« previous next »
Pages: 1 [2] 3

Author Topic: Computer infected with spyware, help  (Read 5045 times)

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #20 on: February 13, 2007, 01:00:44 AM »
"Vince" - 07-02-12 23:52:55    Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Vince.BACKROOM\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2007-01-12 to 2007-02-12  ))))))))))))))))))))))))))))))))))
 
 
2007-02-06 00:09   <DIR>   d--------   C:\VundoFix Backups
2007-02-06 00:03   <DIR>   d--------   C:\avenger
2007-02-01 00:09   <DIR>   d--------   C:\DOCUME~1\VINCE~1.BAC\DoctorWeb
2007-01-30 00:10   <DIR>   d--------   C:\Rustbfix
2007-01-28 01:48   2,388   --a------   C:\WINNT\system32\tmp.reg
2007-01-28 01:47   79,360   --a------   C:\WINNT\system32\swxcacls.exe
2007-01-28 01:47   51,200   --a------   C:\WINNT\system32\dumphive.exe
2007-01-28 01:47   40,960   --a------   C:\WINNT\system32\swsc.exe
2007-01-28 01:47   288,417   --a------   C:\WINNT\system32\SrchSTS.exe
2007-01-28 01:47   135,168   --a------   C:\WINNT\system32\swreg.exe
2007-01-27 23:37   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-27 23:35   <DIR>   d--------   C:\DOCUME~1\VINCE~1.BAC\Application Data\Lavasoft
2007-01-25 01:42   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-25 01:42   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-01-25 01:22   <DIR>   d--------   C:\SDFix
2007-01-21 02:17   <DIR>   d--------   C:\HJT
2007-01-15 16:50   <DIR>   d--------   C:\Program Files\Exolon


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-12 23:38   --------   dr-------   C:\Program Files\net nanny
2007-02-01 01:33   --------   d---s----   C:\DOCUME~1\VINCE~1.BAC\Application Data\microsoft
2007-02-01 01:27   --------   d--------   C:\Program Files\msn gaming zone
2007-02-01 01:24   --------   d--------   C:\Program Files\Common Files\java
2007-01-27 23:35   --------   d--------   C:\Program Files\lavasoft
2007-01-04 19:14   --------   d--------   C:\Program Files\limewire
2006-12-28 19:00   --------   d--------   C:\Program Files\aim
2006-12-25 23:29   --------   d--------   C:\DOCUME~1\VINCE~1.BAC\Application Data\limewire
2006-12-25 17:17   --------   d--------   C:\Program Files\itunes
2006-12-25 17:17   --------   d--------   C:\Program Files\ipod
2006-12-25 17:14   --------   d--------   C:\Program Files\quicktime
2006-12-25 17:11   --------   d--------   C:\Program Files\apple software update
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"NNTray"="C:\\Program Files\\Net Nanny\\nnstart.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\trafkbdy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService
HTTPFilter   REG_MULTI_SZ      HTTPFilter
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService



Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job

Completion time: 07-02-12 23:57:49
C:\ComboFix2.txt ... 07-02-06 00:30
C:\ComboFix3.txt ... 07-02-01 01:43
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #21 on: February 13, 2007, 01:19:14 AM »
02/13/07 00:02:48 [Info]: BlackLight Engine 1.0.55 initialized
02/13/07 00:02:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/13/07 00:02:48 [Note]: 7019 4
02/13/07 00:02:48 [Note]: 7005 0
02/13/07 00:02:50 [Note]: 7006 0
02/13/07 00:02:50 [Note]: 7011 1248
02/13/07 00:02:50 [Note]: 7026 0
02/13/07 00:02:50 [Note]: 7026 0
02/13/07 00:02:50 [Note]: 7024 3
02/13/07 00:02:50 [Info]: Hidden process: C:\WINNT\system32\protector.exe
02/13/07 00:02:58 [Note]: FSRAW library version 1.7.1021
02/13/07 00:06:59 [Info]: Hidden file: c:\WINNT\River Sumida.bmp:ieneb
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\rqnti.dat:dagbm
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q329441.log:fofyo
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q331958.log:crodu
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q810243.log:mfxtx
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q810577.log:mnoir
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q810833.log:vhvjn
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q811493.log:oefon
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q811493.log:yipuz
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q811630.log:fztmf
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q814033.log:mjkkz
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q814696.log:xgiet
02/13/07 00:07:00 [Info]: Hidden file: c:\WINNT\Q814995.log:ntdgh
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\Q814995.log:rihhb
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\Q817287.log:hlgzv
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\bootstat.dat:iiqau
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\mxqrg.dat:nlste
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\FaxSetup.log:lwbtn
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\FaxSetup.log:usmigl
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\fcuaf.dat:enfvx
02/13/07 00:07:01 [Info]: Hidden file: c:\WINNT\wiaservc.log:pwgsi
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\slcplappl.ico:ttven
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\SmCfg.exe:qfugm
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\SmCfg.exe:zgeme
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\smdat32a.sys:eavbn
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\smscfg.ini:xhbpk
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:pkiwr
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:yzgar
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:mtnuo
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:xwoak
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\ogrri.dat:fbqiy
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\ogrri.dat:rnfho
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\ogrri.dat:zvdly
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\owdoq.dat:szixf
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:lgjqq
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:sunyq
02/13/07 00:07:02 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:lgjqq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:sunyq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:lgjqq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:sunyq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:lgjqq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:sunyq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:lgjqq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:sehrs
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:vmpun
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:lgjqq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:sunyq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_16.exe:sunyq
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\twunk_32(2).exe:grupmz
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\lndpd.dat:rwvfu
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\gftgk.dat:sackje
02/13/07 00:07:03 [Info]: Hidden file: c:\WINNT\atid.ini:cpsln
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\Q819696.log:wjmnv
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\qbvjw.dat:rzgza
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:eaqsy
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:ltxkk
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\KB282010.log:kfgkp
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\KB821557.log:flwmz
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\KB822603.log:cfrpr
02/13/07 00:07:04 [Info]: Hidden file: c:\WINNT\KB828741.log:zofiid
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\mscr(2).exe:oepfd
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\mscr(3).exe:oepfd
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\mscr(4).exe:oepfd
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\msdfmap.ini:qgwhy
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\msdp(2).exe:tzvdcd
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\yohdo.dat:buvoa
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\yohdo.dat:zljca
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\Prairie Wind.bmp:xffdp
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\Q323255.log:reqiv
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\Q327979.log:pgxij
02/13/07 00:07:05 [Info]: Hidden file: c:\WINNT\Q329115.log:wnlvc
02/13/07 00:07:06 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:mjopy
02/13/07 00:07:06 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:qiuqc
02/13/07 00:07:06 [Info]: Hidden file: c:\WINNT\Coffee Bean.bmp:rgbfh
02/13/07 00:07:06 [Info]: Hidden file: c:\WINNT\Sti_Trace.log:obnjg
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\winnt.bmp:qmbnt
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\winstart(2).bat:llhxhj
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\winstart(3).bat:llhxhj
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\winstart(4).bat:llhxhj
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\msym.exe:ppgbb
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\ieuninst.exe:gcaua
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\iimvz.dat:szdrz
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\iimvz.dat:yohyk
02/13/07 00:07:07 [Info]: Hidden file: c:\WINNT\DHCPUPG.LOG:yxqvpx
02/13/07 00:07:08 [Info]: Hidden file: c:\WINNT\setupact.log:owidb
02/13/07 00:07:08 [Info]: Hidden file: c:\WINNT\setuplog.txt:hxtqv
02/13/07 00:07:08 [Info]: Hidden file: c:\WINNT\setuplog.txt:smgtu
02/13/07 00:07:08 [Info]: Hidden file: c:\WINNT\ocgen.log:ycllv
02/13/07 00:07:08 [Info]: Hidden file: c:\WINNT\ODBCINST.INI:pfhkn
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\SchedLgU.Txt:fwreb
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\ScUnin.exe:ovjwz
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\_default(11).pif:pjvze
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\_default(21).pif:pjvze
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\_default(31).pif:pjvze
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\ujqrh.dat:nwmmg
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\UNNeroBurnRights.cfg:yuodc
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\twain(2).dll:gmyvs
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\twain(3).dll:gmyvs
02/13/07 00:07:09 [Info]: Hidden file: c:\WINNT\twain(4).dll:gmyvs
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain(5).dll:gmyvs
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain.dll:gmyvs
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:gmkuzw
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:jojhk
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:gmkuzw
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:jojhk
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:gmkuzw
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:jojhk
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:gmkuzw
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:jojhk
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\wininit.ini:gliiz
02/13/07 00:07:10 [Info]: Hidden file: c:\WINNT\_default(9).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(6).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(7).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(10).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(12).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(13).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(14).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(15).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(16).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(17).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(18).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(19).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(2).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(20).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(23).pif:pjvze
02/13/07 00:07:11 [Info]: Hidden file: c:\WINNT\_default(24).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(25).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(26).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(27).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(28).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(29).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(3).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(30).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(32).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(33).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(34).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(35).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(37).pif:wnvjb
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(4).pif:pjvze
02/13/07 00:07:12 [Info]: Hidden file: c:\WINNT\_default(5).pif:pjvze
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\_default(8).pif:pjvze
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\_default.pif:zwypt
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\_default(22).pif:pjvze
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\siwik.dat:bdeet
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\twdbl.dat:wafwr
02/13/07 00:07:13 [Info]: Hidden file: c:\WINNT\KB842773.log:xsddaf
02/13/07 00:11:26 [Info]: Hidden file: c:\WINNT\system32\ntio256.sys
02/13/07 00:11:26 [Note]: 7002 0
02/13/07 00:11:26 [Note]: 7003 1
02/13/07 00:11:26 [Note]: 10002 1
02/13/07 00:11:30 [Info]: Hidden file: C:\WINNT\system32\protector.exe
02/13/07 00:11:30 [Note]: 7002 0
02/13/07 00:11:30 [Note]: 7003 1
02/13/07 00:11:30 [Note]: 10002 1
02/13/07 00:12:43 [Note]: 2000 1012
02/13/07 00:16:13 [Note]: 7007 0
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #22 on: February 13, 2007, 01:24:08 AM »
Don't worry about it man.  I really appreciate your help. I am doing this for a friend, so it's hard to get to his house all the time because of our schedules. I want to clean up my computer also, but it is NOWHERE near this bad. It might have a couple of things. I really appreciate everything though, and I'd be happy to donate to fight against malware. Maybe you could give me a tip twoards what type of educational programs you went through, so I can go and study this sort of thing and help the community as you do. I'd love to learn these things.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer infected with spyware, help
« Reply #23 on: February 13, 2007, 10:19:12 AM »
Can you do the following
Going off of the last hijackthis log I seen

