32\brwstat.dll
2006-12-14 15:23   89088   --a------   C:\WINNT\system32\qfyqakn.dll
2006-12-14 15:22   17592   --a------   C:\3456346345643.exe
2006-12-14 15:18   88340   --a------   C:\WINNT\system32\dfcdcxxc.exe
2006-12-14 15:18   66048   --a------   C:\WINNT\system32\durvily.dll
2006-12-14 15:18   126996   --a------   C:\WINNT\system32\ghycmvth.dll
2006-12-14 15:18   121856   --a------   C:\WINNT\system32\durvily.exe
2006-12-14 15:18   121856   --a------   C:\WINNT\system32\druidy_unknown.exe
2006-12-12 21:24   88340   --a------   C:\WINNT\system32\mfqlgnxp.exe
2006-12-12 21:24   126996   --a------   C:\WINNT\system32\dsiyhtkx.dll
2006-12-12 21:21   60436   --a------   C:\WINNT\system32\cetiovja.dll
2006-12-12 21:19   69632   --a------   C:\WINNT\system32\kbfgldbp.dll
2006-12-11 07:44   58880   --a------   C:\WINNT\system32\vnscct.dll
2006-12-04 22:32   10613   -r-h-----   C:\WINNT\system32\tmp_7.exe
2006-12-04 22:32   10613   -r-h-----   C:\WINNT\system32\svch32q.exe
2006-12-04 14:43   88340   --a------   C:\WINNT\system32\redtociv.exe
2006-12-03 15:03   88340   --a------   C:\WINNT\system32\ujhwysvc.exe
2006-12-03 15:03   42516   --a------   C:\WINNT\system32\elrmoxli.dll
2006-12-03 15:02   9216   --a------   C:\WINNT\system32\e1.dll
2006-11-28 15:01   56320   --a------   C:\WINNT\system32\bgnfwko.dll
2006-11-25 11:51   126996   --a------   C:\WINNT\system32\lmckjhjk.dll
2006-11-25 11:51   110612   --a------   C:\WINNT\system32\ttdmysqp.exe
2006-11-25 11:49   110612   --a------   C:\WINNT\system32\woaiwyag.exe
2006-11-25 11:48   126996   --a------   C:\WINNT\system32\tmlbhinh.dll
2006-11-25 11:47   110612   --a------   C:\WINNT\system32\dhclwbme.exe
2006-11-25 00:33   126996   --a------   C:\WINNT\system32\eeqaaxun.dll
2006-11-25 00:33   110612   --a------   C:\WINNT\system32\enkedeea.exe
2006-11-25 00:32   110612   --a------   C:\WINNT\system32\xocmqlfs.exe
2006-11-24 22:11   38420   --a------   C:\WINNT\system32\pjuxptvk.dll
2006-11-24 22:11   126996   --a------   C:\WINNT\system32\twxkcqjp.dll
2006-11-24 22:11   110612   --a------   C:\WINNT\system32\mqtblbef.exe
2006-11-24 11:33   110612   --a------   C:\WINNT\system32\yrurktth.exe
2006-11-22 21:14   110612   --a------   C:\WINNT\system32\tayaxkyc.exe
2006-11-22 21:13   126996   --a------   C:\WINNT\system32\kgpfbhct.dll
2006-11-22 16:16   126996   --a------   C:\WINNT\system32\bwlesyvf.dll
2006-11-22 16:16   110612   --a------   C:\WINNT\system32\jnkxpkqt.exe
2006-11-22 16:15   110612   --a------   C:\WINNT\system32\egepfwmh.exe
2006-11-22 16:14   110612   --a------   C:\WINNT\system32\vxxtccqx.exe
2006-11-22 15:11   126996   --a------   C:\WINNT\system32\jkugjkcy.dll
2006-11-22 15:11   110612   --a------   C:\WINNT\system32\pplgksfc.exe
2006-11-18 10:59   126996   --a------   C:\WINNT\system32\cofrnicq.dll
2006-11-18 10:59   110612   --a------   C:\WINNT\system32\cyunnojo.exe
2006-11-18 07:15   110612   --a------   C:\WINNT\system32\qspcuvkm.exe
2006-11-18 07:14   131604   --a------   C:\WINNT\system32\walikbmv.dll
2006-11-18 07:14   126996   --a------   C:\WINNT\system32\xbcooiwr.dll
2006-11-17 18:49   126996   --a------   C:\WINNT\system32\dxedjwrs.dll
2006-11-17 18:48   110612   --a------   C:\WINNT\system32\ppnwtfly.exe
2006-11-17 18:25   126996   --a------   C:\WINNT\system32\fbnwtjyv.dll
2006-11-17 18:25   110612   --a------   C:\WINNT\system32\yqjdaain.exe
2006-11-17 15:52   126996   --a------   C:\WINNT\system32\eaavxxyh.dll
2006-11-17 15:19   126996   --a------   C:\WINNT\system32\eroxhqki.dll
2006-11-17 15:19   110612   --a------   C:\WINNT\system32\axqvaeyc.exe
2006-11-17 14:43   10609   -r-h-----   C:\WINNT\system32\tmp_53.exe
2006-11-17 13:39   110612   --a------   C:\WINNT\system32\ypysegdi.exe
2006-11-17 13:38   126996   --a------   C:\WINNT\system32\gruywbts.dll
2006-11-16 18:15   110612   --a------   C:\WINNT\system32\tqtnehpg.exe
2006-11-16 18:14   126996   --a------   C:\WINNT\system32\ltxgobbh.dll
2006-11-16 17:17   126996   --a------   C:\WINNT\system32\dtxogqru.dll
2006-11-16 17:16   110612   --a------   C:\WINNT\system32\cjhfwtwe.exe
2006-11-16 13:46   126996   --a------   C:\WINNT\system32\apuuovoi.dll
2006-11-16 13:46   110612   --a------   C:\WINNT\system32\oqlgvwwv.exe
2006-11-15 20:16   110612   --a------   C:\WINNT\system32\fvkcgcgp.exe
2006-11-15 20:03   110612   --a------   C:\WINNT\system32\ogfljqdk.exe
2006-11-15 19:59   110612   --a------   C:\WINNT\system32\tkjikfwr.exe
2006-11-15 19:23   110612   --a------   C:\WINNT\system32\rcjvpytp.exe
2006-11-15 19:20   110612   --a------   C:\WINNT\system32\uovqmamc.exe
2006-11-15 19:10   110612   --a------   C:\WINNT\system32\nklbabai.exe
2006-11-15 14:05   110612   --a------   C:\WINNT\system32\rtpqvbys.exe
2006-11-14 19:06   0   --a------   C:\WINNT\druid_unknown.exe
2006-11-14 19:04   167936   --a------   C:\WINNT\ms03012890280.exe
2006-11-14 13:12   110612   --a------   C:\WINNT\system32\xqbgmkuk.exe
2006-11-14 07:28   10509   -r-h-----   C:\WINNT\system32\svch1n.exe
2006-11-13 14:52   110612   --a------   C:\WINNT\system32\vjcmgipj.exe
2006-11-13 14:37   110612   --a------   C:\WINNT\system32\ogggbrle.exe
2006-11-12 20:41   110612   --a------   C:\WINNT\system32\xdqilykk.exe
2006-11-12 20:40   110612   --a------   C:\WINNT\system32\mubawksu.exe
2006-11-12 19:12   110612   --a------   C:\WINNT\system32\vqibvfpd.exe
2006-11-12 02:08   110612   --a------   C:\WINNT\system32\ijllexfp.exe
2006-11-09 17:02   118804   --a------   C:\WINNT\system32\rdfhmxlc.dll
2006-11-09 17:02   110612   --a------   C:\WINNT\system32\kikjknqf.exe
2006-11-09 16:57   2654   --a------   C:\mc44a53.exe
2006-11-09 16:57   110612   --a------   C:\WINNT\system32\dpmxumxc.exe
2006-11-08 21:52   94720   --a------   C:\WINNT\system32\mtnuvee.dll
2006-11-08 21:52   72192   --a------   C:\WINNT\system32\rfwmxjb.dll
2006-11-08 21:38   41520   --a------   C:\WINNT\system32\dxvwchqk.exe
2006-11-08 21:36   161280   --a------   C:\WINNT\system32\orknai.dll
2006-11-08 21:35   45056   --a------   C:\WINNT\hkykagn.exe
2006-11-08 21:34   217346   --a------   C:\WINNT\srvipxwlzp.exe
2006-11-08 21:33   45056   --a------   C:\WINNT\system32\nrnqetwbz.exe
2006-11-08 21:33   28672   --a------   C:\WINNT\system32hlvi6wkjc.exe
2006-11-08 21:33   28672   --a------   C:\WINNT\system32\pfbo0yj.exe
2006-11-08 21:33   28672   --a------   C:\WINNT\system32\hlvi6wkjc.exe
2006-11-08 21:33   24576   --a------   C:\WINNT\system32ysjaevwx.exe
2006-11-08 21:33   24576   --a------   C:\WINNT\system32\ysjaevwx.exe
2006-11-08 21:33   217346   --a------   C:\WINNT\srvtwmxnqu.exe
2006-11-08 21:33   200704   --a------   C:\WINNT\system32\p2jlseh8.dll
2006-11-08 21:33   0   --a------   C:\WINNT\system32nrnqetwbz.exe
2006-11-08 21:27   1465   --a------   C:\dacmi.exe
2006-11-08 21:26   656   --a------   C:\WINNT\system32\sfc_os.dll
2006-11-08 21:26   62464   --a------   C:\oysb.exe
2006-11-08 21:26   55296   --a------   C:\WINNT\system32\msvcrl.dll
2006-11-08 21:22   7114   --a------   C:\WINNT\winjok.exe
2006-11-08 21:22   7114   --a------   C:\WINNT\flash.exe
2006-11-08 20:50   69632   --a------   C:\WINNT\system32\ffgdhfbn.dll
2006-11-08 20:50   41520   --a------   C:\WINNT\system32\dxvwvyfs.exe
2006-11-08 08:27   135168   --a------   C:\WINNT\system32\e0pnii5i6.exe
2006-11-08 02:52   24576   --a------   C:\WINNT\system32\tbiu5xkb.exe
2006-11-06 15:14   155648   --a------   C:\WINNT\system32\dxvwnmra.exe
2006-11-06 14:35   118804   --a------   C:\WINNT\system32\mgngepif.dll
2006-11-06 14:35   110612   --a------   C:\WINNT\system32\uudhykiu.exe
2006-11-06 14:33   201728   --a------   C:\WINNT\system32\dxvwbbql.exe
2006-11-04 15:42   360448   --a------   C:\WINNT\smartdownload.exe
2006-11-04 14:45   118804   --a------   C:\WINNT\system32\qeksqbpo.dll
2006-11-04 14:45   110612   --a------   C:\WINNT\system32\rnwkcdyk.exe
2006-11-03 14:36   60436   --a------   C:\WINNT\system32\huygbjqb.dll
2006-11-03 14:36   118804   --a------   C:\WINNT\system32\oicfmnal.dll
2006-11-03 14:36   110612   --a------   C:\WINNT\system32\yguislss.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"NNTray"="C:\\Program Files\\Net Nanny\\nnstart.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"aaa00000"="RUNDLL32.EXE aaa000002c.dll,n 0000000000000030"
"cixo"="C:\\WINNT\\$NtUninstallKB898461$\\cixo.exe"
"DllRunning"="rundll32.exe \"C:\\WINNT\\system32\\bnseatjn.dll\",setvm"
"brwdiag"="C:\\WINNT\\system32\\brwconf.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"forwas"=hex:15,26,db,fb,69
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="c:\winnt\system32\ldcore.dll confbrw.dll brwstat.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""
"{04CDB16C-AB38-43CD-A86A-6FEB90290939}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"_zlu_zlope06"="c:\\winnt\\system32\\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe"
"Windows update loader"="C:\\Windows\\xpupdate.exe"
"_mzu_stonedrv3"="C:\\WINNT\\system32\\_mzu_stonedrv3.exe"
"Key"="C:\\WINNT\\TEMP\\14D.tmp"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"_zlu_zlope06"="c:\\winnt\\system32\\_zsk_zlu_zlope06f^momlj`d[q_u_zh.exe"
"Windows update loader"="C:\\Windows\\xpupdate.exe"
"_mzu_stonedrv3"="C:\\WINNT\\system32\\_mzu_stonedrv3.exe"
"Key"="C:\\WINNT\\TEMP\\14D.tmp"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
   Source   REG_SZ            C:\Program Files\MSN Gaming Zone\virto.html

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mxlyss
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrroll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\trafkbdy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService
HTTPFilter   REG_MULTI_SZ      HTTPFilter
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService



Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job

Completion time: 07-01-30  0:36:56
C:\ComboFix2.txt ... 07-01-28 03:41

[guestolo]

Still some work to do, but we rid you of a nasty rootkit

Can you do the following
Download [color=\"#FF0000\"]The Avenger.zip[/color] by Swandog46 to your Desktop.