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {0E8D10D4-E7D2-4912-9B8C-7F657584E565} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {129F4CC9-DEC7-4C8D-85D2-BE479760D871} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {13B14BF0-A5DE-449D-9E33-B9BFEB220BE5} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {1E1C49DA-0B86-4CE9-969E-EA1AC998F151} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {2416E910-CA38-4567-8DCA-4A050DADCABa} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {254E362D-5BA0-458A-9A12-3C2D6FCE4D8F} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {286D7B76-7883-9B10-E16F-90945C669B40} - C:\WINNT\nttd32.dll (file missing)
O2 - BHO: (no name) - {2C14287D-0C43-4880-80D6-3526788B0D21} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {2D3F6A04-86CA-4F10-A18B-BC124E04C4CB} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {325B8880-1463-6CCD-40EE-4D918CD788BC} - C:\WINNT\system32\bgnfwko.dll (file missing)
O2 - BHO: (no name) - {44A380A3-0821-1E04-C7E1-0755E228F280} - C:\WINNT\system32\rfwmxjb.dll (file missing)
O2 - BHO: (no name) - {4A7F3263-0A87-431D-BBB4-96A39C916215} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {4A7F8215-D067-419D-912B-394D98E2D6F3} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {52F434D1-1688-4D0F-99D5-5B7C9395B923} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINNT\system32\drivera.dll (file missing)
O2 - BHO: (no name) - {5DA7D1DD-9903-4834-8957-69722CE935E1} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {66328523-C007-4C8C-AC23-FC6E0C6C8D3E} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\iergmope.dll (file missing)
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINNT\cfg32r.dll (file missing)
O2 - BHO: (no name) - {79B29746-03F1-491E-ABB0-089827B3D284} - C:\Program Files\Windows Media Player\nizybico.dll

O2 - BHO: (no name) - {897CE532-BBB2-448E-A3D6-570B989DBB8C} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {8DA10DA2-A02C-4806-83AC-011BA56C5B26} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {8FF951B7-7E93-4723-8A90-C8E116166E00} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {905BAC32-C39E-444A-A8E3-5E3EA72DF843} - C:\WINNT\Help\starter\mxlyss.dll (file missing)
O2 - BHO: (no name) - {95BFFAB4-F4E6-4F74-BD0C-0DCA9D54E1C4} - \
O2 - BHO: (no name) - {9AD16D7F-49A6-422C-BE55-7F59270ECDA6} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {9B343A8F-4478-4314-94FB-49CCDE84896F} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - C:\Program Files\BHO Plugin\plugin1.dll (file missing)
O2 - BHO: Jffdjljo Class - {A16AC1F4-BCA7-4401-B5F5-22240F78E776} - C:\WINNT\system32\p2jlseh8.dll (file missing)
O2 - BHO: (no name) - {A1F59C2E-5BDC-4F9B-934D-E275E7C65A46} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: Yvakt Class - {ABA0ABA4-1C23-42CE-A10B-E07B8609B555} - C:\WINNT\system32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {B16B5D1C-D978-4EBC-8146-EEFC81B8CFB8} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {B4AFD5E5-E9C5-4893-95C9-DF0651B15D36} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {BB0CE8AB-2572-44E9-9700-539A8449B026} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINNT\system32\rqrroll.dll (file missing)
O2 - BHO: (no name) - {CA82C0E1-0757-24F2-23F8-0C45017C2DE5} - C:\WINNT\system32\vnscct.dll (file missing)
O2 - BHO: (no name) - {D66722E4-2CDC-4D85-9A78-BAE7C5D2A570} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {DBCC7BEE-E732-4A52-919C-A9026E57C492} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {DEB00314-395A-4E70-8686-DCAC63A4DDFe} - C:\WINNT\system32\walikbmv.dll (file missing)
O2 - BHO: (no name) - {EA947CE6-B7A4-462C-B9E1-FA1D59E0A9DB} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {ED30650E-088F-48B1-B114-AA1BAA15E6A7} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {FEAC5E67-39F6-459E-BCB9-76A1600952B3} - C:\Program Files\Windows Media Player\nizybico.dll
O2 - BHO: (no name) - {FF6167A8-D6C7-4707-A2B0-7811D50617B5} - C:\Program Files\Windows Media Player\nizybico.dll

O20 - Winlogon Notify: brwmgr - brwmgr32.dll (file missing)

O20 - Winlogon Notify: trafkbdy - C:\WINNT\system32\trafkbdy.dll (file missing)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open blbeta.exe (blacklight) again.
Click Scan>>>Next

When it's done
It will show you all those files again

Now select each of those entries and click the 'rename' button.
Do this for all of them.
Blacklight adds the rename to those entries.
Click next and it will tell you that those files will get renamed and if you are sure. Click
Yes>>OK
Then it will ask you to reboot.
Click yes.
Your system must reboot now.

Back in Windows
Download [color=\"blue\"]haxfix.exe[/color]
and save it to your desktop.
  • Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
  • Checkmark "Create a desktop icon"
  • Click "Next"
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
  • Click "Finish"
A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix
  • Select option 1. Make logfile by typing 1 and then pressing Enter
  • Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt
  • Copy the contents of that logfile and paste it into this thread. (c:\haxfix.txt)
Could you also include the next couple logs

1. A fresh hijackthis log
2. Delete the logs made from blbeta.exe, run a fresh scan and post it's log
3. Download SREng from
HERE

Extract it to Desktop and double click SREng.exe to run it
Select: Smart Scan and click on the [Scan] button.
Let the scan finish, may take a couple minutes

When finished, click on the 'Save Reports' button and save the log to Desktop

Please post the SREng log in your reply.
« Last Edit: February 14, 2007, 12:40:21 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #24 on: February 14, 2007, 01:14:59 AM »
HAXFIX logfile - by Marckie

version 4.37
Tue 02/13/2007  23:56:06.40

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found
 
checking for matching services
no matching services found
 
checking for matching safeboot services
no matching safeboot services found

checking for other Haxdoor-files
no other Haxdoor-files found


--- Checking for Goldun ---


checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for other Goldun-files
no other Goldun-files found

checking iexplore.exe
iexplore.exe is infected!!
iexplore.exe not found in dllcache
no tmp-files found in temp-folder
no backups of iexplore.exe found!!

checking sfc_os.dll
sfc_os.dll is infected!!
sfc_os.dll not found in dllcache
no tmp-files found in temp-folder
no backups found of sfc_os.dll!!


Finished!






Logfile of HijackThis v1.99.1
Scan saved at 11:58:20 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NNSvc - BioNet Systems, LLC - C:\Program Files\Net Nanny\nnsvc.exe





02/13/07 23:59:08 [Info]: BlackLight Engine 1.0.55 initialized
02/13/07 23:59:08 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/13/07 23:59:09 [Note]: 7019 4
02/13/07 23:59:09 [Note]: 7005 0
02/13/07 23:59:12 [Note]: 7006 0
02/13/07 23:59:12 [Note]: 7011 1040
02/13/07 23:59:12 [Note]: 7026 0
02/13/07 23:59:13 [Note]: 7026 0
02/13/07 23:59:24 [Note]: FSRAW library version 1.7.1021
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\River Sumida.bmp:ieneb
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\rqnti.dat:dagbm
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\Q329441.log:fofyo
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\Q331958.log:crodu
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\Q810243.log:mfxtx
02/14/07 00:03:35 [Info]: Hidden file: c:\WINNT\Q810577.log:mnoir
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q810833.log:vhvjn
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q811493.log:oefon
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q811493.log:yipuz
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q811630.log:fztmf
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q814033.log:mjkkz
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q814696.log:xgiet
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q814995.log:ntdgh
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q814995.log:rihhb
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\Q817287.log:hlgzv
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\bootstat.dat:iiqau
02/14/07 00:03:36 [Info]: Hidden file: c:\WINNT\mxqrg.dat:nlste
02/14/07 00:03:37 [Info]: Hidden file: c:\WINNT\FaxSetup.log:lwbtn
02/14/07 00:03:37 [Info]: Hidden file: c:\WINNT\FaxSetup.log:usmigl
02/14/07 00:03:37 [Info]: Hidden file: c:\WINNT\fcuaf.dat:enfvx
02/14/07 00:03:37 [Info]: Hidden file: c:\WINNT\wiaservc.log:pwgsi
02/14/07 00:03:37 [Info]: Hidden file: c:\WINNT\slcplappl.ico:ttven
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\SmCfg.exe:qfugm
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\SmCfg.exe:zgeme
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\smdat32a.sys:eavbn
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\smscfg.ini:xhbpk
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:pkiwr
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\Soap Bubbles.bmp:yzgar
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:mtnuo
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\SpyBlocs_IsFirstTime.txt:xwoak
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\ogrri.dat:fbqiy
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\ogrri.dat:rnfho
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\ogrri.dat:zvdly
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\owdoq.dat:szixf
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:lgjqq
02/14/07 00:03:38 [Info]: Hidden file: c:\WINNT\twunk_16(2).exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:lgjqq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(3).exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:lgjqq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(4).exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:lgjqq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(5).exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:lgjqq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:sehrs
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(6).exe:vmpun
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:lgjqq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16(7).exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_16.exe:sunyq
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\twunk_32(2).exe:grupmz
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\lndpd.dat:rwvfu
02/14/07 00:03:39 [Info]: Hidden file: c:\WINNT\gftgk.dat:sackje
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\atid.ini:cpsln
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\Q819696.log:wjmnv
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\qbvjw.dat:rzgza
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:eaqsy
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\n_gekqpb.dat:ltxkk
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\KB282010.log:kfgkp
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\KB821557.log:flwmz
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\KB822603.log:cfrpr
02/14/07 00:03:40 [Info]: Hidden file: c:\WINNT\KB828741.log:zofiid
02/14/07 00:03:41 [Info]: Hidden file: c:\WINNT\mscr(2).exe:oepfd
02/14/07 00:03:41 [Info]: Hidden file: c:\WINNT\mscr(3).exe:oepfd
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\mscr(4).exe:oepfd
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\msdfmap.ini:qgwhy
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\msdp(2).exe:tzvdcd
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\yohdo.dat:buvoa
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\yohdo.dat:zljca
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\Prairie Wind.bmp:xffdp
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\Q323255.log:reqiv
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\Q327979.log:pgxij
02/14/07 00:03:42 [Info]: Hidden file: c:\WINNT\Q329115.log:wnlvc
02/14/07 00:03:43 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:mjopy
02/14/07 00:03:43 [Info]: Hidden file: c:\WINNT\cdPlayer.ini:qiuqc
02/14/07 00:03:43 [Info]: Hidden file: c:\WINNT\Coffee Bean.bmp:rgbfh
02/14/07 00:03:43 [Info]: Hidden file: c:\WINNT\Sti_Trace.log:obnjg
02/14/07 00:03:44 [Info]: Hidden file: c:\WINNT\winnt.bmp:qmbnt
02/14/07 00:03:44 [Info]: Hidden file: c:\WINNT\winstart(2).bat:llhxhj
02/14/07 00:03:44 [Info]: Hidden file: c:\WINNT\winstart(3).bat:llhxhj
02/14/07 00:03:44 [Info]: Hidden file: c:\WINNT\winstart(4).bat:llhxhj
02/14/07 00:03:44 [Info]: Hidden file: c:\WINNT\msym.exe:ppgbb
02/14/07 00:03:45 [Info]: Hidden file: c:\WINNT\ieuninst.exe:gcaua
02/14/07 00:03:45 [Info]: Hidden file: c:\WINNT\iimvz.dat:szdrz
02/14/07 00:03:45 [Info]: Hidden file: c:\WINNT\iimvz.dat:yohyk
02/14/07 00:03:45 [Info]: Hidden file: c:\WINNT\DHCPUPG.LOG:yxqvpx
02/14/07 00:03:46 [Info]: Hidden file: c:\WINNT\setupact.log:owidb
02/14/07 00:03:46 [Info]: Hidden file: c:\WINNT\setuplog.txt:hxtqv
02/14/07 00:03:46 [Info]: Hidden file: c:\WINNT\setuplog.txt:smgtu
02/14/07 00:03:46 [Info]: Hidden file: c:\WINNT\ocgen.log:ycllv
02/14/07 00:03:46 [Info]: Hidden file: c:\WINNT\ODBCINST.INI:pfhkn
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\SchedLgU.Txt:fwreb
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\ScUnin.exe:ovjwz
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\_default(11).pif:pjvze
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\_default(21).pif:pjvze
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\_default(31).pif:pjvze
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\ujqrh.dat:nwmmg
02/14/07 00:03:47 [Info]: Hidden file: c:\WINNT\UNNeroBurnRights.cfg:yuodc
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain(2).dll:gmyvs
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain(3).dll:gmyvs
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain(4).dll:gmyvs
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain(5).dll:gmyvs
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain.dll:gmyvs
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:gmkuzw
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(2).dll:jojhk
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:gmkuzw
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(3).dll:jojhk
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:gmkuzw
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(4).dll:jojhk
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:gmkuzw
02/14/07 00:03:48 [Info]: Hidden file: c:\WINNT\twain_32(5).dll:jojhk
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\wininit.ini:gliiz
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(9).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(6).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(7).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(10).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(12).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(13).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(14).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(15).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(16).pif:pjvze
02/14/07 00:03:49 [Info]: Hidden file: c:\WINNT\_default(17).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(18).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(19).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(2).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(20).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(23).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(24).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(25).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(26).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(27).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(28).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(29).pif:pjvze
02/14/07 00:03:50 [Info]: Hidden file: c:\WINNT\_default(3).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(30).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(32).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(33).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(34).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(35).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(37).pif:wnvjb
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(4).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(5).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(8).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default.pif:zwypt
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\_default(22).pif:pjvze
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\siwik.dat:bdeet
02/14/07 00:03:51 [Info]: Hidden file: c:\WINNT\twdbl.dat:wafwr
02/14/07 00:03:52 [Info]: Hidden file: c:\WINNT\KB842773.log:xsddaf
02/14/07 00:09:50 [Note]: 2000 1012
02/14/07 00:13:48 [Note]: 7007 0
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #25 on: February 14, 2007, 01:50:58 AM »
Code: [Select]
2007-02-14,00:42:01