    * Click on Avenger.zip to open the file
    * Extract avenger.exe to your desktop
LOG OFF any other users on the computer except for yourself

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
Make sure you include "Files to delete:"
=============================================================
[color=\"#0000FF\"]
Files to delete:
C:\WINNT\system32\tdsoeyvo.exe
C:\WINNT\system32\cgovxpdh.dll
C:\WINNT\system32\iergmope.dll
C:\WINNT\system32\bnseatjn.dll
C:\WINNT\system32\aaa000002c.dll
C:\WINNT\PID47IER.exe
C:\WINNT\PID53IER.exe
C:\TTC.dll
C:\WINNT\system32\tccpip.exe
C:\WINNT\system32\issuwnjf.exe
C:\WINNT\system32\vhnkhijq.exe
C:\WINNT\system32\slcyabmh.dll
C:\WINNT\system32\muqaqicc.exe
C:\WINNT\system32\ojxrusoa.exe
C:\WINNT\system32\hjtqjijb.exe
C:\WINNT\system32\mlheylhy.dll
C:\WINNT\system32\bjmvqrjr.exe
C:\WINNT\system32\brwconf.exe
C:\WINNT\system32\kobsamws.exe
C:\WINNT\system32\idbuhqtr.dll
C:\WINNT\system32\drivera.exe
C:\WINNT\system32\drivera.dll
C:\WINNT\monterreya_unknown.exe
C:\WINNT\system32\bdkifmhs.exe
C:\WINNT\system32\pcitmcrp.dll
C:\WINNT\system32\monterreya_unknown.exe
C:\WINNT\system32\citgwfcc.exe
C:\WINNT\system32\dvhuhvmq.exe
C:\WINNT\system32\dqquglku.dll
C:\WINNT\system32\pejcrrpg.exe
C:\WINNT\system32\rlaswfmy.dll
C:\WINNT\system32\durvilz.exe
C:\WINNT\system32\druidz_unknown.exe
C:\WINNT\system32\durvilz.dll
C:\WINNT\tpup.exe
C:\WINNT\system32\winpfz32.sys
C:\WINNT\system32\eawvpssc.exe
C:\WINNT\system32\iffdupbs.exe
C:\WINNT\system32\kblayvxm.exe
C:\WINNT\system32\gtrsykbu.exe
C:\WINNT\system32\pwinsqeb.exe
C:\WINNT\system32\pwinsqed.exe
C:\WINNT\system32\ppgmkvoa.exe
C:\WINNT\system32\hvyicstj.exe
C:\WINNT\system32\wdokbye.dll
C:\WINNT\system32\731402ld.exe
C:\WINNT\system32\hrcopul.dll
C:\bghtcbd.exe
C:\klnl.exe
C:\bhbn.exe
C:\WINNT\system32\rishhgwu.exe
C:\WINNT\system32\harqceks.exe
C:\WINNT\system32\bulpyxam.dll
C:\WINNT\system32\ehvsduuw.exe
C:\WINNT\system32\jqjhitpr.exe
C:\WINNT\TaskMgr.exe
C:\WINNT\system32\yvglruse.exe
C:\WINNT\system32\winpfg32.sys
C:\WINNT\system32\elmjmvsr.exe
C:\WINNT\system32\ipndxohb.exe
C:\WINNT\system32\gncpdkqf.exe
C:\WINNT\system32\iowdatel.exe
C:\WINNT\system32\wsdgotag.dll
C:\WINNT\system32\cxobntju.exe
C:\WINNT\system32\avrchesr.exe
C:\WINNT\system32\gcfcxcap.exe
C:\WINNT\system32\jkdmblhc.exe
C:\WINNT\system32\auyejhtg.exe
C:\WINNT\system32\xwltmfom.exe
C:\WINNT\system32\rtacltit.dll
C:\WINNT\system32\yxxseknn.exe
C:\WINNT\system32\vdbyqyll.exe
C:\WINNT\system32\pjnealoc.exe
C:\WINNT\system32\wnstssv.exe
C:\WINNT\system32\piolqvwg.exe
C:\WINNT\ff9n1vvm.exe
C:\WINNT\system32\anugbmlt.dll
C:\WINNT\system32\ansfsrg.dll
C:\WINNT\system32\iiyhgqcc.exe
C:\WINNT\system32\quidooai.dll
C:\WINNT\system32\confbrw.dll
C:\WINNT\system32\brwprf32.dll
C:\WINNT\system32\brwperf.exe
C:\WINNT\system32\brwmgr32.dll
C:\WINNT\system32\brwstat.dll
C:\WINNT\system32\qfyqakn.dll
C:\3456346345643.exe
C:\WINNT\system32\dfcdcxxc.exe
C:\WINNT\system32\durvily.dll
C:\WINNT\system32\ghycmvth.dll
C:\WINNT\system32\durvily.exe
C:\WINNT\system32\druidy_unknown.exe
C:\WINNT\system32\mfqlgnxp.exe
C:\WINNT\system32\dsiyhtkx.dll
C:\WINNT\system32\cetiovja.dll
C:\WINNT\system32\kbfgldbp.dll
C:\WINNT\system32\vnscct.dll
C:\WINNT\system32\tmp_7.exe
C:\WINNT\system32\svch32q.exe
C:\WINNT\system32\redtociv.exe
C:\WINNT\system32\ujhwysvc.exe
C:\WINNT\system32\elrmoxli.dll
C:\WINNT\system32\e1.dll
C:\WINNT\system32\bgnfwko.dll
C:\WINNT\system32\lmckjhjk.dll
C:\WINNT\system32\ttdmysqp.exe
C:\WINNT\system32\woaiwyag.exe
C:\WINNT\system32\tmlbhinh.dll
C:\WINNT\system32\dhclwbme.exe
C:\WINNT\system32\eeqaaxun.dll
C:\WINNT\system32\enkedeea.exe
C:\WINNT\system32\xocmqlfs.exe
C:\WINNT\system32\pjuxptvk.dll
C:\WINNT\system32\twxkcqjp.dll
C:\WINNT\system32\mqtblbef.exe
C:\WINNT\system32\yrurktth.exe
C:\WINNT\system32\tayaxkyc.exe
C:\WINNT\system32\kgpfbhct.dll
C:\WINNT\system32\bwlesyvf.dll
C:\WINNT\system32\jnkxpkqt.exe
C:\WINNT\system32\egepfwmh.exe
C:\WINNT\system32\vxxtccqx.exe
C:\WINNT\system32\jkugjkcy.dll
C:\WINNT\system32\pplgksfc.exe
C:\WINNT\system32\cofrnicq.dll
C:\WINNT\system32\cyunnojo.exe
C:\WINNT\system32\qspcuvkm.exe
C:\WINNT\system32\walikbmv.dll
C:\WINNT\system32\xbcooiwr.dll
C:\WINNT\system32\dxedjwrs.dll
C:\WINNT\system32\ppnwtfly.exe
C:\WINNT\system32\fbnwtjyv.dll
C:\WINNT\system32\yqjdaain.exe
C:\WINNT\system32\eaavxxyh.dll
C:\WINNT\system32\eroxhqki.dll
C:\WINNT\system32\axqvaeyc.exe
C:\WINNT\system32\tmp_53.exe
C:\WINNT\system32\ypysegdi.exe
C:\WINNT\system32\gruywbts.dll
C:\WINNT\system32\tqtnehpg.exe
C:\WINNT\system32\ltxgobbh.dll
C:\WINNT\system32\dtxogqru.dll
C:\WINNT\system32\cjhfwtwe.exe
C:\WINNT\system32\apuuovoi.dll
C:\WINNT\system32\oqlgvwwv.exe
C:\WINNT\system32\fvkcgcgp.exe
C:\WINNT\system32\ogfljqdk.exe
C:\WINNT\system32\tkjikfwr.exe
C:\WINNT\system32\rcjvpytp.exe
C:\WINNT\system32\uovqmamc.exe
C:\WINNT\system32\nklbabai.exe
C:\WINNT\system32\rtpqvbys.exe
C:\WINNT\druid_unknown.exe
C:\WINNT\ms03012890280.exe
C:\WINNT\system32\xqbgmkuk.exe
C:\WINNT\system32\svch1n.exe
C:\WINNT\system32\vjcmgipj.exe
C:\WINNT\system32\ogggbrle.exe
C:\WINNT\system32\xdqilykk.exe
C:\WINNT\system32\mubawksu.exe
C:\WINNT\system32\vqibvfpd.exe
C:\WINNT\system32\ijllexfp.exe
C:\WINNT\system32\rdfhmxlc.dll
C:\WINNT\system32\kikjknqf.exe
C:\mc44a53.exe
C:\WINNT\system32\dpmxumxc.exe
C:\WINNT\system32\mtnuvee.dll
C:\WINNT\system32\rfwmxjb.dll
C:\WINNT\system32\dxvwchqk.exe
C:\WINNT\system32\orknai.dll
C:\WINNT\hkykagn.exe
C:\WINNT\srvipxwlzp.exe
C:\WINNT\system32\nrnqetwbz.exe
C:\WINNT\system32hlvi6wkjc.exe
C:\WINNT\system32\pfbo0yj.exe
C:\WINNT\system32\hlvi6wkjc.exe
C:\WINNT\system32ysjaevwx.exe
C:\WINNT\system32\ysjaevwx.exe
C:\WINNT\srvtwmxnqu.exe
C:\WINNT\system32\p2jlseh8.dll
C:\WINNT\system32nrnqetwbz.exe
C:\dacmi.exe
C:\oysb.exe
C:\WINNT\system32\msvcrl.dll
C:\WINNT\winjok.exe
C:\WINNT\flash.exe
C:\WINNT\system32\ffgdhfbn.dll
C:\WINNT\system32\dxvwvyfs.exe
C:\WINNT\system32\e0pnii5i6.exe
C:\WINNT\system32\tbiu5xkb.exe
C:\WINNT\system32\dxvwnmra.exe
C:\WINNT\system32\mgngepif.dll
C:\WINNT\system32\uudhykiu.exe
C:\WINNT\system32\dxvwbbql.exe
C:\WINNT\system32\qeksqbpo.dll
C:\WINNT\system32\rnwkcdyk.exe
C:\WINNT\system32\huygbjqb.dll
C:\WINNT\system32\oicfmnal.dll
C:\WINNT\system32\yguislss.exe

Folders to delete:
C:\DeluxeCommunications
C:\Program Files\bho plugin
C:\Program Files\vstoolbar

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks | {04CDB16C-AB38-43CD-A86A-6FEB90290939}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | aaa00000
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | cixo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | DllRunning
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | brwdiag
HKEY_USERS\.default\software\microsoft\windows\currentversion\run | _zlu_zlope06
HKEY_USERS\.default\software\microsoft\windows\currentversion\run | Windows update loader
HKEY_USERS\.default\software\microsoft\windows\currentversion\run | _mzu_stonedrv3
HKEY_USERS\.default\software\microsoft\windows\currentversion\run | Key
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run | _zlu_zlope06
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run | Windows update loader
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run | _mzu_stonedrv3
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run | Key
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer | ForceActiveDesktopOn
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer | ForceActiveDesktopOn

Registry values to replace with dummy:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | appinit_dlls[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt

    * Under "Script file to execute" choose "Input Script Manually".
    * Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    * Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    * Click Done
    * Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
    * Answer "Yes" twice when prompted.