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
 - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File


Boot Items
Registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IgfxTray><C:\WINNT\System32\igfxtray.exe>  [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINNT\System32\hkcmd.exe>  [(Verified)Intel Corporation]
<NeroCheck><C:\WINNT\System32\NeroCheck.exe>  [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
<{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
<WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Corporation]
<SysTray><C:\WINNT\System32\stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
<WinlogonNotify: wzcnotif><wzcdlg.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]

==================================
Startup Folders
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MI1933~1\Office10\OSA.EXE [Microsoft Corporation]><N>

==================================
Services
[ANIWZCSd Service / ANIWZCSdService][Stopped/Auto Start]
  <C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe><Alpha Networks Inc.>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
  <C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
  <C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe><GRISOFT, s.r.o.>
[Creative Service for CDROM Access / Creative Service for CDROM Access][Running/Auto Start]
  <C:\WINNT\system32\CTsvcCDA.EXE><Creative Technology Ltd>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[ISEXEng / ISEXEng][Stopped/Disabled]
  <C:\WINNT\System32\angelex.exe><N/A>
[mstlsapi / mstlsapi][Stopped/Disabled]
  <"C:\WINNT\mstlsapi.exe"><N/A>
[Intel NCS NetService / NetSvc][Stopped/Manual Start]
  <C:\Program Files\Intel\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[Windows Media Connect (WMC) / WmcCds][Stopped/Manual Start]
  <c:\program files\windows media connect\mswmccds.exe><Microsoft Corporation>
[Windows Media Connect (WMC) Helper / WmcCdsLs][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect\mswmcls.exe><Microsoft Corporation>
[NNSvc / NNSvc][Stopped/Auto Start]
  <C:\Program Files\Net Nanny\nnsvc.exe><BioNet Systems, LLC>

==================================
Drivers
[D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) / A3AB][Running/Manual Start]
  <system32\DRIVERS\A3AB.sys><D-Link Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ANIO Service / ANIO][Running/Auto Start]
  <\??\C:\WINNT\system32\ANIO.SYS><Alpha Networks Inc.>
[AVG7 Kernel / Avg7Core][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG Network Redirector / AvgTdi][Running/Auto Start]
  <\??\C:\WINNT\System32\Drivers\avgtdi.sys><GRISOFT, s.r.o.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
  <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[HPFECP06 / HPFECP06][Running/Auto Start]
  <\SystemRoot\System32\drivers\HPFECP06.SYS><N/A>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel Integrated RAID / iaStor][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\iaStor.sys><Intel Corporation>
[IntelC51 / IntelC51][Running/Manual Start]
  <System32\DRIVERS\IntelC51.sys><Intel Corporation>
[IntelC52 / IntelC52][Running/Manual Start]
  <System32\DRIVERS\IntelC52.sys><Intel Corporation>
[IntelC53 / IntelC53][Running/Manual Start]
  <System32\DRIVERS\IntelC53.sys><Intel Corporation>
[mohfilt / mohfilt][Running/Manual Start]
  <System32\DRIVERS\mohfilt.sys><Intel Corporation>
[Mtlmnt5 / Mtlmnt5][Stopped/Manual Start]
  <System32\DRIVERS\Mtlmnt5.sys><Smart Link>
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
  <System32\DRIVERS\Mtlstrm.sys><Smart Link>
[Input and output operations / ntio256][Stopped/Auto Start]
  <\??\C:\WINNT\system32\ntio256.sys><N/A>
[NtMtlFax / NtMtlFax][Stopped/Manual Start]
  <System32\DRIVERS\NtMtlFax.sys><Smart Link>
[nv / nv][Stopped/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PfModNT / PfModNT][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\PfModNT.sys><Creative Technology Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RecAgent / RecAgent][Stopped/Manual Start]
  <\??\C:\WINNT\System32\DRIVERS\RecAgent.sys><Smart Link>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SmartLink AMR_PCI Driver / Slntamr][Stopped/Manual Start]
  <System32\DRIVERS\slntamr.sys><Smart Link>
[SlNtHal / SlNtHal][Stopped/Manual Start]
  <System32\DRIVERS\Slnthal.sys><Smart Link>
[SlWdmSup / SlWdmSup][Stopped/Manual Start]
  <System32\DRIVERS\SlWdmSup.sys><Vireo Software>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
  <System32\DRIVERS\wanatw4.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[AOL Toolbar Launcher]
  {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[AOL Toolbar]
  {3369AF0D-62E9-4bda-8103-B4C75499B578} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[AIM]
  {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:\Program Files\AIM\aim.exe, America Online, Inc.>
[Real.com]
  {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINNT\System32\Shdocvw.dll, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[HouseCall Control]
  {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} <C:\WINNT\DOWNLO~1\xscan60.ocx, Trend Micro Inc.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINNT\System32\LegitCheckControl.DLL, Microsoft® Corporation>
[Java Plug-in 1.5.0_03]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll, Sun Microsystems, Inc.>
[compid Class]
  {9A57B18E-2F5D-11D5-8997-00104BD12D94} <C:\WINNT\Downloaded Program Files\gwCID.dll, PC Pitstop LLC>
[Java Plug-in 1.5.0_03]
  {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[]
  {013A653B-49A6-4F76-8B68-E4875EA6BA54} <C:\WINNT\system32\pjuxptvk.dll, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
  {1DAEFCB9-06C8-47C6-8F20-3FB54B244DAA} <C:\WINNT\system32\uqkyekfb.dll, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\System32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINNT\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AOL Toolbar Launcher]
  {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[]
  {7DA39570-5FD2-4F18-94B4-20730CB3F727} <C:\WINNT\system32\wsdgotag.dll, N/A>
[]
  {849B9523-785F-4014-9CAF-079FB4A74C61} <C:\WINNT\system32\gjtxqeqm.dll, N/A>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINNT\System32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINNT\System32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[AOL Toolbar]
  {DE9C389F-3316-41A7-809B-AA305ED9D922} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[]
  {F18F04B0-9CF1-4B93-B004-77A288BEE28B} <C:\WINNT\system32\rtacltit.dll, N/A>
[&AOL Toolbar Search]
  <c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html, N/A>

==================================
Running Processes
[PID: 644][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 996][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1140][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1224][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1320][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1736][C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe]  [GRISOFT, s.r.o., 7,1,0,365]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7,1,0,321]
[C:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgamint.dll]  [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgamsps.dll]  [GRISOFT, s.r.o., 7,1,0,285]
[PID: 1800][C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe]  [GRISOFT, s.r.o., 7,1,0,349]
[PID: 1860][C:\WINNT\system32\CTsvcCDA.EXE]  [Creative Technology Ltd, 1.0.1.0]
[PID: 248][C:\WINNT\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1040][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
[PID: 1124][C:\WINNT\System32\hkcmd.exe]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxhk.dll]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxres.dll]  [Intel Corporation, 3.0.0.2209]
[PID: 1208][C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe]  [GRISOFT, s.r.o., 7,1,0,371]
[C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll]  [GRISOFT, s.r.o., 7,1,0,285]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7,1,0,321]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgscan.dll]  [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgunarc.dll]  [GRISOFT, s.r.o., 7,1,0,381]
[C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll]  [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll]  [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll]  [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll]  [GRISOFT, s.r.o., 7,1,0,300]
[C:\Program Files\Grisoft\AVG Free\avgmail.dll]  [GRISOFT, s.r.o., 7,1,0,358]
[PID: 1216][C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe]  [D-Link, 3, 3, 1, 50324]
[C:\WINNT\system32\wlanapi.dll]  [Alpha Networks Inc., 1, 3, 19, 50222]
[C:\WINNT\system32\ANIOApi.dll]  [Alpha Networks Inc., 2, 0, 0, 40127]
[C:\WINNT\system32\AQCKGen.dll]  [Alpha Networks Inc., 1, 0, 0, 30603]
[C:\WINNT\system32\WlanApp.dll]  [Alpha Networks Inc., 1, 0, 10, 50316]
[PID: 1180][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Computer, Inc., 7.0.2.16]
[PID: 136][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla, 1.0.7]
[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\smime3.dll]  [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\nss3.dll]  [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll]  [N/A, N/A]
[C:\Program Files\Mozilla Firefox\components\qfaservices.dll]  [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\components\FULLSOFT.DLL]  [Full Circle Software, Inc., 2.2.unofficial]
[C:\Program Files\Java\jre1.5.0_03\bin\NPOJI610.dll]  [Sun Microsystems, Inc., 5.0.30.7]
[C:\Program Files\Java\jre1.5.0_03\bin\jpioji.dll]  [Sun Microsystems, Inc., 5.0.30.7]
[C:\Program Files\Java\jre1.5.0_03\bin\jpinscp.dll]  [Sun Microsystems, Inc., 5.0.30.7]
[C:\Program Files\Java\jre1.5.0_03\bin\jpishare.dll]  [Sun Microsystems, Inc., 5.0.30.7]
[C:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.7.12: 2005091517]
[C:\PROGRA~1\MOZILL~1\nssckbi.dll]  [Netscape Communications Corporation, 1.42]
[PID: 1984][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Computer, Inc., 7.0.2.16]
[PID: 1960][C:\Documents and Settings\Vince.BACKROOM\Desktop\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1   localhost