Avenger should now Reboot your computer

Back in Windows
Can you do the following
Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")

==Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, Click Options > Change settings
  
• Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
• Back at the main window, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
  
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Along with the Dr.Web log, can you include the following

Post a fresh hijackthis log
Post the log from Avenger, located here>>C:\Avenger.txt
In addition, can you run Combofix again and post it's new log

NOTE: It may take more than one reply to post the above logs, please do so if needed!

[resevil83]

ryli.dll;c:\program files\msn gaming zone;Adware.Dh;Incurable.Will be moved after reboot.;
dobuge.exe;c:\winnt\$ntuninstallkb899587$;Adware.Adpower;Incurable.Will be moved after reboot.;
mxlyss.dll;c:\winnt\help\starter;Trojan.Virtumod;Will be cured after reboot.;
jtxeqilr.dll;c:\winnt\system32;Trojan.Virtumod;Will be cured after reboot.;
rqrroll.dll;c:\winnt\system32;Trojan.Virtumod;Will be cured after reboot.;
803_104.exe\data001;C:\803_104.exe;Trojan.Popuper;;
803_104.exe\data002;C:\803_104.exe;Trojan.Popuper;;
803_104.exe;C:\;Archive contains infected objects;Moved.;
814.exe\data002;C:\814.exe;Trojan.Dyfuca;;
814.exe;C:\;Archive contains infected objects;Moved.;
919_133.exe\data001;C:\919_133.exe;Trojan.Dyfuca;;
919_133.exe;C:\;Archive contains infected objects;Moved.;
921_135.exe\data001;C:\921_135.exe;Adware.Bagon;;
921_135.exe\data002;C:\921_135.exe;Adware.Bagon;;
921_135.exe;C:\;Archive contains infected objects;Moved.;
921_135b.exe\data001;C:\921_135b.exe;Adware.Bagon;;
921_135b.exe\data002;C:\921_135b.exe;Trojan.MulDrop.4522;;
921_135b.exe;C:\;Archive contains infected objects;Moved.;
fjsav.exe;C:\;Trojan.Click.1567;Deleted.;
InstallerC.exe;C:\;Adware.Ykemi;Incurable.Moved.;
jfaj.exe;C:\;Trojan.Proxy.1052;Deleted.;
mffn.exe;C:\;Trojan.PWS.Snap;Deleted.;
NNSCAA638.EXE;C:\;Adware.NewDotNet;Incurable.Moved.;
qehtaq.exe;C:\;Trojan.Slime.26271;Incurable.Moved.;
rcqt.exe;C:\;Trojan.Click.1567;Deleted.;
ujnvyt.exe;C:\;Trojan.PWS.Snap;Deleted.;
vveuub.exe;C:\;Trojan.Slime.26271;Incurable.Moved.;
vxikry.exe;C:\;Trojan.Proxy.1052;Deleted.;
winstall.ex0;C:\;Trojan.Fakealert;Deleted.;
AutoSearch.dll;C:\Documents and Settings\All Users\Application Data;Adware.Ykemi;Incurable.Moved.;
ayityfod.dll;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.Virtumod;Deleted.;
MirarSetup_876085.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.Mirarbar;Incurable.Moved.;
mmxsnet.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.MediaMotor;Incurable.Moved.;
NNBar_VCSetup_876056.exe\data001;C:\Documents and Settings\Alys\Local Settings\Temp\NNBar_VCSetup_876056.exe;Adware.Mirarbar;;
NNBar_VCSetup_876056.exe\data002;C:\Documents and Settings\Alys\Local Settings\Temp\NNBar_VCSetup_876056.exe;Adware.Mirarbar;;
NNBar_VCSetup_876056.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Archive contains infected objects;Moved.;
PID47IER.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.Adpower;Incurable.Moved.;
pre.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.Click.1367;Deleted.;
spoolsvv.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.Spambot;Deleted.;
stdrun1.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.DownLoader.14617;Deleted.;
stdrun10.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.Ykemi;Incurable.Moved.;
stdrun11.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.DownLoader.14500;Deleted.;
stdrun2.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.NewDotNet;Incurable.Moved.;
stdrun4.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.MulDrop.4421;Deleted.;
stdrun6.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.Give4Free;Incurable.Moved.;
stdrun7.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.MulDrop.4427;Deleted.;
stdrun9.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.MulDrop.4421;Deleted.;
stub_sca4.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.DownLoader.10588;Deleted.;
temp.frBDCD;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.BookedSpace;Incurable.Moved.;
yz01.x.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.NewDotNet;Incurable.Moved.;
~ds39990.tmp;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.Durvil;Deleted.;
webhdll.dll;C:\Documents and Settings\Alys\Local Settings\Temp\temp.fr1794\Programs;Adware.WebHancer;Incurable.Moved.;
ansfsrg.dll;C:\Documents and Settings\Guest\Local Settings\Application Data;Trojan.DownLoader.based;Deleted.;
wdokbye.dll;C:\Documents and Settings\Guest\Local Settings\Application Data;Trojan.DownLoader.based;Deleted.;
T-125030-_live_ im learning to fly 18.wma;C:\Documents and Settings\Ivan the Terrible\Incomplete;Trojan.Isbar.389;Deleted.;
(Better Version) im learning to fly 07.wma;C:\Documents and Settings\Ivan the Terrible\Shared;Trojan.Isbar.389;Deleted.;
stdrun11.exe;C:\Documents and Settings\LocalService\Local Settings\Temp;Trojan.DownLoader.14500;Deleted.;
stdrun18.exe;C:\Documents and Settings\NetworkService\Local Settings\Temp;Trojan.DownLoader.14500;Deleted.;
stdrun22.exe;C:\Documents and Settings\NetworkService\Local Settings\Temp;Trojan.DownLoader.14500;Deleted.;
icqgveqh.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
jovrshtr.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
nblkyfwd.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
nnrttpxm.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
pxgcoqvq.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
qshpyjnq.dll;C:\Documents and Settings\o0iie bobs\Local Settings\Temp;Trojan.Virtumod;Deleted.;
axcruetn.exe;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.TopSearch;Incurable.Moved.;
qgfxkuck.exe;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.TopSearch;Incurable.Moved.;
res19D.tmp;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.nCase;Incurable.Moved.;
resB2.tmp;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.nCase;Incurable.Moved.;
TEK47.exe;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.Dh;Incurable.Moved.;
temp.fr8CAF;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Adware.WebHancer;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Vince.BACKROOM\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Vince.BACKROOM\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
ansfsrg.dll;C:\Documents and Settings\Vince.BACKROOM\Local Settings\Application Data;Trojan.DownLoader.based;Deleted.;
wdokbye.dll;C:\Documents and Settings\Vince.BACKROOM\Local Settings\Application Data;Trojan.DownLoader.based;Deleted.;
BPT.exe;C:\Program Files\Bpt;Adware.Broadcap;Incurable.Moved.;
bptre_inst.exe;C:\Program Files\Bpt;Adware.Broadcap;Incurable.Moved.;
bpt_c.exe;C:\Program Files\Bpt;Adware.Broadcap;Incurable.Moved.;
bpt.cfg;C:\Program Files\Common Files\Java;Adware.Broadcap;Incurable.Moved.;
bptre.exe;C:\Program Files\Common Files\Java;Adware.Broadcap;Incurable.Moved.;
ace.dll;C:\Program Files\CxtPls;Adware.Apropos;Incurable.Moved.;
CxtPls.exe;C:\Program Files\CxtPls;Trojan.AproposAd;Deleted.;
ProxyStub.dll;C:\Program Files\CxtPls;Adware.Apropos;Incurable.Moved.;
uninstaller.exe;C:\Program Files\CxtPls;Trojan.AproposAd;Deleted.;
WinGenerics.dll;C:\Program Files\CxtPls;Adware.Apropos;Incurable.Moved.;
ryli.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Will be moved after reboot.;
ryli104.dll;C:\Program Files\MSN Gaming Zone;Trojan.StartPage.1787;Deleted.;
ryli134.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli18.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli224.dll;C:\Program Files\MSN Gaming Zone;Trojan.StartPage.1787;Deleted.;
ryli317.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli394.dll;C:\Program Files\MSN Gaming Zone;Trojan.StartPage.1787;Deleted.;
ryli398.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli473.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli520.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli547.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli577.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli66.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli679.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli682.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli684.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli69.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli762.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli780.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli787.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli845.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli850.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli897.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
ryli917.dll;C:\Program Files\MSN Gaming Zone;Adware.Dh;Incurable.Moved.;
NPMYSRCH.DLL;C:\Program Files\MySearch\bar\1.bin;Adware.MyWay;Incurable.Moved.;
MY2NS.EXE;C:\Program Files\MyWay\myBar\1.bin;Adware.MyWay;Incurable.Moved.;
NPMYWAY.DLL;C:\Program Files\MyWay\myBar\1.bin;Adware.MyWay;Incurable.Moved.;
MWSOEMON.EXE;C:\Program Files\MyWebSearch\bar\1.bin;Adware.Msearch;Incurable.Moved.;
MWSOESTB.DLL;C:\Program Files\MyWebSearch\bar\1.bin;Adware.MWS;Incurable.Moved.;
F3CJPEG.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
F3HTMLMU.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.MWS;Incurable.Moved.;
F3POPSWT.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
F3RESTUB.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
F3SCRCTR.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.MWS;Incurable.Moved.;
F3WPHOOK.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
M3OUTLCN.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
M3SKIN.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
MWSOEMON.EXE;C:\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Moved.;
MWSOESTB.DLL;C:\Program Files\MyWebSearch\bar\2.bin;Adware.MWS;Incurable.Moved.;
VSAdd-in.dll;C:\Program Files\VSAdd-in;Adware.TopSearch;Incurable.Moved.;
ZangoTBUninstaller.exe;C:\Program Files\Zango Programs\Zango Toolbar;Adware.Zango;Incurable.Moved.;
ceykqsi.dll.qoo;C:\QooBox;Trojan.Qoologic;Incurable.Moved.;
cuonl.dat.qoo;C:\QooBox;Trojan.Qoologic;Deleted.;
oellg.exe.qoo;C:\QooBox;Trojan.Qoologic;Deleted.;
vwykak.exe.qoo;C:\QooBox;Trojan.Qoologic;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0575945.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.DownLoader.14767;Deleted.;
A0575946.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Adware.Bagon;Incurable.Moved.;
A0575947.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.MulDrop.4522;Deleted.;
A0575950.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Click.1166;Deleted.;
A0575953.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Adware.Ykemi;Incurable.Moved.;
A0575957.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;BackDoor.Generic.1372;Deleted.;
A0575959.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Spambot;Deleted.;
A0575978.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Proxy.1052;Deleted.;
A0575979.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.MulDrop.4324;Deleted.;
A0576999.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Spambot;Deleted.;
A0577006.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Virtumod;Deleted.;
A0577007.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP820;Trojan.Virtumod;Deleted.;
A0577031.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP821;Adware.Give4Free;Incurable.Moved.;
A0578059.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP821;Adware.DollarRevenue;Incurable.Moved.;
A0578065.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP822;Win32.Dref;Deleted.;
A0586131.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP824;BackDoor.Generic.1372;Deleted.;
A0593231.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP828;Trojan.Spambot;Deleted.;
A0597288.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP832;Trojan.Spambot;Deleted.;
A0601389.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP839;Trojan.PWS.Tanspy;Incurable.Moved.;
A0602388.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP839;Trojan.PWS.Tanspy;Deleted.;
A0602396.exe\data001;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840\A0602396.exe;Trojan.Proxy.899;;
A0602396.exe\data002;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840\A0602396.exe;Trojan.PWS.GoldSpy;;
A0602396.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Archive contains infected objects;Moved.;
A0602439.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Trojan.PWS.Tanspy;Deleted.;
A0602445.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Trojan.Spambot;Deleted.;
A0603438.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Trojan.PWS.Tanspy;Deleted.;
A0605441.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Trojan.PurityAd;Deleted.;
A0605454.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Win32.Dref;Deleted.;
A0605455.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Win32.Dref;Deleted.;
A0605456.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Win32.Dref;Deleted.;
A0606436.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Win32.HLLM.Limar.based;Deleted.;
A0606443.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP840;Trojan.Spambot;Deleted.;
A0607440.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP841;Trojan.PWS.Tanspy;Deleted.;
A0608450.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP841;Trojan.PWS.Tanspy;Deleted.;
A0612466.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP842;Trojan.Spambot;Deleted.;
A0623601.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP854;Trojan.DownLoader.15764;Deleted.;
A0624587.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP854;Win32.HLLM.Limar;Deleted.;
A0624592.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP854;Trojan.DownLoader.based;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP854\snapshot;Trojan.DownLoader.15764;Deleted.;
A0624598.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP855;Trojan.DownLoader.based;Deleted.;
A0629604.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP857;Win32.HLLM.Limar;Deleted.;
A0630628.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP858;Win32.HLLM.Limar;Deleted.;
A0630648.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP860;Win32.HLLM.Limar;Deleted.;
A0630663.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP861;Trojan.DownLoader.15764;Deleted.;
A0630672.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP861;Win32.HLLM.Limar;Deleted.;
A0630787.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP861;Trojan.DownLoader.17676;Deleted.;
A0630814.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP861;Win32.HLLM.Limar;Deleted.;
A0630856.rbf:hsprq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP861;Trojan.Feat.2;Deleted.;
A0630919.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP862;Win32.HLLM.Limar;Deleted.;
A0631928.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP862;Win32.HLLM.Limar;Deleted.;
A0631953.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP864;Win32.HLLM.Limar;Deleted.;
A0634981.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP865;Win32.HLLM.Limar;Deleted.;
A0637044.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP869;Trojan.Spambot;Deleted.;
A0638029.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP869;Win32.HLLM.Limar;Deleted.;
A0638035.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP869;Trojan.DownLoader.14427;Deleted.;
A0638051.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP870;Trojan.DownLoader.based;Deleted.;
A0638066.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP870;Trojan.DownLoader.based;Deleted.;
A0638073.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP870;Trojan.DownLoader.based;Deleted.;
A0638078.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP870;Win32.HLLM.Limar;Deleted.;
A0638079.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP870;Trojan.Fakealert;Deleted.;
A0638081.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP871;Trojan.DownLoader.based;Deleted.;
A0638082.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP871;Trojan.DownLoader.based;Deleted.;
A0639066.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP871;Trojan.DownLoader.based;Deleted.;
A0639070.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP872;Trojan.DownLoader.based;Deleted.;
A0639071.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP872;Win32.HLLM.Limar;Deleted.;
A0639088.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP872;Win32.HLLM.Limar;Deleted.;
A0641119.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP874;Win32.HLLM.Limar;Deleted.;
A0642129.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP875;Win32.HLLM.Limar;Deleted.;
MFEX-3.DAT;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP875\snapshot;Win32.HLLM.Limar;Deleted.;
A0642136.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP876;Win32.HLLM.Limar;Deleted.;
MFEX-3.DAT;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP876\snapshot;Win32.HLLM.Limar;Deleted.;
A0643124.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP878;Win32.HLLM.Limar;Deleted.;
A0643144.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP880;Win32.HLLM.Limar;Deleted.;
A0645157.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP880;Trojan.DownLoader.15764;Deleted.;
A0645164.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP881;Win32.HLLM.Limar;Deleted.;
A0647158.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP882;Win32.HLLM.Limar;Deleted.;
A0649161.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Win32.HLLM.Limar;Deleted.;
A0649162.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Win32.HLLM.Limar;Deleted.;
A0649199.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.WebHancer;Incurable.Moved.;
A0649201.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.WebHancer;Incurable.Moved.;
A0649202.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.WebHancer;Incurable.Moved.;
A0649203.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.WebHancer;Incurable.Moved.;
A0649209.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.Spysheriff;Incurable.Moved.;
A0650161.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Win32.HLLM.Limar;Deleted.;
A0650162.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.WebHancer;Incurable.Moved.;
A0650309.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.HLLM.Limar;Deleted.;
A0651320.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0652325.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0652379.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0652395.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0652407.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0652411.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.NewDotNet;Incurable.Moved.;
A0652412.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.NewDotNet;Incurable.Moved.;
A0652415.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.NewDotNet;Incurable.Moved.;
A0652439.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0654458.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654459.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10346;Deleted.;
A0654466.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10346;Deleted.;
A0654468.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Winfixer;Incurable.Moved.;
A0654474.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Tool.ProcessKill;Incurable.Moved.;
A0654475.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1367;Deleted.;
A0654521.dll:oqdnt;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;BackDoor.Sip;Deleted.;
A0654525.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.Dref;Deleted.;
A0654526.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14652;Deleted.;