==================================
API HOOK
N/A

==================================
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer infected with spyware, help
« Reply #26 on: February 15, 2007, 12:25:40 AM »
Can you do the following
One more round of fixes

Can you delete the log from Dr.Web and delete Dr.Web.cureit.exe on desktop

Redownload Dr.Web Cureit from the link
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Save too desktop
We'll need it again, and it always updates

Your version of Iexplore.exe and sfc_os.dll are infected
From the bottom of this reply box I've uploaded a file called Backup.zip
Which includes a clean file of both
NOTE: Iexplore.exe is the correct version for IE6 sp2, not to be used with IE7
There is also a version for IE7 but you won't need it
Extract the Backup folder  too desktop for now
Note: you may have to be logged into the forum to properly download the file

Can you Print these instructions or save them too a text file on desktop

[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

[color=\"blue\"]Updating Java:[/color]
  • Download the latest version of  Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement[/i]".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  and save it to your desktop (12.6 MB).
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Right Click on MyComputer icon and left click Properties
Click the Hardware tab>>Device Manager
In Device Manager click on VIEW>>Show Hidden Devices
Expand (+) on "Non Plug and Play Drivers" in the list
Look for "Input and output operations"
Right click on it and choose UNINSTALL
Don't reboot when done but exit Device Manager

Open SrEng.exe
Click on the BOOT ITEMS button
Select SERVICES tab
Select Drivers button
Let it scan, when it's done, look thru the list
 left click to Highlight
"Input and output operations"
Select Delete Service radio button then choose SET
Click NO to delete the Service
Don't reboot yet if prompted

Close the Drivers box
and click to open the "Win32 Services" button
Let it finish it's scan
Hightlight the next entry
ISEXEng / ISEXEng
Select the Delete Service radio button>>choose SET
Click No to the prompt
Again don't reboot
Do the same for
mstlsapi / mstlsapi
This time
Allow the computer to

Reboot  into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the top of the screen that appears.
Sign in with your normal user account

In Safe mode
Find and delete these files if they exist
C:\WINNT\System32\angelex.exe <-file
C:\WINNT\mstlsapi.exe <-file
C:\WINNT\system32\pjuxptvk.dll <-file
C:\WINNT\system32\uqkyekfb.dll <-file
C:\WINNT\system32\wsdgotag.dll <-file
C:\WINNT\system32\gjtxqeqm.dll <-file

Some, or all of the above files may not exist, but take a look
Still in safe mode
Open SrEng.exe again
This time click the System Repair button
Then choose "Browser Addon" tab
Use your mouse and expand CLSID 1 so you read the entire entry
Left click to Highlight then Delete Selected all the following
{013A653B-49A6-4F76-8B68-E4875EA6BA54}
{1DAEFCB9-06C8-47C6-8F20-3FB54B244DAA}
{7DA39570-5FD2-4F18-94B4-20730CB3F727}
{849B9523-785F-4014-9CAF-079FB4A74C61}

Exit SrEng.exe afterwards, but remain in safe mode
Open the BACKUP folder on desktop you extracted earlier

Right click on iexplore.exe and choose COPY
Navigate to the following folders and PASTE a copy of iexplore.exe in each
C:\WINNT\System32\dllcache
C:\Program Files\Internet Explorer <-allow to overwrite if prompted

Back in the BACKUP folder
Right click on sfc_os.dll and choose COPY
Navigate to the following folder and choose PASTE
C:\WINNT\System32 <-allow to overwrite if prompted


Dr.Web CureIt
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer back to Normal Windows!!
Then from your desktop double-click on jre-6-windowsi586.exe to install the newest version of Java
After Java is installed
Can you again do the following

Vundofix
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,  click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."


Back in Windows
Can you post all the following please, hopefully this is the last round of many logs

1. Post a fresh hijackthis log
2. Post the new report from Dr. Web cureit
3. Can you run another Smart Scan with SrEng.exe and post it's new log