A0654528.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.Dref;Deleted.;
A0654529.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654530.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.MulDrop.4503;Deleted.;
A0654531.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.Dref;Deleted.;
A0654533.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Galapoper;Deleted.;
A0654595.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Casclient;Incurable.Moved.;
A0654596.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Casclient;Incurable.Moved.;
A0654601.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Softomate;Incurable.Moved.;
A0654604.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.TopSearch;Incurable.Moved.;
A0654606.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Surfside;Incurable.Moved.;
A0654607.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Surfside;Incurable.Moved.;
A0654608.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Surfside;Incurable.Moved.;
A0654611.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1227;Deleted.;
A0654612.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654615.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654616.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654617.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10963;Deleted.;
A0654618.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654619.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654620.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Surfside;Incurable.Moved.;
A0654621.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654622.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10436;Deleted.;
A0654623.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.12227;Deleted.;
A0654624.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654626.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654627.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14286;Deleted.;
A0654628.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654629.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654630.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654632.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654635.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654636.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654637.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654638.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654639.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchTwo;Incurable.Moved.;
A0654641.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Softomate;Incurable.Moved.;
A0654642.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14828;Deleted.;
A0654643.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.MyToolBar;Incurable.Moved.;
A0654645.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.StartPage.1787;Deleted.;
A0654646.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.StartPage.1787;Deleted.;
A0654647.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.StartPage.1787;Deleted.;
A0654650.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654651.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654652.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;BackDoor.Generic.1372;Deleted.;
A0654656.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;BackDoor.Generic.1372;Deleted.;
A0654657.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Runk;Incurable.Moved.;
A0654658.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Micro;Deleted.;
A0654660.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Runk;Incurable.Moved.;
A0654661.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchAid;Incurable.Moved.;
A0654662.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654663.exe\data001;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889\A0654663.exe;Adware.SearchAid;;
A0654663.exe\data003;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889\A0654663.exe;Adware.SearchAid;;
A0654663.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Archive contains infected objects;Moved.;
A0654664.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.HLLM.Limar;Deleted.;
A0654665.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654666.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14191;Deleted.;
A0654667.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654668.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654669.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0654670.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0654671.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0654672.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0654673.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchAid;Incurable.Moved.;
A0654674.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.HLLM.Limar;Deleted.;
A0654676.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1888;Deleted.;
A0654677.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14471;Deleted.;
A0654678.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14471;Deleted.;
A0654679.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654680.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.Dref;Deleted.;
A0654681.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654682.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10919;Deleted.;
A0654683.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10919;Deleted.;
A0654684.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10919;Deleted.;
A0654685.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10919;Deleted.;
A0654686.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Yavak;Incurable.Moved.;
A0654687.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.HLLM.Limar;Deleted.;
A0654689.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.MediaMotor;Incurable.Moved.;
A0654695.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.Dref;Deleted.;
A0654696.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Dialer.Ninoga;Deleted.;
A0654697.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Win32.HLLM.Limar;Deleted.;
A0654698.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1770;Deleted.;
A0654699.sys;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.NtRootKit.185;Deleted.;
A0654700.sys;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.NtRootKit.186;Deleted.;
A0654707.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Give4Free;Incurable.Moved.;
A0654730.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Tool.Prockill;Incurable.Moved.;
A0654748.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14310;Deleted.;
A0654749.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14310;Deleted.;
A0654750.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14310;Deleted.;
A0654751.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14310;Deleted.;
A0654752.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654753.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654754.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654755.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654756.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14655;Deleted.;
A0654757.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.LDPinch.1320;Deleted.;
A0654758.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.15764;Deleted.;
A0654761.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14236;Deleted.;
A0654762.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14236;Deleted.;
A0654763.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14236;Deleted.;
A0654764.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14236;Deleted.;
A0654766.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Spambot;Deleted.;
A0654769.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.MulDrop.4427;Deleted.;
A0654770.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.ZenoSearch;Incurable.Moved.;
A0654771.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Tanspy;Deleted.;
A0654772.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Tanspy;Deleted.;
A0654773.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Tanspy;Deleted.;
A0654774.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14191;Deleted.;
A0654775.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.15764;Deleted.;
A0654777.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Snap;Deleted.;
A0654779.sys;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.GoldSpy;Deleted.;
A0654781.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1625;Deleted.;
A0654782.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;BackDoor.Uragan;Deleted.;
A0654784.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.17471;Deleted.;
A0654818.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10918;Deleted.;
A0654819.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.10918;Deleted.;
A0654820.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654821.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1360;Deleted.;
A0654822.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654823.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654825.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654826.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654827.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654828.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654829.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654830.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654831.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654832.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654833.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654834.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654835.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654836.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654837.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654838.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654839.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654840.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654841.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654842.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654843.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654844.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654845.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654846.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654847.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654848.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654849.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654850.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654851.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654852.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654853.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654854.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654855.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14720;Deleted.;
A0654858.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.12194;Deleted.;
A0654859.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.11969;Deleted.;
A0654860.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654861.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654862.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654864.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654865.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654866.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654867.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654868.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.DollarRevenue;Incurable.Moved.;
A0654869.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.ClickSpring;Incurable.Moved.;
A0654872.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Tanspy;Incurable.Moved.;
A0654874.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Snap;Deleted.;
A0654875.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.PWS.Snap;Deleted.;
A0654885.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Mirarbar;Incurable.Moved.;
A0654905.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Linkmaker;Incurable.Moved.;
A0654906.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Yavak;Incurable.Moved.;
A0654908.exe\data001;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889\A0654908.exe;Adware.SearchAid;;
A0654908.exe\data003;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889\A0654908.exe;Adware.Linkmaker;;
A0654908.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Archive contains infected objects;Moved.;
A0654909.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Runner;Deleted.;
A0654911.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Yavak;Incurable.Moved.;
A0654912.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchAid;Incurable.Moved.;
A0654914.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Mirarbar;Incurable.Moved.;
A0654917.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.NewDotNet;Incurable.Moved.;
A0654918.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.ZenoSearch;Incurable.Moved.;
A0654920.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Mirarbar;Incurable.Moved.;
A0654921.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Bagon;Incurable.Moved.;
A0654922.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Linkmaker;Incurable.Moved.;
A0654923.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchAid;Incurable.Moved.;
A0654926.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1166;Deleted.;
A0654945.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Qoologic;Deleted.;
A0654946.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Qoologic;Incurable.Moved.;
A0654947.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Qoologic;Deleted.;
A0654998.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0655000.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Dh;Incurable.Moved.;
A0655001.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.SearchTwo;Incurable.Moved.;
A0655012.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0655016.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.DownLoader.14427;Deleted.;
A0655028.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0655031.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Click.1237;Deleted.;
A0655033.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.StartPage.1787;Deleted.;
A0655056.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Dh;Incurable.Moved.;
A0655057.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.TopSearch;Incurable.Moved.;
A0655142.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Dh;Incurable.Moved.;
A0655151.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.Adpower;Incurable.Moved.;
A0655153.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Adware.TopSearch;Incurable.Moved.;
A0655161.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655167.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655173.exe\Script.1;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655173.exe;VBS.Psyme.305;;
A0655173.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Archive contains infected objects;Moved.;
A0655176.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.based;Deleted.;
A0655177.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Juan;Deleted.;
A0655178.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655179.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655180.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655181.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655183.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655184.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.14427;Deleted.;
A0655186.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.MulDrop.4521;Deleted.;
A0655188.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchTwo;Incurable.Moved.;
A0655189.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchTwo;Incurable.Moved.;
A0655190.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchTwo;Incurable.Moved.;
A0655191.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655192.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655193.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655194.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655195.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655196.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655197.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655198.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655199.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Juan;Deleted.;
A0655200.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655201.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655202.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655203.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655204.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar;Deleted.;
A0655205.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655206.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655207.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Click.1567;Deleted.;
A0655208.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Surfside;Incurable.Moved.;
A0655209.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655210.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655211.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655212.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655215.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655218.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655219.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655220.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655221.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655224.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655225.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655227.exe\data001;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655227.exe;Trojan.Proxy.899;;
A0655227.exe\data002;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655227.exe;Trojan.PWS.GoldSpy;;
A0655227.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Archive contains infected objects;Moved.;
A0655229.exe\data001;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655229.exe;Trojan.Proxy.899;;
A0655229.exe\data002;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655229.exe;Trojan.PWS.GoldSpy;;
A0655229.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Archive contains infected objects;Moved.;
A0655231.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Win32.HLLM.Limar.based;Deleted.;
A0655232.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655233.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655234.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655235.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655236.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655237.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655238.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Juan;Deleted.;
A0655239.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655240.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655241.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655243.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.WildMedia;Incurable.Moved.;
A0655245.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655246.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655247.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655248.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655249.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655250.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655251.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655252.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655253.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan

[resevil83]

"Vince" - 07-02-01  1:35:20    Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Vince.BACKROOM\Desktop"

((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\VSAdd-in
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\PPATCH~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\PPATCH~1\w?auboot.exe
C:\qoobox\purity\Program Files\STEM32~1\STEM32~1
C:\qoobox\purity\Program Files\STEM32~1\wuaclt.exe
C:\qoobox\purity\WINNT\ECURIT~1
C:\qoobox\purity\WINNT\YMANTE~1
C:\qoobox\purity\WINNT\system32\MBOLS~1


(((((((((((((((((((((((((((((((   Files Created from 2007-01-01 to 2007-02-01  ))))))))))))))))))))))))))))))))))
 
 
2007-02-01 01:30   88,340   --a------   C:\WINNT\system32\umcioavl.exe
2007-02-01 00:09   <DIR>   d--------   C:\DOCUME~1\VINCE~1.BAC\DoctorWeb
2007-02-01 00:02   118,804   ---------   C:\WINNT\system32\jtxeqilr.dll
2007-02-01 00:01   93,564   --a------   C:\WINNT\PID47IER.exe
2007-01-31 23:58   <DIR>   d--------   C:\avenger
2007-01-30 00:10   <DIR>   d--------   C:\Rustbfix
2007-01-28 01:48   2,388   --a------   C:\WINNT\system32\tmp.reg
2007-01-28 01:47   79,360   --a------   C:\WINNT\system32\swxcacls.exe
2007-01-28 01:47   51,200   --a------   C:\WINNT\system32\dumphive.exe
2007-01-28 01:47   40,960   --a------   C:\WINNT\system32\swsc.exe
2007-01-28 01:47   288,417   --a------   C:\WINNT\system32\SrchSTS.exe
2007-01-28 01:47   135,168   --a------   C:\WINNT\system32\swreg.exe
2007-01-27 23:37   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-27 23:35   <DIR>   d--------   C:\DOCUME~1\VINCE~1.BAC\Application Data\Lavasoft
2007-01-25 01:42   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-25 01:42   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-01-25 01:22   <DIR>   d--------   C:\SDFix
2007-01-21 02:17   <DIR>   d--------   C:\HJT
2007-01-15 16:50   <DIR>   d--------   C:\Program Files\Exolon


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-01 01:33   --------   d---s----   C:\DOCUME~1\VINCE~1.BAC\Application Data\microsoft
2007-02-01 01:28   --------   dr-------   C:\Program Files\net nanny
2007-02-01 01:27   --------   d--------   C:\Program Files\msn gaming zone
2007-02-01 01:24   --------   d--h-----   C:\Program Files\cxtpls
2007-02-01 01:24   --------   d--------   C:\Program Files\Common Files\java
2007-02-01 01:24   --------   d--------   C:\Program Files\bpt
2007-01-27 23:35   --------   d--------   C:\Program Files\lavasoft
2007-01-04 19:14   --------   d--------   C:\Program Files\limewire
2006-12-28 19:00   --------   d--------   C:\Program Files\aim
2006-12-25 23:29   --------   d--------   C:\DOCUME~1\VINCE~1.BAC\Application Data\limewire
2006-12-25 17:17   --------   d--------   C:\Program Files\itunes
2006-12-25 17:17   --------   d--------   C:\Program Files\ipod
2006-12-25 17:14   --------   d--------   C:\Program Files\quicktime
2006-12-25 17:11   --------   d--------   C:\Program Files\apple software update
2006-11-08 21:26   656   --a------   C:\WINNT\system32\sfc_os.dll
2006-11-04 15:42   360448   --a------   C:\WINNT\smartdownload.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"NNTray"="C:\\Program Files\\Net Nanny\\nnstart.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DllRunning"="rundll32.exe \"C:\\WINNT\\system32\\jtxeqilr.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"forwas"=hex:15,26,db,fb,69

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mxlyss
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrroll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\trafkbdy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService
HTTPFilter   REG_MULTI_SZ      HTTPFilter
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService



Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job

Completion time: 07-02-01  1:43:01
C:\ComboFix2.txt ... 07-01-30 00:36
C:\ComboFix3.txt ... 07-01-28 03:41

[resevil83]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yfewatna

*******************

Script file located at: \??\C:\Documents and Settings\pmvkdidb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINNT\system32\tdsoeyvo.exe deleted successfully.
File C:\WINNT\system32\cgovxpdh.dll deleted successfully.
File C:\WINNT\system32\iergmope.dll deleted successfully.
File C:\WINNT\system32\bnseatjn.dll deleted successfully.
File C:\WINNT\system32\aaa000002c.dll deleted successfully.
File C:\WINNT\PID47IER.exe deleted successfully.
File C:\WINNT\PID53IER.exe deleted successfully.
File C:\TTC.dll deleted successfully.
File C:\WINNT\system32\tccpip.exe deleted successfully.
File C:\WINNT\system32\issuwnjf.exe deleted successfully.
File C:\WINNT\system32\vhnkhijq.exe deleted successfully.
File C:\WINNT\system32\slcyabmh.dll deleted successfully.
File C:\WINNT\system32\muqaqicc.exe deleted successfully.
File C:\WINNT\system32\ojxrusoa.exe deleted successfully.
File C:\WINNT\system32\hjtqjijb.exe deleted successfully.
File C:\WINNT\system32\mlheylhy.dll deleted successfully.
File C:\WINNT\system32\bjmvqrjr.exe deleted successfully.


File C:\WINNT\system32\brwconf.exe not found!
Deletion of file C:\WINNT\system32\brwconf.exe failed!