4. Can you reopen Hijackthis
Open the MISC TOOLS SECTION
Open ADS SPY...
UNCHECK "Quick Scan"
Then click the SCAN button, when it's done, save the log and post it back here please if not empty
« Last Edit: February 15, 2007, 12:53:17 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #27 on: February 19, 2007, 02:21:44 AM »
Logfile of HijackThis v1.99.1
Scan saved at 1:20:12 AM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #28 on: February 19, 2007, 02:23:03 AM »
noiuqndo.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Adware.TopSearch;Incurable.Moved.;
winjok.exe;C:\Documents and Settings\Alys\Local Settings\Temp;Trojan.DownLoader.18451;Deleted.;
monterreya_unknown.exe;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Trojan.Durvil;Deleted.;
~ds39990.tmp;C:\Documents and Settings\Phil.BACKROOM.000\Local Settings\Temp;Trojan.Durvil;Deleted.;
Process.exe;C:\Program Files\HaxFix;Tool.Prockill;Incurable.Moved.;
A0649215.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP883;Adware.Spysheriff;Incurable.Moved.;
A0651319.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652326.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652327.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652328.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652342.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652343.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652377.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652378.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652381.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652401.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652402.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652403.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0652410.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP889;Trojan.Durvil;Deleted.;
A0655169.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655213.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655214.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655216.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655223.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655244.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.18451;Deleted.;
A0655282.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Durvil;Deleted.;
A0655358.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.18451;Deleted.;
A0655558.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.14427;Deleted.;
A0655559.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Click.1166;Deleted.;
A0655560.exe:umclwx;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655561.exe:mmnyqa;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655562.ini:rgnrm;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655563.exe:ugzpr;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Sip;Deleted.;
A0655564.exe:nhkul;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655565.dll:dadsqe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655566.exe:obwfkg;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655567.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655568.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655569.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655570.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655571.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655572.exe:zoufs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655573.exe:oyxso;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655574.ini:kuiff;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655575.ini:ggcid;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655576.ini:appvi;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655577.INI:jxirm;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655578.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Generic.1372;Deleted.;
A0655579.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.14767;Deleted.;
A0655580.exe:auxoq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655581.exe:evkvhm;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655582.dll:dmszm;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655583.exe:qpcnsc;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655584.dll:frbvo;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655585.exe:cxynan;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655586.exe:cxynan;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655586.exe:xgece;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1457;Deleted.;
A0655587.exe:cxynan;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655588.exe:oepfd;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655589.ini:azphn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655590.exe:hfilf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655591.exe:hfilf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655592.exe:duxnpq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655593.exe:duxnpq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655594.exe:tnseqv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655595.exe:tnseqv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655596.exe:tnseqv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655597.exe:kfimp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655598.INI:maxce;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655598.INI:sbrdw;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655599.exe:ngmjd;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1029;Deleted.;
A0655600.INI:lfxbg;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655601.OLD:ikjwj;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655602.exe:wtnpf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655603.dll:lrtwyv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655604.exe:rugiv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655605.dll:waiys;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1029;Deleted.;
A0655606.INI:jpvfy;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655607.old:ckbmm;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1101;Deleted.;
A0655608.dll:bsznx;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655608.dll:funsz;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1029;Deleted.;
A0655608.dll:wyauw;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1029;Deleted.;
A0655609.INI:ztflz;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655610.ico:qnqlv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655611.exe:fgqkq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655612.sys:busvk;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1029;Deleted.;
A0655613.sys:xppls;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655614.ini:caupl;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655615.exe:zukiux;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655616.exe:zukiux;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655617.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spybi;Deleted.;
A0655618.exe:qttjl;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655619.bat:rsjvl;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655620.dll:adwmp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655621.dll:adwmp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655622.dll:adwmp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655623.dll:adwmp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655624.dll:adwmp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655625.dll:dlxol;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655626.dll:dlxol;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655627.dll:dlxol;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655628.dll:dlxol;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655629.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655629.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655629.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655630.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655630.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655630.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655631.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655631.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655631.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655632.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655632.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655632.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655633.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655633.exe:mbsubu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655633.exe:sunyq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655634.exe:fjmlyu;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655634.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655634.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655635.exe:lgjqq;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655635.exe:sehrs;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655635.exe:vmpun;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655636.exe:dbxwfo;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655637.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Click.1166;Deleted.;
A0655638.cfg:vnkji;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Feat.2;Deleted.;
A0655639.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655640.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655641.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655642.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655643.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655644.ini:efehnp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655645.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Generic.1372;Deleted.;
A0655646.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655647.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655648.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655649.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655650.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655651.exe:pzebns;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.StartPage.563;Deleted.;
A0655652.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655653.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655654.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655655.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655656.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655657.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655658.exe:zjmvwn;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655659.ini:audqv;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655660.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655661.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655662.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655663.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655664.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655665.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655666.exe:rkeaqp;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655667.exe:slosnh;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655668.exe:slosnh;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655669.exe:slosnh;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;BackDoor.Netag;Deleted.;
A0655670.bat:hwihc;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655671.bat:hwihc;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655672.bat:hwihc;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655673.bat:hwihc;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.568;Deleted.;
A0655674.dll:yujzl;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655675.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655675.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655676.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655676.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655677.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655677.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655678.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655678.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655679.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655679.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655680.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655680.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655681.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655681.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655682.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655682.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655683.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655683.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655684.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655684.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655685.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655685.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655686.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655686.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655687.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655687.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655688.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655688.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655689.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655689.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655690.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655690.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655691.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655691.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655692.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655692.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655693.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655693.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655694.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655694.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655695.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655695.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655696.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655696.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655697.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655697.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655698.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655698.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655699.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655699.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655700.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655700.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655701.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655701.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655702.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655702.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655703.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655703.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655704.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655705.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655705.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655706.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655706.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655707.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655707.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655708.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655708.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655709.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655709.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655710.pif:nqcmf;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.1077;Deleted.;
A0655710.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655711.pif:wnvjb;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.530;Deleted.;
A0655712.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spambot;Deleted.;
A0655713.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spambot;Deleted.;
A0655714.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spambot;Deleted.;
A0655715.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spambot;Deleted.;
A0655716.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Spambot;Deleted.;
A0655717.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655718.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.DownLoader.14427;Deleted.;
A0655719.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.PurityAd;Deleted.;
A0655720.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655721.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655722.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655723.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.Virtumod;Deleted.;
A0655724.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Trojan.AproposAd;Deleted.;
A0655725.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Ykemi;Incurable.Moved.;
A0655726.EXE;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.NewDotNet;Incurable.Moved.;
A0655727.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Ykemi;Incurable.Moved.;
A0655728.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Tool.Prockill;Incurable.Moved.;
A0655729.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Tool.ShutDown.11;Incurable.Moved.;
A0655730.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Broadcap;Incurable.Moved.;
A0655731.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Broadcap;Incurable.Moved.;
A0655732.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Broadcap;Incurable.Moved.;
A0655733.cfg;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Broadcap;Incurable.Moved.;
A0655734.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Broadcap;Incurable.Moved.;
A0655735.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Apropos;Incurable.Moved.;
A0655736.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Apropos;Incurable.Moved.;
A0655737.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Apropos;Incurable.Moved.;
A0655738.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655739.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655740.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655741.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655742.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655743.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655744.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655745.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655746.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655747.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655748.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655749.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655750.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655751.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655752.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655753.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655754.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655755.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655756.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655757.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0655758.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MyWay;Incurable.Moved.;
A0655759.EXE;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MyWay;Incurable.Moved.;
A0655760.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MyWay;Incurable.Moved.;
A0655761.EXE;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655762.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MWS;Incurable.Moved.;
A0655763.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655764.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MWS;Incurable.Moved.;
A0655765.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655766.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655767.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MWS;Incurable.Moved.;
A0655768.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655769.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655770.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655771.EXE;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Msearch;Incurable.Moved.;
A0655772.DLL;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MWS;Incurable.Moved.;
A0655773.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Zango;Incurable.Moved.;
A0655774.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Tool.Prockill;Incurable.Moved.;
A0655775.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.nCase;Incurable.Moved.;
A0655776.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655777.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655778.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655779.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.MediaTicket;Incurable.Moved.;
A0655780.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.NewDotNet;Incurable.Moved.;
A0655781.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.NewDotNet;Incurable.Moved.;
A0655782.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655783.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655784.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655785.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.BookedSpace;Incurable.Moved.;
A0655786.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Adpower;Incurable.Moved.;
A0655787.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655788.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655789.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.TopSearch;Incurable.Moved.;
A0655790.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655791.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655792.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.ZenoSearch;Incurable.Moved.;
A0655793.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Tool.Prockill;Incurable.Moved.;
A0655794.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.ZenoSearch;Incurable.Moved.;
A0655795.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.ZenoSearch;Incurable.Moved.;
A0655796.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.ZenoSearch;Incurable.Moved.;
A0655797.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655798.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.SearchColours;Incurable.Moved.;
A0655799.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Adlogix;Incurable.Moved.;
A0655801.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890;Adware.Dh;Incurable.Moved.;
A0656880.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Adware.TopSearch;Incurable.Moved.;
A0656888.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Trojan.Virtumod;Deleted.;
A0656890.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Adware.TopSearch;Incurable.Moved.;
A0656898.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Adware.TopSearch;Incurable.Moved.;
A0656900.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Trojan.Virtumod;Deleted.;
A0656902.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Adware.TopSearch;Incurable.Moved.;
A0656903.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Trojan.Virtumod;Deleted.;
A0656904.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP892;Adware.TopSearch;Incurable.Moved.;
A0658036.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP897;Trojan.Sklog;Deleted.;
A0658037.sys;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP897;Trojan.Sklog;Deleted.;
enylwpnk.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
iyfatcyr.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Moved.;
mxlyss.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
rqrroll.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
yflmiedu.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Moved.;
yiqviesi.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Moved.;
cdPlayer.ini:mjopy;C:\WINNT;Trojan.Feat.2;Deleted.;
Coffee Bean.bmp:rgbfh;C:\WINNT;Trojan.DownLoader.568;Deleted.;
DHCPUPG.LOG:yxqvpx;C:\WINNT;BackDoor.Netag;Deleted.;
FaxSetup.log:lwbtn;C:\WINNT;Trojan.DownLoader.568;Deleted.;
fcuaf.dat:enfvx;C:\WINNT;Trojan.Feat.2;Deleted.;
gftgk.dat:sackje;C:\WINNT;BackDoor.Netag;Deleted.;
ieuninst.exe:gcaua;C:\WINNT;Trojan.Feat.2;Deleted.;
iimvz.dat:szdrz;C:\WINNT;Trojan.DownLoader.568;Deleted.;
KB282010.log:kfgkp;C:\WINNT;Trojan.Feat.2;Deleted.;
KB821557.log:flwmz;C:\WINNT;Trojan.DownLoader.568;Deleted.;
KB822603.log:cfrpr;C:\WINNT;Trojan.DownLoader.530;Deleted.;
KB842773.log:xsddaf;C:\WINNT;Trojan.StartPage.563;Deleted.;
lndpd.dat:rwvfu;C:\WINNT;Trojan.Feat.2;Deleted.;
mscr(2).exe:oepfd;C:\WINNT;Trojan.Feat.2;Deleted.;
mscr(3).exe:oepfd;C:\WINNT;Trojan.Feat.2;Deleted.;
mscr(4).exe:oepfd;C:\WINNT;Trojan.Feat.2;Deleted.;
msdfmap.ini:qgwhy;C:\WINNT;BackDoor.Netag;Deleted.;
msdp(2).exe:tzvdcd;C:\WINNT;Trojan.StartPage.563;Deleted.;
mxqrg.dat:nlste;C:\WINNT;Trojan.Feat.2;Deleted.;
ocgen.log:ycllv;C:\WINNT;Trojan.Feat.2;Deleted.;
ODBCINST.INI:pfhkn;C:\WINNT;Trojan.DownLoader.568;Deleted.;
ogrri.dat:fbqiy;C:\WINNT;Trojan.DownLoader.530;Deleted.;
Prairie Wind.bmp:xffdp;C:\WINNT;Trojan.Feat.2;Deleted.;
Q323255.log:reqiv;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q327979.log:pgxij;C:\WINNT;Trojan.DownLoader.530;Deleted.;
Q329115.log:wnlvc;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q329441.log:fofyo;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q331958.log:crodu;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q810243.log:mfxtx;C:\WINNT;Trojan.Feat.2;Deleted.;
Q810577.log:mnoir;C:\WINNT;Trojan.Feat.2;Deleted.;
Q810833.log:vhvjn;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q811493.log:oefon;C:\WINNT;Trojan.Feat.2;Deleted.;
Q811630.log:fztmf;C:\WINNT;Trojan.Feat.2;Deleted.;
Q814033.log:mjkkz;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q814696.log:xgiet;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q814995.log:ntdgh;C:\WINNT;Trojan.Feat.2;Deleted.;
Q817287.log:hlgzv;C:\WINNT;Trojan.DownLoader.568;Deleted.;
Q819696.log:wjmnv;C:\WINNT;Trojan.DownLoader.568;Deleted.;
rqnti.dat:dagbm;C:\WINNT;Trojan.Feat.2;Deleted.;
SchedLgU.Txt:fwreb;C:\WINNT;Trojan.Feat.2;Deleted.;
setupact.log:owidb;C:\WINNT;Trojan.Feat.2;Deleted.;
setuplog.txt:hxtqv;C:\WINNT;Trojan.DownLoader.568;Deleted.;
slcplappl.ico:ttven;C:\WINNT;Trojan.DownLoader.568;Deleted.;
SmCfg.exe:qfugm;C:\WINNT;Trojan.DownLoader.568;Deleted.;
smdat32a.sys:eavbn;C:\WINNT;Trojan.DownLoader.568;Deleted.;
smscfg.ini:xhbpk;C:\WINNT;Trojan.DownLoader.530;Deleted.;
Soap Bubbles.bmp:yzgar;C:\WINNT;Trojan.Feat.2;Deleted.;
SpyBlocs_IsFirstTime.txt:mtnuo;C:\WINNT;Trojan.DownLoader.530;Deleted.;
Sti_Trace.log:obnjg;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twain_32(2).dll:gmkuzw;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
twain_32(3).dll:gmkuzw;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
twain_32(4).dll:gmkuzw;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
twain_32(5).dll:gmkuzw;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
twunk_16(2).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(3).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(4).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(5).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(6).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(6).exe:vmpun;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16(7).exe:lgjqq;C:\WINNT;Trojan.DownLoader.568;Deleted.;
twunk_16.exe:sunyq;C:\WINNT;Trojan.Feat.2;Deleted.;
twunk_32(2).exe:grupmz;C:\WINNT;Trojan.StartPage.563;Deleted.;
ujqrh.dat:nwmmg;C:\WINNT;Trojan.Feat.2;Deleted.;
UNNeroBurnRights.cfg:yuodc;C:\WINNT;Trojan.DownLoader.530;Deleted.;
wiaservc.log:pwgsi;C:\WINNT;Trojan.DownLoader.530;Deleted.;
wininit.ini:gliiz;C:\WINNT;Trojan.Feat.2;Deleted.;
winnt.bmp:qmbnt;C:\WINNT;Trojan.DownLoader.568;Deleted.;
winstart(2).bat:llhxhj;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
winstart(3).bat:llhxhj;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
winstart(4).bat:llhxhj;C:\WINNT;Trojan.DownLoader.1077;Deleted.;
yohdo.dat:zljca;C:\WINNT;Trojan.DownLoader.568;Deleted.;
_default(10).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(11).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(12).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(13).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(14).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(15).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(16).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(17).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(18).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(19).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(20).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(21).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(22).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(23).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(24).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(25).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(26).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(27).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(28).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(29).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(3).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(30).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(31).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(32).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(33).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(34).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(35).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(37).pif:wnvjb;C:\WINNT;Trojan.DownLoader.530;Deleted.;
_default(4).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(5).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(6).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(7).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(8).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default(9).pif:pjvze;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
_default.pif:zwypt;C:\WINNT;Trojan.DownLoader.1457;Deleted.;
explorer.exe:kjhwx;C:\WINNT\$NtServicePackUninstall$;Trojan.Feat.2;Deleted.;
slrundll.exe:xksrl;C:\WINNT\$NtServicePackUninstall$;Trojan.DownLoader.568;Deleted.;
ntio256.sys.ren;C:\WINNT\system32;Trojan.Sklog;Deleted.;
process.exe;C:\WINNT\system32;Tool.Prockill;Incurable.Moved.;
protector.exe.ren;C:\WINNT\system32;Trojan.Sklog;Deleted.;
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #29 on: February 19, 2007, 02:25:00 AM »
Code: [Select]
2007-02-19,01:23:04

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
 - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File


Boot Items
Registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IgfxTray><C:\WINNT\System32\igfxtray.exe>  [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINNT\System32\hkcmd.exe>  [(Verified)Intel Corporation]
<NeroCheck><C:\WINNT\System32\NeroCheck.exe>  [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}><>  [N/A]

==================================
Startup Folders
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MI1933~1\Office10\OSA.EXE [Microsoft Corporation]><N>

==================================
Services
[ANIWZCSd Service / ANIWZCSdService][Stopped/Auto Start]
  <C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe><Alpha Networks Inc.>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
  <C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
  <C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe><GRISOFT, s.r.o.>
[Creative Service for CDROM Access / Creative Service for CDROM Access][Running/Auto Start]
  <C:\WINNT\system32\CTsvcCDA.EXE><Creative Technology Ltd>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Intel NCS NetService / NetSvc][Stopped/Manual Start]
  <C:\Program Files\Intel\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[Windows Media Connect (WMC) / WmcCds][Stopped/Manual Start]
  <c:\program files\windows media connect\mswmccds.exe><Microsoft Corporation>
[Windows Media Connect (WMC) Helper / WmcCdsLs][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect\mswmcls.exe><Microsoft Corporation>