Could not process line:
C:\WINNT\system32\brwconf.exe
Status: 0xc0000034

File C:\WINNT\system32\kobsamws.exe deleted successfully.
File C:\WINNT\system32\idbuhqtr.dll deleted successfully.
File C:\WINNT\system32\drivera.exe deleted successfully.
File C:\WINNT\system32\drivera.dll deleted successfully.
File C:\WINNT\monterreya_unknown.exe deleted successfully.
File C:\WINNT\system32\bdkifmhs.exe deleted successfully.
File C:\WINNT\system32\pcitmcrp.dll deleted successfully.
File C:\WINNT\system32\monterreya_unknown.exe deleted successfully.
File C:\WINNT\system32\citgwfcc.exe deleted successfully.
File C:\WINNT\system32\dvhuhvmq.exe deleted successfully.
File C:\WINNT\system32\dqquglku.dll deleted successfully.
File C:\WINNT\system32\pejcrrpg.exe deleted successfully.
File C:\WINNT\system32\rlaswfmy.dll deleted successfully.
File C:\WINNT\system32\durvilz.exe deleted successfully.
File C:\WINNT\system32\druidz_unknown.exe deleted successfully.
File C:\WINNT\system32\durvilz.dll deleted successfully.
File C:\WINNT\tpup.exe deleted successfully.
File C:\WINNT\system32\winpfz32.sys deleted successfully.
File C:\WINNT\system32\eawvpssc.exe deleted successfully.
File C:\WINNT\system32\iffdupbs.exe deleted successfully.
File C:\WINNT\system32\kblayvxm.exe deleted successfully.
File C:\WINNT\system32\gtrsykbu.exe deleted successfully.
File C:\WINNT\system32\pwinsqeb.exe deleted successfully.
File C:\WINNT\system32\pwinsqed.exe deleted successfully.
File C:\WINNT\system32\ppgmkvoa.exe deleted successfully.
File C:\WINNT\system32\hvyicstj.exe deleted successfully.
File C:\WINNT\system32\wdokbye.dll deleted successfully.
File C:\WINNT\system32\731402ld.exe deleted successfully.
File C:\WINNT\system32\hrcopul.dll deleted successfully.
File C:\bghtcbd.exe deleted successfully.
File C:\klnl.exe deleted successfully.
File C:\bhbn.exe deleted successfully.
File C:\WINNT\system32\rishhgwu.exe deleted successfully.
File C:\WINNT\system32\harqceks.exe deleted successfully.
File C:\WINNT\system32\bulpyxam.dll deleted successfully.
File C:\WINNT\system32\ehvsduuw.exe deleted successfully.
File C:\WINNT\system32\jqjhitpr.exe deleted successfully.
File C:\WINNT\TaskMgr.exe deleted successfully.
File C:\WINNT\system32\yvglruse.exe deleted successfully.
File C:\WINNT\system32\winpfg32.sys deleted successfully.
File C:\WINNT\system32\elmjmvsr.exe deleted successfully.
File C:\WINNT\system32\ipndxohb.exe deleted successfully.
File C:\WINNT\system32\gncpdkqf.exe deleted successfully.
File C:\WINNT\system32\iowdatel.exe deleted successfully.
File C:\WINNT\system32\wsdgotag.dll deleted successfully.
File C:\WINNT\system32\cxobntju.exe deleted successfully.
File C:\WINNT\system32\avrchesr.exe deleted successfully.
File C:\WINNT\system32\gcfcxcap.exe deleted successfully.
File C:\WINNT\system32\jkdmblhc.exe deleted successfully.
File C:\WINNT\system32\auyejhtg.exe deleted successfully.
File C:\WINNT\system32\xwltmfom.exe deleted successfully.
File C:\WINNT\system32\rtacltit.dll deleted successfully.
File C:\WINNT\system32\yxxseknn.exe deleted successfully.
File C:\WINNT\system32\vdbyqyll.exe deleted successfully.
File C:\WINNT\system32\pjnealoc.exe deleted successfully.
File C:\WINNT\system32\wnstssv.exe deleted successfully.
File C:\WINNT\system32\piolqvwg.exe deleted successfully.
File C:\WINNT\ff9n1vvm.exe deleted successfully.
File C:\WINNT\system32\anugbmlt.dll deleted successfully.
File C:\WINNT\system32\ansfsrg.dll deleted successfully.
File C:\WINNT\system32\iiyhgqcc.exe deleted successfully.
File C:\WINNT\system32\quidooai.dll deleted successfully.
File C:\WINNT\system32\confbrw.dll deleted successfully.
File C:\WINNT\system32\brwprf32.dll deleted successfully.
File C:\WINNT\system32\brwperf.exe deleted successfully.
File C:\WINNT\system32\brwmgr32.dll deleted successfully.
File C:\WINNT\system32\brwstat.dll deleted successfully.
File C:\WINNT\system32\qfyqakn.dll deleted successfully.
File C:\3456346345643.exe deleted successfully.
File C:\WINNT\system32\dfcdcxxc.exe deleted successfully.
File C:\WINNT\system32\durvily.dll deleted successfully.
File C:\WINNT\system32\ghycmvth.dll deleted successfully.
File C:\WINNT\system32\durvily.exe deleted successfully.
File C:\WINNT\system32\druidy_unknown.exe deleted successfully.
File C:\WINNT\system32\mfqlgnxp.exe deleted successfully.
File C:\WINNT\system32\dsiyhtkx.dll deleted successfully.
File C:\WINNT\system32\cetiovja.dll deleted successfully.
File C:\WINNT\system32\kbfgldbp.dll deleted successfully.
File C:\WINNT\system32\vnscct.dll deleted successfully.
File C:\WINNT\system32\tmp_7.exe deleted successfully.
File C:\WINNT\system32\svch32q.exe deleted successfully.
File C:\WINNT\system32\redtociv.exe deleted successfully.
File C:\WINNT\system32\ujhwysvc.exe deleted successfully.
File C:\WINNT\system32\elrmoxli.dll deleted successfully.
File C:\WINNT\system32\e1.dll deleted successfully.
File C:\WINNT\system32\bgnfwko.dll deleted successfully.
File C:\WINNT\system32\lmckjhjk.dll deleted successfully.
File C:\WINNT\system32\ttdmysqp.exe deleted successfully.
File C:\WINNT\system32\woaiwyag.exe deleted successfully.
File C:\WINNT\system32\tmlbhinh.dll deleted successfully.
File C:\WINNT\system32\dhclwbme.exe deleted successfully.
File C:\WINNT\system32\eeqaaxun.dll deleted successfully.
File C:\WINNT\system32\enkedeea.exe deleted successfully.
File C:\WINNT\system32\xocmqlfs.exe deleted successfully.
File C:\WINNT\system32\pjuxptvk.dll deleted successfully.
File C:\WINNT\system32\twxkcqjp.dll deleted successfully.
File C:\WINNT\system32\mqtblbef.exe deleted successfully.
File C:\WINNT\system32\yrurktth.exe deleted successfully.
File C:\WINNT\system32\tayaxkyc.exe deleted successfully.
File C:\WINNT\system32\kgpfbhct.dll deleted successfully.
File C:\WINNT\system32\bwlesyvf.dll deleted successfully.
File C:\WINNT\system32\jnkxpkqt.exe deleted successfully.
File C:\WINNT\system32\egepfwmh.exe deleted successfully.
File C:\WINNT\system32\vxxtccqx.exe deleted successfully.
File C:\WINNT\system32\jkugjkcy.dll deleted successfully.
File C:\WINNT\system32\pplgksfc.exe deleted successfully.
File C:\WINNT\system32\cofrnicq.dll deleted successfully.
File C:\WINNT\system32\cyunnojo.exe deleted successfully.
File C:\WINNT\system32\qspcuvkm.exe deleted successfully.
File C:\WINNT\system32\walikbmv.dll deleted successfully.
File C:\WINNT\system32\xbcooiwr.dll deleted successfully.
File C:\WINNT\system32\dxedjwrs.dll deleted successfully.
File C:\WINNT\system32\ppnwtfly.exe deleted successfully.
File C:\WINNT\system32\fbnwtjyv.dll deleted successfully.
File C:\WINNT\system32\yqjdaain.exe deleted successfully.
File C:\WINNT\system32\eaavxxyh.dll deleted successfully.
File C:\WINNT\system32\eroxhqki.dll deleted successfully.
File C:\WINNT\system32\axqvaeyc.exe deleted successfully.
File C:\WINNT\system32\tmp_53.exe deleted successfully.
File C:\WINNT\system32\ypysegdi.exe deleted successfully.
File C:\WINNT\system32\gruywbts.dll deleted successfully.
File C:\WINNT\system32\tqtnehpg.exe deleted successfully.
File C:\WINNT\system32\ltxgobbh.dll deleted successfully.
File C:\WINNT\system32\dtxogqru.dll deleted successfully.
File C:\WINNT\system32\cjhfwtwe.exe deleted successfully.
File C:\WINNT\system32\apuuovoi.dll deleted successfully.
File C:\WINNT\system32\oqlgvwwv.exe deleted successfully.
File C:\WINNT\system32\fvkcgcgp.exe deleted successfully.
File C:\WINNT\system32\ogfljqdk.exe deleted successfully.
File C:\WINNT\system32\tkjikfwr.exe deleted successfully.
File C:\WINNT\system32\rcjvpytp.exe deleted successfully.
File C:\WINNT\system32\uovqmamc.exe deleted successfully.
File C:\WINNT\system32\nklbabai.exe deleted successfully.
File C:\WINNT\system32\rtpqvbys.exe deleted successfully.
File C:\WINNT\druid_unknown.exe deleted successfully.
File C:\WINNT\ms03012890280.exe deleted successfully.
File C:\WINNT\system32\xqbgmkuk.exe deleted successfully.
File C:\WINNT\system32\svch1n.exe deleted successfully.
File C:\WINNT\system32\vjcmgipj.exe deleted successfully.
File C:\WINNT\system32\ogggbrle.exe deleted successfully.
File C:\WINNT\system32\xdqilykk.exe deleted successfully.
File C:\WINNT\system32\mubawksu.exe deleted successfully.
File C:\WINNT\system32\vqibvfpd.exe deleted successfully.
File C:\WINNT\system32\ijllexfp.exe deleted successfully.
File C:\WINNT\system32\rdfhmxlc.dll deleted successfully.
File C:\WINNT\system32\kikjknqf.exe deleted successfully.
File C:\mc44a53.exe deleted successfully.
File C:\WINNT\system32\dpmxumxc.exe deleted successfully.
File C:\WINNT\system32\mtnuvee.dll deleted successfully.
File C:\WINNT\system32\rfwmxjb.dll deleted successfully.
File C:\WINNT\system32\dxvwchqk.exe deleted successfully.
File C:\WINNT\system32\orknai.dll deleted successfully.
File C:\WINNT\hkykagn.exe deleted successfully.
File C:\WINNT\srvipxwlzp.exe deleted successfully.
File C:\WINNT\system32\nrnqetwbz.exe deleted successfully.
File C:\WINNT\system32hlvi6wkjc.exe deleted successfully.
File C:\WINNT\system32\pfbo0yj.exe deleted successfully.
File C:\WINNT\system32\hlvi6wkjc.exe deleted successfully.
File C:\WINNT\system32ysjaevwx.exe deleted successfully.
File C:\WINNT\system32\ysjaevwx.exe deleted successfully.
File C:\WINNT\srvtwmxnqu.exe deleted successfully.
File C:\WINNT\system32\p2jlseh8.dll deleted successfully.
File C:\WINNT\system32nrnqetwbz.exe deleted successfully.
File C:\dacmi.exe deleted successfully.
File C:\oysb.exe deleted successfully.
File C:\WINNT\system32\msvcrl.dll deleted successfully.
File C:\WINNT\winjok.exe deleted successfully.
File C:\WINNT\flash.exe deleted successfully.
File C:\WINNT\system32\ffgdhfbn.dll deleted successfully.
File C:\WINNT\system32\dxvwvyfs.exe deleted successfully.
File C:\WINNT\system32\e0pnii5i6.exe deleted successfully.
File C:\WINNT\system32\tbiu5xkb.exe deleted successfully.
File C:\WINNT\system32\dxvwnmra.exe deleted successfully.
File C:\WINNT\system32\mgngepif.dll deleted successfully.
File C:\WINNT\system32\uudhykiu.exe deleted successfully.
File C:\WINNT\system32\dxvwbbql.exe deleted successfully.
File C:\WINNT\system32\qeksqbpo.dll deleted successfully.
File C:\WINNT\system32\rnwkcdyk.exe deleted successfully.
File C:\WINNT\system32\huygbjqb.dll deleted successfully.
File C:\WINNT\system32\oicfmnal.dll deleted successfully.
File C:\WINNT\system32\yguislss.exe deleted successfully.
Folder C:\DeluxeCommunications deleted successfully.
Folder C:\Program Files\bho plugin deleted successfully.
Folder C:\Program Files\vstoolbar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks|{04CDB16C-AB38-43CD-A86A-6FEB90290939} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|aaa00000 deleted successfully.


Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|cixo
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|cixo failed!
Status: 0xc0000034

Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|DllRunning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|brwdiag deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\run|_zlu_zlope06 deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\run|Windows update loader deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\run|_mzu_stonedrv3 deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\run|Key deleted successfully.


Could not delete registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|_zlu_zlope06
Deletion of registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|_zlu_zlope06 failed!
Status: 0xc0000034



Could not delete registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|Windows update loader
Deletion of registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|Windows update loader failed!
Status: 0xc0000034



Could not delete registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|_mzu_stonedrv3
Deletion of registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|_mzu_stonedrv3 failed!
Status: 0xc0000034



Could not delete registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|Key
Deletion of registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run|Key failed!
Status: 0xc0000034

Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer|ForceActiveDesktopOn deleted successfully.


Could not delete registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer|ForceActiveDesktopOn
Deletion of registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer|ForceActiveDesktopOn failed!
Status: 0xc0000034

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|appinit_dlls replaced with dummy successfully.

Completed script processing.

*******************

Finished!  Terminate.