==================================
Drivers
[D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) / A3AB][Running/Manual Start]
  <system32\DRIVERS\A3AB.sys><D-Link Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ANIO Service / ANIO][Running/Auto Start]
  <\??\C:\WINNT\system32\ANIO.SYS><Alpha Networks Inc.>
[AVG7 Kernel / Avg7Core][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG Network Redirector / AvgTdi][Running/Auto Start]
  <\??\C:\WINNT\System32\Drivers\avgtdi.sys><GRISOFT, s.r.o.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
  <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[HPFECP06 / HPFECP06][Running/Auto Start]
  <\SystemRoot\System32\drivers\HPFECP06.SYS><N/A>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel Integrated RAID / iaStor][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\iaStor.sys><Intel Corporation>
[IntelC51 / IntelC51][Running/Manual Start]
  <System32\DRIVERS\IntelC51.sys><Intel Corporation>
[IntelC52 / IntelC52][Running/Manual Start]
  <System32\DRIVERS\IntelC52.sys><Intel Corporation>
[IntelC53 / IntelC53][Running/Manual Start]
  <System32\DRIVERS\IntelC53.sys><Intel Corporation>
[mohfilt / mohfilt][Running/Manual Start]
  <System32\DRIVERS\mohfilt.sys><Intel Corporation>
[Mtlmnt5 / Mtlmnt5][Stopped/Manual Start]
  <System32\DRIVERS\Mtlmnt5.sys><Smart Link>
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
  <System32\DRIVERS\Mtlstrm.sys><Smart Link>
[NtMtlFax / NtMtlFax][Stopped/Manual Start]
  <System32\DRIVERS\NtMtlFax.sys><Smart Link>
[nv / nv][Stopped/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PfModNT / PfModNT][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\PfModNT.sys><Creative Technology Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RecAgent / RecAgent][Stopped/Manual Start]
  <\??\C:\WINNT\System32\DRIVERS\RecAgent.sys><Smart Link>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SmartLink AMR_PCI Driver / Slntamr][Stopped/Manual Start]
  <System32\DRIVERS\slntamr.sys><Smart Link>
[SlNtHal / SlNtHal][Stopped/Manual Start]
  <System32\DRIVERS\Slnthal.sys><Smart Link>
[SlWdmSup / SlWdmSup][Stopped/Manual Start]
  <System32\DRIVERS\SlWdmSup.sys><Vireo Software>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
  <System32\DRIVERS\wanatw4.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[AOL Toolbar Launcher]
  {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[Java Plug-in 1.6.0]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll, Sun Microsystems, Inc.>
[AOL Toolbar]
  {3369AF0D-62E9-4bda-8103-B4C75499B578} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[AIM]
  {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:\Program Files\AIM\aim.exe, America Online, Inc.>
[Real.com]
  {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINNT\System32\Shdocvw.dll, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[HouseCall Control]
  {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} <C:\WINNT\DOWNLO~1\xscan60.ocx, Trend Micro Inc.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINNT\System32\LegitCheckControl.DLL, Microsoft® Corporation>
[Java Plug-in 1.6.0]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll, Sun Microsystems, Inc.>
[compid Class]
  {9A57B18E-2F5D-11D5-8997-00104BD12D94} <C:\WINNT\Downloaded Program Files\gwCID.dll, PC Pitstop LLC>
[Java Plug-in 1.6.0]
  {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\System32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINNT\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AOL Toolbar Launcher]
  {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINNT\System32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINNT\System32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[AOL Toolbar]
  {DE9C389F-3316-41A7-809B-AA305ED9D922} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[]
  {F18F04B0-9CF1-4B93-B004-77A288BEE28B} <C:\WINNT\system32\rtacltit.dll, N/A>
[&AOL Toolbar Search]
  <c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html, N/A>

==================================
Running Processes
[PID: 644][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1152][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1332][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1572][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINNT\system32\HPFlpm06.dll]  [N/A, N/A]
[C:\WINNT\system32\HPFCOM06.DLL]  [N/A, N/A]
[C:\WINNT\system32\HPFIOP06.DLL]  [N/A, N/A]
[C:\WINNT\system32\HPFMLC06.dll]  [N/A, N/A]
[C:\WINNT\system32\HPFMEM06.dll]  [N/A, N/A]
[PID: 1796][C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe]  [GRISOFT, s.r.o., 7,1,0,365]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7,1,0,321]
[C:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7,1,0,349]
[PID: 1812][C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe]  [GRISOFT, s.r.o., 7,1,0,349]
[PID: 1864][C:\WINNT\system32\CTsvcCDA.EXE]  [Creative Technology Ltd, 1.0.1.0]
[PID: 260][C:\WINNT\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 628][C:\WINNT\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 1312][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINNT\System32\igfxpph.dll]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.2209]
[PID: 1524][C:\WINNT\System32\hkcmd.exe]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxhk.dll]  [Intel Corporation, 3.0.0.2209]
[C:\WINNT\System32\igfxres.dll]  [Intel Corporation, 3.0.0.2209]
[PID: 1648][C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe]  [GRISOFT, s.r.o., 7,1,0,371]
[C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll]  [GRISOFT, s.r.o., 7,1,0,285]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7,1,0,321]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgscan.dll]  [GRISOFT, s.r.o., 7,1,0,384]
[C:\Program Files\Grisoft\AVG Free\avgunarc.dll]  [GRISOFT, s.r.o., 7,1,0,381]
[C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll]  [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll]  [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll]  [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll]  [GRISOFT, s.r.o., 7,1,0,300]
[C:\Program Files\Grisoft\AVG Free\avgmail.dll]  [GRISOFT, s.r.o., 7,1,0,358]
[PID: 1736][C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe]  [D-Link, 3, 3, 1, 50324]
[C:\WINNT\system32\wlanapi.dll]  [Alpha Networks Inc., 1, 3, 19, 50222]
[C:\WINNT\system32\ANIOApi.dll]  [Alpha Networks Inc., 2, 0, 0, 40127]
[C:\WINNT\system32\AQCKGen.dll]  [Alpha Networks Inc., 1, 0, 0, 30603]
[C:\WINNT\system32\WlanApp.dll]  [Alpha Networks Inc., 1, 0, 10, 50316]
[PID: 1992][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Computer, Inc., 7.0.2.16]
[PID: 148][C:\Program Files\Java\jre1.6.0\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.0.105]
[PID: 244][C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe]  [Adobe Systems Incorporated, 7.0.0.0]
[PID: 2024][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Computer, Inc., 7.0.2.16]
[PID: 2536][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla, 1.0.7]
[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.5 Beta]
[C:\Program Files\Mozilla Firefox\smime3.dll]  [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\nss3.dll]  [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Netscape Communications Corporation, 3.9.3]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll]  [N/A, N/A]
[C:\Program Files\Mozilla Firefox\components\qfaservices.dll]  [Mozilla Foundation, 1.7.12: 2005091517]
[C:\Program Files\Mozilla Firefox\components\FULLSOFT.DLL]  [Full Circle Software, Inc., 2.2.unofficial]
[C:\Program Files\Java\jre1.6.0\bin\npoji610.dll]  [Sun Microsystems, Inc., 6.0.0.105]
[C:\Program Files\Java\jre1.6.0\bin\jpioji.dll]  [Sun Microsystems, Inc., 6.0.0.105]
[C:\Program Files\Java\jre1.6.0\bin\jpinscp.dll]  [Sun Microsystems, Inc., 6.0.0.105]
[C:\Program Files\Java\jre1.6.0\bin\jpishare.dll]  [Sun Microsystems, Inc., 6.0.0.105]
[C:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.7.12: 2005091517]
[C:\PROGRA~1\MOZILL~1\nssckbi.dll]  [Netscape Communications Corporation, 1.42]
[PID: 1404][C:\WINNT\system32\msiexec.exe]  [Microsoft Corporation, 3.1.4000.1823]
[PID: 3472][C:\Documents and Settings\Vince.BACKROOM\Desktop\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1   localhost