[resevil83]

Logfile of HijackThis v1.99.1
Scan saved at 1:49:17 AM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\jtxeqilr.dll",setvm
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Pop up Blocker Pro - {599125BC-6100-4DC3-BCB9-9452A2192CF5} - C:\Program Files\Pop up Blocker Pro\pdie.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NNSvc - BioNet Systems, LLC - C:\Program Files\Net Nanny\nnsvc.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
O23 - Service: TCP and UDP Supp0rt - Unknown owner - C:\WINNT\system32\tccpip.exe (file missing)

[guestolo]

Can you do the following, we still have to clean a bit more

Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this Exact service
name---- System Startup Service

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Apply and OK it

Do the same for the next one
TCP and UDP Supp0rt
Apply and ok it

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
Make sure you include "Files to delete:"
=============================================================
[color=\"#0000FF\"]
Files to delete:
C:\WINNT\system32\jtxeqilr.dll
C:\WINNT\system32\umcioavl.exe
C:\WINNT\PID47IER.exe
C:\WINNT\System32\trafkbdy.exe
C:\WINNT\system32\trafkbdy.dll

Folders to delete:
C:\Program Files\cxtpls
C:\Program Files\bpt

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load | forwas
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | DllRunning[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt

    * Under "Script file to execute" choose "Input Script Manually".
    * Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    * Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    * Click Done
    * Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
    * Answer "Yes" twice when prompted.

Avenger should now Reboot your computer

Back in Windows
Can you go to START>>RUN>>copy>paste to the open field the following commands in bold below and click OK after each

sc delete SvcProc

Then this one
sc delete "TCP and UDP Supp0rt"

Afterwards
Download [color=\"blue\"]VundoFix.exe[/color]
to your desktop.

• Double-click VundoFix.exe to run it.
  
• Click the Scan for Vundo button.
  
• Once it's done scanning, click the Remove Vundo button.
  
• You will receive a prompt asking if you want to remove the files,  click YES
  
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
  

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."


Back in Windows
Can you post the following

1. Post a fresh hijackthis log
2. Post the report from Vundofix>>C:\Vundofix.txt
3. Post the log from Avenger>>C:\Avenger.txt
4. Could you also run Combofix again and post the fresh log

5. I want to also add a rootkit scan
Download and save too desktop
 F-Secure Blacklight(blbeta.exe)

    Double click to run blbeta.exe
    * Accept the user agreement.
    * Click Scan.
    * After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".

I want to also check on a couple files
Could be totally legit, just to ensure they aren't affected

Go to either of these links
http://virusscan.jotti.org/
OR
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to the file on your harddrive

C:\WINNT\system32\sfc_os.dll <-this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Could you do the same for this file please
C:\WINNT\smartdownload.exe<-this file,

[resevil83]

Logfile of HijackThis v1.99.1
Scan saved at 12:21:57 AM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E8D10D4-E7D2-4912-9B8C-7F657584E565} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {129F4CC9-DEC7-4C8D-85D2-BE479760D871} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {13B14BF0-A5DE-449D-9E33-B9BFEB220BE5} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {1E1C49DA-0B86-4CE9-969E-EA1AC998F151} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {2416E910-CA38-4567-8DCA-4A050DADCABa} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {254E362D-5BA0-458A-9A12-3C2D6FCE4D8F} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {286D7B76-7883-9B10-E16F-90945C669B40} - C:\WINNT\nttd32.dll (file missing)
O2 - BHO: (no name) - {2C14287D-0C43-4880-80D6-3526788B0D21} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {2D3F6A04-86CA-4F10-A18B-BC124E04C4CB} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {325B8880-1463-6CCD-40EE-4D918CD788BC} - C:\WINNT\system32\bgnfwko.dll (file missing)
O2 - BHO: (no name) - {44A380A3-0821-1E04-C7E1-0755E228F280} - C:\WINNT\system32\rfwmxjb.dll (file missing)
O2 - BHO: (no name) - {4A7F3263-0A87-431D-BBB4-96A39C916215} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {4A7F8215-D067-419D-912B-394D98E2D6F3} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {52F434D1-1688-4D0F-99D5-5B7C9395B923} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINNT\system32\drivera.dll (file missing)
O2 - BHO: (no name) - {5DA7D1DD-9903-4834-8957-69722CE935E1} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {66328523-C007-4C8C-AC23-FC6E0C6C8D3E} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\iergmope.dll (file missing)
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINNT\cfg32r.dll (file missing)
O2 - BHO: (no name) - {79B29746-03F1-491E-ABB0-089827B3D284} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {897CE532-BBB2-448E-A3D6-570B989DBB8C} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {8DA10DA2-A02C-4806-83AC-011BA56C5B26} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {8FF951B7-7E93-4723-8A90-C8E116166E00} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {905BAC32-C39E-444A-A8E3-5E3EA72DF843} - C:\WINNT\Help\starter\mxlyss.dll (file missing)
O2 - BHO: (no name) - {95BFFAB4-F4E6-4F74-BD0C-0DCA9D54E1C4} - \
O2 - BHO: (no name) - {9AD16D7F-49A6-422C-BE55-7F59270ECDA6} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {9B343A8F-4478-4314-94FB-49CCDE84896F} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - C:\Program Files\BHO Plugin\plugin1.dll (file missing)
O2 - BHO: Jffdjljo Class - {A16AC1F4-BCA7-4401-B5F5-22240F78E776} - C:\WINNT\system32\p2jlseh8.dll (file missing)
O2 - BHO: (no name) - {A1F59C2E-5BDC-4F9B-934D-E275E7C65A46} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: Yvakt Class - {ABA0ABA4-1C23-42CE-A10B-E07B8609B555} - C:\WINNT\system32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {B16B5D1C-D978-4EBC-8146-EEFC81B8CFB8} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {B4AFD5E5-E9C5-4893-95C9-DF0651B15D36} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {BB0CE8AB-2572-44E9-9700-539A8449B026} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\rqrroll.dll (file missing)
O2 - BHO: (no name) - {CA82C0E1-0757-24F2-23F8-0C45017C2DE5} - C:\WINNT\system32\vnscct.dll (file missing)
O2 - BHO: (no name) - {D66722E4-2CDC-4D85-9A78-BAE7C5D2A570} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {DBCC7BEE-E732-4A52-919C-A9026E57C492} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {DEB00314-395A-4E70-8686-DCAC63A4DDFe} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {EA947CE6-B7A4-462C-B9E1-FA1D59E0A9DB} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {ED30650E-088F-48B1-B114-AA1BAA15E6A7} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {FEAC5E67-39F6-459E-BCB9-76A1600952B3} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {FF6167A8-D6C7-4707-A2B0-7811D50617B5} - C:\Program Files\Windows Media Player\nizybico.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Pop up Blocker Pro - {599125BC-6100-4DC3-BCB9-9452A2192CF5} - C:\Program Files\Pop up Blocker Pro\pdie.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O20 - Winlogon Notify: brwmgr - brwmgr32.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: trafkbdy - C:\WINNT\system32\trafkbdy.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

[resevil83]

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.3

Scan started at 12:09:23 AM 2/6/2007

Listing files found while scanning....

C:\WINNT\Help\starter\mxlyss.dll
C:\WINNT\Help\starter\ssylxm.bak1
C:\WINNT\Help\starter\ssylxm.bak2
C:\WINNT\Help\starter\ssylxm.ini
C:\WINNT\Help\starter\ssylxm.ini2
C:\WINNT\Help\starter\ssylxm.tmp
C:\WINNT\system32\anugbmlt.dll
C:\WINNT\system32\enylwpnk.dll
C:\WINNT\system32\gjtxqeqm.dll
C:\WINNT\system32\iergmope.dll
C:\WINNT\system32\iyfatcyr.exe
C:\WINNT\system32\knpwlyne.ini
C:\WINNT\system32\pjuxptvk.dll
C:\WINNT\system32\rqrroll.dll
C:\WINNT\system32\rtacltit.dll
C:\WINNT\system32\uqkyekfb.dll
C:\WINNT\system32\wsdgotag.dll
C:\WINNT\system32\yflmiedu.exe
C:\WINNT\system32\yiqviesi.exe

Beginning removal...

 Attempting to delete C:\WINNT\Help\starter\mxlyss.dll
C:\WINNT\Help\starter\mxlyss.dll Has been deleted!

 Attempting to delete C:\WINNT\Help\starter\ssylxm.bak1
C:\WINNT\Help\starter\ssylxm.bak1 Has been deleted!

 Attempting to delete C:\WINNT\Help\starter\ssylxm.bak2
C:\WINNT\Help\starter\ssylxm.bak2 Has been deleted!

 Attempting to delete C:\WINNT\Help\starter\ssylxm.ini
C:\WINNT\Help\starter\ssylxm.ini Has been deleted!

 Attempting to delete C:\WINNT\Help\starter\ssylxm.ini2
C:\WINNT\Help\starter\ssylxm.ini2 Has been deleted!

 Attempting to delete C:\WINNT\Help\starter\ssylxm.tmp
C:\WINNT\Help\starter\ssylxm.tmp Has been deleted!

 Attempting to delete C:\WINNT\system32\enylwpnk.dll
C:\WINNT\system32\enylwpnk.dll Has been deleted!

 Attempting to delete C:\WINNT\system32\iyfatcyr.exe
C:\WINNT\system32\iyfatcyr.exe Has been deleted!

 Attempting to delete C:\WINNT\system32\knpwlyne.ini
C:\WINNT\system32\knpwlyne.ini Has been deleted!

 Attempting to delete C:\WINNT\system32\rqrroll.dll
C:\WINNT\system32\rqrroll.dll Has been deleted!

 Attempting to delete C:\WINNT\system32\yflmiedu.exe
C:\WINNT\system32\yflmiedu.exe Has been deleted!

 Attempting to delete C:\WINNT\system32\yiqviesi.exe
C:\WINNT\system32\yiqviesi.exe Has been deleted!

Performing Repairs to the registry.
Done!






Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pqjjlnss

*******************

Script file located at: \??\C:\Program Files\xoyeewot.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINNT\system32\jtxeqilr.dll deleted successfully.
File C:\WINNT\system32\umcioavl.exe deleted successfully.
File C:\WINNT\PID47IER.exe deleted successfully.


File C:\WINNT\System32\trafkbdy.exe not found!
Deletion of file C:\WINNT\System32\trafkbdy.exe failed!

Could not process line:
C:\WINNT\System32\trafkbdy.exe
Status: 0xc0000034



File C:\WINNT\system32\trafkbdy.dll not found!
Deletion of file C:\WINNT\system32\trafkbdy.dll failed!

Could not process line:
C:\WINNT\system32\trafkbdy.dll
Status: 0xc0000034

Folder C:\Program Files\cxtpls deleted successfully.
Folder C:\Program Files\bpt deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load|forwas deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|DllRunning deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

[resevil83]

"Vince" - 07-02-06  0:25:40    Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Vince.BACKROOM\Desktop"

((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\VSAdd-in
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\PPATCH~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\PPATCH~1\w?auboot.exe
C:\qoobox\purity\Program Files\STEM32~1\STEM32~1
C:\qoobox\purity\Program Files\STEM32~1\wuaclt.exe
C:\qoobox\purity\WINNT\ECURIT~1
C:\qoobox\purity\WINNT\YMANTE~1
C:\qoobox\purity\WINNT\system32\MBOLS~1


(((((((((((((((((((((((((((((((   Files Created from 2007-01-06 to 2007-02-06  ))))))))))))))))))))))))))))))))))
 
 
2007-02-06 00:09   <DIR>   d--------   C:\VundoFix Backups
2007-02-06 00:03   <DIR>   d--------   C:\avenger
2007-02-01 00:09   <DIR>   d--------   C:\DOCUME~1\VINCE~1.BAC\DoctorWeb
2007-01-30 00:10   <DIR>   d--------   C:\Rustbfix
2007-01-28 01:48   2,388   --a------   C:\WINNT\system32\tmp.reg
2007-01-28 01:47   79,360   --a------   C:\WINNT\system32\swxcacls.exe
2007-01-28 01:47   51,200   --a------   C:\WINNT\system32\dumphive.exe
2007-01-28 01:47   40,960   --a------   C:\WINNT\system32\swsc.exe
2007-01-28 01:47   288,417   --a------   C:\WINNT\system32\SrchSTS.exe
2007-01-28 01:47   135,168   --a------   C:\WINNT\system32\swreg.exe
2007-01-27 23:37   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-27 23:35   <DIR>   d--------   C:\DOCUME~1\VINCE~1.BAC\Application Data\Lavasoft
2007-01-25 01:42   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-25 01:42   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-01-25 01:22   <DIR>   d--------   C:\SDFix
2007-01-21 02:17   <DIR>   d--------   C:\HJT
2007-01-15 16:50   <DIR>   d--------   C:\Program Files\Exolon


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-06 00:16   --------   dr-------   C:\Program Files\net nanny
2007-02-01 01:33   --------   d---s----   C:\DOCUME~1\VINCE~1.BAC\Application Data\microsoft
2007-02-01 01:27   --------   d--------   C:\Program Files\msn gaming zone
2007-02-01 01:24   --------   d--------   C:\Program Files\Common Files\java
2007-01-27 23:35   --------   d--------   C:\Program Files\lavasoft
2007-01-04 19:14   --------   d--------   C:\Program Files\limewire
2006-12-28 19:00   --------   d--------   C:\Program Files\aim
2006-12-25 23:29   --------   d--------   C:\DOCUME~1\VINCE~1.BAC\Application Data\limewire
2006-12-25 17:17   --------   d--------   C:\Program Files\itunes
2006-12-25 17:17   --------   d--------   C:\Program Files\ipod
2006-12-25 17:14   --------   d--------   C:\Program Files\quicktime
2006-12-25 17:11   --------   d--------   C:\Program Files\apple software update
2006-11-08 21:26   656   --a------   C:\WINNT\system32\sfc_os.dll
2006-11-08 21:26   17920   --a------   C:\WINNT\system32\ntio256.sys
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"NNTray"="C:\\Program Files\\Net Nanny\\nnstart.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\trafkbdy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService
HTTPFilter   REG_MULTI_SZ      HTTPFilter
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService



Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job

Completion time: 07-02-06  0:30:35
C:\ComboFix2.txt ... 07-02-01 01:43
C:\ComboFix3.txt ... 07-01-30 00:36

[resevil83]

02/06/07 00:33:28 [Info]: BlackLight Engine 1.0.55 initialized
02/06/07 00:33:28 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/06/07 00:33:29 [Note]: 7019 4
02/06/07 00:33:29 [Note]: 7005 0
02/06/07 00:33:35 [Note]: 7006 0
02/06/07 00:33:35 [Note]: 7011 1048
02/06/07 00:33:35 [Note]: 7026 0
02/06/07 00:33:35 [Note]: 7026 0
02/06/07 00:33:35 [Note]: 7024 3
02/06/07 00:33:35 [Info]: Hidden process: C:\WINNT\system32\protector.exe
02/06/07 00:33:43 [Note]: FSRAW library version 1.7.1021
02/06/07 00:37:48 [Info]: Hidden file: c:\WINNT\River Sumida.bmp:ieneb
02/06/07 00:37:48 [Info]: Hidden file: c:\WINNT\rqnti.dat:dagbm
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q329441.log:fofyo
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q331958.log:crodu
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q810243.log:mfxtx
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q810577.log:mnoir
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q810833.log:vhvjn
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q811493.log:oefon
02/06/07 00:37:49 [Info]: Hidden file: c:\WINNT\Q811493.log:yipuz
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q811630.log:fztmf
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q814033.log:mjkkz
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q814696.log:xgiet
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q814995.log:ntdgh
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q814995.log:rihhb
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\Q817287.log:hlgzv
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\bootstat.dat:iiqau
02/06/07 00:37:50 [Info]: Hidden file: c:\WINNT\mxqrg.dat:nlste
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\FaxSetup.log:lwbtn
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\FaxSetup.log:usmigl
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\fcuaf.dat:enfvx
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\wiaservc.log:pwgsi
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\slcplappl.ico:ttven
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\SmCfg.exe:qfugm
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\SmCfg.exe:zgeme
02/06/07 00:37:51 [Info]: Hidden file: c:\WINNT\smdat32a.sys:eavbn
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\smscfg.ini:xhbpk
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:pkiwr
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:yzgar
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:mtnuo
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:xwoak
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\ogrri.dat:fbqiy
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\ogrri.dat:rnfho
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\ogrri.dat:zvdly
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\owdoq.dat:szixf
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:lgjqq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:sunyq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:lgjqq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:sunyq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:lgjqq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:sunyq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:lgjqq
02/06/07 00:37:52 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:sunyq
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:lgjqq
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:sehrs
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:vmpun
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:lgjqq
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:sunyq
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_16.exe:sunyq
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\twunk_32(2).exe:grupmz
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\lndpd.dat:rwvfu
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\gftgk.dat:sackje
02/06/07 00:37:53 [Info]: Hidden file: c:\WINNT\atid.ini:cpsln
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\Q819696.log:wjmnv
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\qbvjw.dat:rzgza
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:eaqsy
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:ltxkk
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\KB282010.log:kfgkp
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\KB821557.log:flwmz
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\KB822603.log:cfrpr
02/06/07 00:37:54 [Info]: Hidden file: c:\WINNT\KB828741.log:zofiid
02/06/07 00:37:55 [Info]: Hidden file: c:\WINNT\mscr(2).exe:oepfd
02/06/07 00:37:55 [Info]: Hidden file: c:\WINNT\mscr(3).exe:oepfd
02/06/07 00:37:55 [Info]: Hidden file: c:\WINNT\mscr(4).exe:oepfd
02/06/07 00:37:55 [Info]: Hidden file: c:\WINNT\msdfmap.ini:qgwhy
02/06/07 00:37:55 [Info]: Hidden file: c:\WINNT\msdp(2).exe:tzvdcd
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\yohdo.dat:buvoa
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\yohdo.dat:zljca
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\Prairie Wind.bmp:xffdp
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\Q323255.log:reqiv
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\Q327979.log:pgxij
02/06/07 00:37:56 [Info]: Hidden file: c:\WINNT\Q329115.log:wnlvc
02/06/07 00:37:57 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:mjopy
02/06/07 00:37:57 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:qiuqc
02/06/07 00:37:57 [Info]: Hidden file: c:\WINNT\Coffee Bean.bmp:rgbfh
02/06/07 00:37:57 [Info]: Hidden file: c:\WINNT\Sti_Trace.log:obnjg
02/06/07 00:37:58 [Info]: Hidden file: c:\WINNT\winnt.bmp:qmbnt
02/06/07 00:37:58 [Info]: Hidden file: c:\WINNT\winstart(2).bat:llhxhj
02/06/07 00:37:58 [Info]: Hidden file: c:\WINNT\winstart(3).bat:llhxhj
02/06/07 00:37:58 [Info]: Hidden file: c:\WINNT\winstart(4).bat:llhxhj
02/06/07 00:37:58 [Info]: Hidden file: c:\WINNT\msym.exe:ppgbb
02/06/07 00:37:59 [Info]: Hidden file: c:\WINNT\ieuninst.exe:gcaua
02/06/07 00:37:59 [Info]: Hidden file: c:\WINNT\iimvz.dat:szdrz
02/06/07 00:37:59 [Info]: Hidden file: c:\WINNT\iimvz.dat:yohyk
02/06/07 00:37:59 [Info]: Hidden file: c:\WINNT\DHCPUPG.LOG:yxqvpx
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\setupact.log:owidb
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\setuplog.txt:hxtqv
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\setuplog.txt:smgtu
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\ocgen.log:ycllv
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\ODBCINST.INI:pfhkn
02/06/07 00:38:00 [Info]: Hidden file: c:\WINNT\SchedLgU.Txt:fwreb
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\ScUnin.exe:ovjwz
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\_default(11).pif:pjvze
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\_default(21).pif:pjvze
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\_default(31).pif:pjvze
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\ujqrh.dat:nwmmg
02/06/07 00:38:01 [Info]: Hidden file: c:\WINNT\UNNeroBurnRights.cfg:yuodc
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain(2).dll:gmyvs
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain(3).dll:gmyvs
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain(4).dll:gmyvs
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain(5).dll:gmyvs
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain.dll:gmyvs
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:gmkuzw
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:jojhk
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:gmkuzw
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:jojhk
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:gmkuzw
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:jojhk
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:gmkuzw
02/06/07 00:38:02 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:jojhk
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\wininit.ini:gliiz
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(9).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(6).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(7).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(10).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(12).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(13).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(14).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(15).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(16).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(17).pif:pjvze
02/06/07 00:38:03 [Info]: Hidden file: c:\WINNT\_default(18).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(19).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(2).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(20).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(23).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(24).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(25).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(26).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(27).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(28).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(29).pif:pjvze
02/06/07 00:38:04 [Info]: Hidden file: c:\WINNT\_default(3).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(30).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(32).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(33).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(34).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(35).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(37).pif:wnvjb
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(4).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(5).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(.pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default.pif:zwypt
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\_default(22).pif:pjvze
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\siwik.dat:bdeet
02/06/07 00:38:05 [Info]: Hidden file: c:\WINNT\twdbl.dat:wafwr
02/06/07 00:38:06 [Info]: Hidden file: c:\WINNT\KB842773.log:xsddaf
02/06/07 00:42:07 [Info]: Hidden file: c:\WINNT\system32\ntio256.sys
02/06/07 00:42:07 [Note]: 7002 0
02/06/07 00:42:07 [Note]: 7003 1
02/06/07 00:42:07 [Note]: 10002 1
02/06/07 00:42:11 [Info]: Hidden file: C:\WINNT\system32\protector.exe
02/06/07 00:42:11 [Note]: 7002 0
02/06/07 00:42:11 [Note]: 7003 1
02/06/07 00:42:11 [Note]: 10002 1
02/06/07 00:43:26 [Note]: 2000 1012
02/06/07 00:46:13 [Note]: 7007 0

[resevil83]

Scan taken on 06 Feb 2007 06:46:33 (GMT)
AntiVir    
Found TR/Agent.YC.2
ArcaVir    
Found nothing
Avast    
Found nothing
AVG Antivirus    
Found nothing
BitDefender    
Found Trojan.Spy.Goldun.DA
ClamAV    
Found nothing
Dr.Web    
Found nothing
F-Prot Antivirus    
Found nothing
F-Secure Anti-Virus    
Found nothing
Fortinet    
Found nothing
Kaspersky Anti-Virus    
Found nothing
NOD32    
Found nothing
Norman Virus Control    
Found nothing
VirusBuster    
Found nothing
VBA32    
Found nothing

The above scan was for sfc_os.dll

The scan below was for smartdownload.exe
 AntiVir     
Found nothing
ArcaVir    
Found nothing
Avast    
Found nothing
AVG Antivirus    
Found nothing
BitDefender    
Found nothing
ClamAV    
Found nothing
Dr.Web    
Found nothing
F-Prot Antivirus    
Found nothing
F-Secure Anti-Virus    
Found nothing
Fortinet    
Found nothing
Kaspersky Anti-Virus    
Found nothing
NOD32    
Found nothing
Norman Virus Control    
Found nothing
VirusBuster    
Found nothing
VBA32    
Found nothing

[guestolo]

resdevil, I'm very sorry for the delay, just been so darn busy with other matters lately
I'll try and stick with you now as I have more time
Since I've been away, can we ensure that things haven't changed too much

Can I have you run blbeta.exe again and post a fresh log please
Also, delete this folder
C:\qoobox <-this folder

Run Combofix again and post a fresh log
Just the above 2 logs then we'll try and kill this thing
Again, I apologize for the long delay