==================================
API HOOK
N/A

==================================
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #30 on: February 19, 2007, 02:33:25 AM »
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP861\A0630856.rbf : srpza  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655567.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655568.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655569.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655570.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655571.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655572.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655574.ini : mjopy  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655574.ini : qiuqc  (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655575.ini : xbfrv  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655575.ini : yixir  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655580.exe : gcaua  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655580.exe : kppcb  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655584.dll : tuwqy  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655585.exe : azlyab  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655585.exe : oepfd  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655586.exe : oepfd  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655587.exe : oepfd  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655589.ini : qgwhy  (12043 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655590.exe : tzvdcd  (66560 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655598.INI : gmuxs  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655598.INI : pfhkn  (26624 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655600.INI : fegqo  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655601.OLD : slzvn  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655602.exe : caryg  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655602.exe : ovjwz  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655603.dll : jpijq  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655603.dll : nbkda  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655604.exe : bqtok  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655604.exe : hsvbx  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655606.INI : bqsju  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655606.INI : lgoqz  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655606.INI : qvgbz  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655608.dll : bwjun  (3362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655608.dll : dmiof  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655608.dll : tqdxo  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655609.INI : pkmvx  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655609.INI : wiriv  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655610.ico : ttven  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655611.exe : qfugm  (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655611.exe : zgeme  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655612.sys : eavbn  (26624 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655612.sys : xjprx  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655613.sys : jgswc  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655614.ini : xhbpk  (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655618.exe : gmnku  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655620.dll : gmyvs  (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655620.dll : rphrwz  (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655621.dll : gmyvs  (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655621.dll : rphrwz  (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655622.dll : gmyvs  (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655622.dll : rphrwz  (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655623.dll : gmyvs  (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655623.dll : mlcfx  (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655623.dll : rphrwz  (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655624.dll : gmyvs  (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655625.dll : gmkuzw  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655625.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655626.dll : gmkuzw  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655626.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655627.dll : gmkuzw  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655627.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655628.dll : gmkuzw  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655628.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655629.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655629.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655630.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655630.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655630.exe : uaapzr  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655631.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655631.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655632.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655632.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655633.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655633.exe : sehrs  (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655633.exe : vmpun  (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655634.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655634.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655635.exe : sbnmbe  (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655635.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655636.exe : grupmz  (66560 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655636.exe : ohshd  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655636.exe : qluzd  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655638.cfg : rnlcsx  (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655638.cfg : yuodc  (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655639.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655639.ini : ryeaqz  (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655640.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655641.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655642.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655643.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655644.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655646.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655647.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655648.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655649.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655650.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655651.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655659.ini : gliiz  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655670.bat : llhxhj  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655671.bat : llhxhj  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655672.bat : llhxhj  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655674.dll : obobw  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655675.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655676.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655677.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655678.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655679.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655680.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655681.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655682.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655683.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655684.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655685.pif : pjvze  (102697 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655686.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655687.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655688.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655689.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655690.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655691.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655692.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655693.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655694.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655695.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655696.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655697.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655698.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655699.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655700.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655701.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655702.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655703.pif : pjvze  (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655704.pif : wnvjb  (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655705.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655706.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655707.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655708.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655709.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655710.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655711.pif : nrwyg  (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655711.pif : zwypt  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667272.ini : mjopy  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667272.ini : qiuqc  (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667273.exe : gcaua  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667273.exe : kppcb  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667274.exe : azlyab  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667274.exe : oepfd  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667275.exe : oepfd  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667276.exe : oepfd  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667277.ini : qgwhy  (12043 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667278.exe : tzvdcd  (66560 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667279.INI : gmuxs  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667279.INI : pfhkn  (26624 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667280.ico : ttven  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667281.exe : qfugm  (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667281.exe : zgeme  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667282.sys : eavbn  (26624 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667282.sys : xjprx  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667283.ini : xhbpk  (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667284.dll : gmkuzw  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667284.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667285.dll : gmkuzw  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667285.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667286.dll : gmkuzw  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667286.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667287.dll : gmkuzw  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667287.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667288.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667288.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667289.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667289.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667289.exe : uaapzr  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667290.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667290.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667291.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667291.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667292.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667292.exe : sehrs  (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667292.exe : vmpun  (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667293.exe : lgjqq  (27453 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667293.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667294.exe : sbnmbe  (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667294.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667295.exe : grupmz  (66560 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667295.exe : ohshd  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667295.exe : qluzd  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667296.cfg : rnlcsx  (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667296.cfg : yuodc  (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667297.ini : gliiz  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667298.bat : llhxhj  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667299.bat : llhxhj  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667300.bat : llhxhj  (29696 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667301.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667302.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667303.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667304.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667305.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667306.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667307.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667308.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667309.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667310.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667311.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667312.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667313.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667314.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667315.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667316.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667317.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667318.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667319.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667320.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667321.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667322.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667323.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667324.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667325.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667326.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667327.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667328.pif : wnvjb  (28787 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667329.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667330.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667331.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667332.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667333.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667334.pif : pjvze  (96362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667335.pif : nrwyg  (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP902\A0667335.pif : zwypt  (96362 bytes)
C:\WINNT\$NtServicePackUninstall$\slrundll.exe : eqfed  (11591 bytes)
C:\WINNT\$NtServicePackUninstall$\twain_32.dll : jojhk  (56832 bytes)
C:\WINNT\addvl32.dll : evlei  (11388 bytes)
C:\WINNT\addvl32.dll : failv  (11591 bytes)
C:\WINNT\appxu(2).exe : wowyqt  (3567 bytes)
C:\WINNT\appxu(3).exe : wowyqt  (3567 bytes)
C:\WINNT\appxu(4).exe : wowyqt  (3567 bytes)
C:\WINNT\appxu(5).exe : wowyqt  (3567 bytes)
C:\WINNT\appxu(6).exe : wowyqt  (3567 bytes)
C:\WINNT\appxu(7).exe : wowyqt  (3567 bytes)
C:\WINNT\atid.ini : cpsln  (56320 bytes)
C:\WINNT\atlyr.exe : ufbxb  (11591 bytes)
C:\WINNT\bootstat.dat : iiqau  (56320 bytes)
C:\WINNT\cdPlayer.ini : qiuqc  (56320 bytes)
C:\WINNT\clock.avi : eavlt  (11591 bytes)
C:\WINNT\Coffee Bean.bmp : gheux  (11591 bytes)
C:\WINNT\control.ini : xbfrv  (11388 bytes)
C:\WINNT\control.ini : yixir  (11388 bytes)
C:\WINNT\creb.dll : puyep  (11388 bytes)
C:\WINNT\d3jg(2).exe : kxznra  (3567 bytes)
C:\WINNT\d3nz32.exe : kzqtsk  (11736 bytes)
C:\WINNT\DHCPUPG.LOG : ntvji  (0 bytes)
C:\WINNT\DtcInstall.log : bcvwgz  (7473 bytes)
C:\WINNT\DtcInstall.log : cbwuz  (11388 bytes)
C:\WINNT\enhtb(2).dll : ibhwtm  (11736 bytes)
C:\WINNT\enhtb(3).dll : ibhwtm  (11736 bytes)
C:\WINNT\evnso.dat : mqfkr  (56832 bytes)
C:\WINNT\ewqeb.dat : gcvzy  (56320 bytes)
C:\WINNT\explorer.scf : qqqkpo  (11736 bytes)
C:\WINNT\FaxSetup.log : usmigl  (66560 bytes)
C:\WINNT\FinalAlert2.ini : gfstl  (11591 bytes)
C:\WINNT\Gone Fishing.bmp : ljiee  (11388 bytes)
C:\WINNT\Gone Fishing.bmp : mvvtw  (56832 bytes)
C:\WINNT\Greenstone.bmp : ngdhx  (11388 bytes)
C:\WINNT\ieuninst.exe : kppcb  (11388 bytes)
C:\WINNT\iimvz.dat : yohyk  (10626 bytes)
C:\WINNT\iis6.log : ntvvvb  (800 bytes)
C:\WINNT\Instcomp.lyt : fuoaxl  (800 bytes)
C:\WINNT\jatym.dat : zhdtaq  (3567 bytes)
C:\WINNT\javadh.exe : azlfc  (11591 bytes)
C:\WINNT\KB821187.log : hyhkh  (11591 bytes)
C:\WINNT\KB821187.log : yiyms  (11591 bytes)
C:\WINNT\KB821187.log : zodoc  (11388 bytes)
C:\WINNT\KB821557.log : cyhfkh  (11736 bytes)
C:\WINNT\KB821557.log : hnncgb  (3547 bytes)
C:\WINNT\KB824146.log : qjrrm  (7305 bytes)
C:\WINNT\KB824146.log : zyzpk  (11591 bytes)
C:\WINNT\KB828741.log : uzssmk  (13874 bytes)
C:\WINNT\KB828741.log : zofiid  (68096 bytes)
C:\WINNT\KB835732.log : jjbfg  (3347 bytes)
C:\WINNT\KB840987.log : nrkxgu  (3567 bytes)
C:\WINNT\KB873333.log : uznaki  (11736 bytes)
C:\WINNT\KB885835.log : maygnt  (7473 bytes)
C:\WINNT\KB888302.log : fbrthd  (3567 bytes)
C:\WINNT\macromix.dll : tuwqy  (11388 bytes)
C:\WINNT\mfcdf32.exe : fqemfh  (800 bytes)
C:\WINNT\mfcqt32.exe : ntpcj  (11388 bytes)
C:\WINNT\msaq32(2).exe : iyskfq  (7473 bytes)
C:\WINNT\mscr(2).exe : azlyab  (3567 bytes)
C:\WINNT\msgsocm.log : feeent  (7473 bytes)
C:\WINNT\msna.dll : kzdjw  (11591 bytes)
C:\WINNT\msna.dll : mnldc  (11591 bytes)
C:\WINNT\msoffice.ini : eovje  (11591 bytes)
C:\WINNT\msuz.exe : xpowz  (3347 bytes)
C:\WINNT\msym.exe : ppgbb  (56320 bytes)
C:\WINNT\mxqrg.dat : uplgj  (11591 bytes)
C:\WINNT\mxqrg.dat : ygelam  (3567 bytes)
C:\WINNT\ntaf.dll : qoglu  (11591 bytes)
C:\WINNT\nurtq.dat : bguui  (11591 bytes)
C:\WINNT\n_gekqpb.dat : eaqsy  (56832 bytes)
C:\WINNT\n_gekqpb.dat : ltxkk  (56832 bytes)
C:\WINNT\n_gekqpb.dat : yqslt  (11591 bytes)
C:\WINNT\n_ohjnir.txt : wjiuns  (800 bytes)
C:\WINNT\n_ygelam.dat : ydqgpq  (7473 bytes)
C:\WINNT\ocgen.log : olkkx  (11591 bytes)
C:\WINNT\ODBCINST.INI : gmuxs  (11591 bytes)
C:\WINNT\OEWABLog.txt : zmncu  (11591 bytes)
C:\WINNT\ofwei.dat : twzlg  (11591 bytes)
C:\WINNT\ogrri.dat : pfmzp  (11591 bytes)
C:\WINNT\ogrri.dat : rnfho  (56832 bytes)
C:\WINNT\ogrri.dat : zvdly  (56832 bytes)
C:\WINNT\oobeact.log : dvxgg  (11388 bytes)
C:\WINNT\orun32.ini : vvqla  (11388 bytes)
C:\WINNT\owdoq.dat : szixf  (56832 bytes)
C:\WINNT\Prairie Wind.bmp : zihzq  (11591 bytes)
C:\WINNT\Q327979.log : qalhja  (7473 bytes)
C:\WINNT\Q328310.log : cjsjm  (56832 bytes)
C:\WINNT\Q329115.log : jaevdc  (3567 bytes)
C:\WINNT\Q811493.log : yipuz  (26624 bytes)
C:\WINNT\Q814995.log : rihhb  (26992 bytes)
C:\WINNT\Q814995.log : vfkbk  (11591 bytes)
C:\WINNT\Q817287.log : oydge  (11388 bytes)
C:\WINNT\Q817357.log : ebrtec  (11736 bytes)
C:\WINNT\Q817357.log : tqvqt  (11591 bytes)
C:\WINNT\Q819636.log : bcksq  (11591 bytes)
C:\WINNT\Q819636.log : gyntg  (11388 bytes)
C:\WINNT\Q819636.log : opcyy  (11591 bytes)
C:\WINNT\qavzl.dat : gpvds  (11388 bytes)
C:\WINNT\qavzl.dat : uddxs  (11388 bytes)
C:\WINNT\qbvjw.dat : rzgza  (56320 bytes)
C:\WINNT\QUICKEN.INI : fegqo  (56832 bytes)
C:\WINNT\REGLOCS.OLD : slzvn  (56832 bytes)
C:\WINNT\River Sumida.bmp : ieneb  (102697 bytes)
C:\WINNT\rqnti.dat : lugdc  (11388 bytes)
C:\WINNT\ScUnin.exe : caryg  (11591 bytes)
C:\WINNT\ScUnin.exe : ovjwz  (56832 bytes)
C:\WINNT\sdkfj32(2).dll : jpijq  (11591 bytes)
C:\WINNT\sdkfj32(2).dll : nbkda  (11591 bytes)
C:\WINNT\sdkfj32.dll : jpijq  (11591 bytes)
C:\WINNT\sdkfj32.dll : nbkda  (11591 bytes)
C:\WINNT\sdkkm.exe : bqtok  (11388 bytes)
C:\WINNT\sdkkm.exe : hsvbx  (11591 bytes)
C:\WINNT\sdkok32.dll : ftvrc  (56320 bytes)
C:\WINNT\Setup32.INI : bqsju  (11591 bytes)
C:\WINNT\Setup32.INI : lgoqz  (11591 bytes)
C:\WINNT\Setup32.INI : qvgbz  (11591 bytes)
C:\WINNT\setupapi.log.0.old : iwqht  (11591 bytes)
C:\WINNT\setuplog.txt : jcmyz  (11591 bytes)
C:\WINNT\setuplog.txt : smgtu  (56832 bytes)
C:\WINNT\shpbn.dll : bwjun  (3362 bytes)
C:\WINNT\shpbn.dll : dmiof  (11591 bytes)
C:\WINNT\shpbn.dll : tqdxo  (11591 bytes)
C:\WINNT\SIERRA.INI : pkmvx  (56832 bytes)
C:\WINNT\SIERRA.INI : wiriv  (11591 bytes)
C:\WINNT\siwik.dat : bdeet  (56832 bytes)
C:\WINNT\siwik.dat : uqyxv  (11591 bytes)
C:\WINNT\sl.lng : byued  (0 bytes)
C:\WINNT\sl.lng : gjknp  (56832 bytes)
C:\WINNT\sl.lng : yfheg  (11591 bytes)
C:\WINNT\slykm.dat : rgaja  (11388 bytes)
C:\WINNT\SmCfg.exe : zgeme  (56832 bytes)
C:\WINNT\smdat32a.sys : xjprx  (11591 bytes)
C:\WINNT\smdat32m.sys : jgswc  (11388 bytes)
C:\WINNT\Soap Bubbles.bmp : pkiwr  (56832 bytes)
C:\WINNT\SpyBlocs_IsFirstTime.txt : xwoak  (10626 bytes)
C:\WINNT\system.ini : kwuja  (56832 bytes)
C:\WINNT\tgvjv.dat : bykya  (11591 bytes)
C:\WINNT\tgvjv.dat : ckcxu  (11591 bytes)
C:\WINNT\TLCUninstall.exe : gmnku  (11591 bytes)
C:\WINNT\tmpdelis.bat : tyudc  (11388 bytes)
C:\WINNT\tqdvm.log : mmxpfr  (11736 bytes)
C:\WINNT\tslcr.log : dpzzvc  (7473 bytes)
C:\WINNT\tsoc.log : fmpczc  (13874 bytes)
C:\WINNT\twain(2).dll : gmyvs  (55808 bytes)
C:\WINNT\twain(2).dll : rphrwz  (11736 bytes)
C:\WINNT\twain(3).dll : gmyvs  (55808 bytes)
C:\WINNT\twain(3).dll : rphrwz  (11736 bytes)
C:\WINNT\twain(4).dll : gmyvs  (55808 bytes)
C:\WINNT\twain(4).dll : rphrwz  (11736 bytes)
C:\WINNT\twain(5).dll : gmyvs  (55808 bytes)
C:\WINNT\twain(5).dll : mlcfx  (0 bytes)
C:\WINNT\twain(5).dll : rphrwz  (11736 bytes)
C:\WINNT\twain.dll : gmyvs  (55808 bytes)
C:\WINNT\twain_32(2).dll : jojhk  (56832 bytes)
C:\WINNT\twain_32(3).dll : jojhk  (56832 bytes)
C:\WINNT\twain_32(4).dll : jojhk  (56832 bytes)
C:\WINNT\twain_32(5).dll : jojhk  (56832 bytes)
C:\WINNT\twdbl.dat : tvohk  (11591 bytes)
C:\WINNT\twdbl.dat : wafwr  (56832 bytes)
C:\WINNT\twdbl.dat : wgicj  (11591 bytes)
C:\WINNT\twdbl.dat : xnahce  (3567 bytes)
C:\WINNT\twunk_16(2).exe : sunyq  (10626 bytes)
C:\WINNT\twunk_16(3).exe : sunyq  (10626 bytes)
C:\WINNT\twunk_16(3).exe : uaapzr  (3567 bytes)
C:\WINNT\twunk_16(4).exe : sunyq  (10626 bytes)
C:\WINNT\twunk_16(5).exe : sunyq  (10626 bytes)
C:\WINNT\twunk_16(6).exe : sehrs  (27012 bytes)
C:\WINNT\twunk_16(7).exe : sunyq  (10626 bytes)
C:\WINNT\twunk_16.exe : sbnmbe  (800 bytes)
C:\WINNT\twunk_32(2).exe : ohshd  (11388 bytes)
C:\WINNT\twunk_32(2).exe : qluzd  (11591 bytes)
C:\WINNT\twunk_32.exe : ohshd  (11388 bytes)
C:\WINNT\twunk_32.exe : qluzd  (11591 bytes)
C:\WINNT\ujqrh.dat : ouhjec  (800 bytes)
C:\WINNT\ujqrh.dat : pptjk  (11591 bytes)
C:\WINNT\umclw.dat : ynsoym  (800 bytes)
C:\WINNT\uninst.exe : arwtg  (3063 bytes)
C:\WINNT\UNNeroBurnRights.cfg : rnlcsx  (800 bytes)
C:\WINNT\UNNeroBurnRights.exe : wqoda  (11591 bytes)
C:\WINNT\vb(2).ini : ldqxg  (3063 bytes)
C:\WINNT\vb(2).ini : ryeaqz  (800 bytes)
C:\WINNT\vb(3).ini : ldqxg  (3063 bytes)
C:\WINNT\vb(4).ini : ldqxg  (3063 bytes)
C:\WINNT\vb(5).ini : ldqxg  (3063 bytes)
C:\WINNT\vb(6).ini : ldqxg  (3063 bytes)
C:\WINNT\vb(7).ini : ldqxg  (3063 bytes)
C:\WINNT\vb.ini : ldqxg  (3063 bytes)
C:\WINNT\vbaddin.ini : czhtmu  (800 bytes)
C:\WINNT\vsapi32.dll : usaygw  (800 bytes)
C:\WINNT\winhelp(2).exe : egsqrg  (3567 bytes)
C:\WINNT\winhelp(3).exe : egsqrg  (3567 bytes)
C:\WINNT\winhelp(4).exe : egsqrg  (3567 bytes)
C:\WINNT\winhelp(5).exe : egsqrg  (3567 bytes)
C:\WINNT\winhelp(6).exe : egsqrg  (3567 bytes)
C:\WINNT\winhelp(7).exe : egsqrg  (3567 bytes)
C:\WINNT\WMSysPrx.prx : hcnsx  (3063 bytes)
C:\WINNT\xvtja.dll : obobw  (3063 bytes)
C:\WINNT\yohdo.dat : buvoa  (56832 bytes)
C:\WINNT\_default(2).pif : pjvze  (102697 bytes)
C:\WINNT\_default(36).pif : pjvze  (0 bytes)
C:\WINNT\_default.pif : nrwyg  (0 bytes)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer infected with spyware, help
« Reply #31 on: February 19, 2007, 07:11:13 PM »
Hi again Rsdevil, well that took awhile to respond back
Seems like more infected files

Can you do the following

Reboot your computer into safe mode

Sign in with your normal account

Run Hijackthis again>>Open the MISC TOOLS SECTION
Open ADS SPY...
UNCHECK "Quick Scan"
Then click the SCAN button,
When it's done Put a check in all items found
Then select the "Remove Selected" button
OK any prompt you get

Reboot back to Normal windows
Post a fresh hijackthis log
Also run ADS spy again and post it 's log

I totally forgot about the Vundofix log last time
Can you post it's last log too
C:\Vundofix.txt

Let me know how things are running please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #32 on: February 20, 2007, 01:40:57 AM »
Logfile of HijackThis v1.99.1
Scan saved at 12:39:41 AM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #33 on: February 20, 2007, 01:48:51 AM »
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP890\A0655636.exe : grupmz  (66560 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667370.pif : nrwyg  (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667371.pif : pjvze  (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667372.pif : pjvze  (102697 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667373.dll : obobw  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667374.prx : hcnsx  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667375.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667376.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667377.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667378.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667379.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667380.exe : egsqrg  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667381.dll : usaygw  (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667382.ini : czhtmu  (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667383.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667384.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667385.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667386.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667387.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667388.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667389.ini : ldqxg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667389.ini : ryeaqz  (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667390.exe : wqoda  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667391.cfg : rnlcsx  (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667392.exe : arwtg  (3063 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667393.exe : ohshd  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667393.exe : qluzd  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667394.exe : ohshd  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667394.exe : qluzd  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667395.exe : sbnmbe  (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667396.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667397.exe : sehrs  (27012 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667398.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667399.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667400.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667400.exe : uaapzr  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667401.exe : sunyq  (10626 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667402.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667403.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667404.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667405.dll : jojhk  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667406.dll : gmyvs  (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667407.dll : gmyvs  (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667407.dll : mlcfx  (0 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667407.dll : rphrwz  (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667408.dll : gmyvs  (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667408.dll : rphrwz  (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667409.dll : gmyvs  (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667409.dll : rphrwz  (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667410.dll : gmyvs  (55808 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667410.dll : rphrwz  (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667411.bat : tyudc  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667412.exe : gmnku  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667413.sys : jgswc  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667414.sys : xjprx  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667415.exe : zgeme  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667416.INI : pkmvx  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667416.INI : wiriv  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667417.dll : bwjun  (3362 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667417.dll : dmiof  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667417.dll : tqdxo  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667418.old : iwqht  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667419.INI : bqsju  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667419.INI : lgoqz  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667419.INI : qvgbz  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667420.dll : ftvrc  (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667421.exe : bqtok  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667421.exe : hsvbx  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667422.dll : jpijq  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667422.dll : nbkda  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667423.dll : jpijq  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667423.dll : nbkda  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667424.exe : caryg  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667424.exe : ovjwz  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667425.OLD : slzvn  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667426.INI : fegqo  (56832 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667427.ini : vvqla  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667428.INI : gmuxs  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667429.dll : qoglu  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667430.exe : ppgbb  (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667431.exe : xpowz  (3347 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667432.ini : eovje  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667433.dll : kzdjw  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667433.dll : mnldc  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667434.exe : azlyab  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667435.exe : iyskfq  (7473 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667436.exe : ntpcj  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667437.exe : fqemfh  (800 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667438.dll : tuwqy  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667439.exe : azlfc  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667440.exe : kppcb  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667441.ini : gfstl  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667442.dll : ibhwtm  (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667443.dll : ibhwtm  (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667444.exe : kzqtsk  (11736 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667445.exe : kxznra  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667446.dll : puyep  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667447.ini : xbfrv  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667447.ini : yixir  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667448.ini : qiuqc  (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667449.exe : ufbxb  (11591 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667450.ini : cpsln  (56320 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667451.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667452.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667453.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667454.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667455.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667456.exe : wowyqt  (3567 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667457.dll : evlei  (11388 bytes)
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP903\A0667457.dll : failv  (11591 bytes)
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #34 on: February 20, 2007, 02:01:24 AM »
The computer is running much better. Thank you so much. I still have net nanny popping up and I can't seem to get rid of it. I can't stand that program. Other than that there are a couple of small error messages that pop up when I log on the computer. It doesn't seem to be much of a problem though.





VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.3

Scan started at 12:09:23 AM 2/6/2007

Listing files found while scanning....

C:\WINNT\Help\starter\mxlyss.dll
C:\WINNT\Help\starter\ssylxm.bak1
C:\WINNT\Help\starter\ssylxm.bak2
C:\WINNT\Help\starter\ssylxm.ini
C:\WINNT\Help\starter\ssylxm.ini2
C:\WINNT\Help\starter\ssylxm.tmp
C:\WINNT\system32\anugbmlt.dll
C:\WINNT\system32\enylwpnk.dll
C:\WINNT\system32\gjtxqeqm.dll
C:\WINNT\system32\iergmope.dll
C:\WINNT\system32\iyfatcyr.exe
C:\WINNT\system32\knpwlyne.ini
C:\WINNT\system32\pjuxptvk.dll
C:\WINNT\system32\rqrroll.dll
C:\WINNT\system32\rtacltit.dll
C:\WINNT\system32\uqkyekfb.dll
C:\WINNT\system32\wsdgotag.dll
C:\WINNT\system32\yflmiedu.exe
C:\WINNT\system32\yiqviesi.exe

Beginning removal...

 Attempting to delete C:\WINNT\Help\starter\mxlyss.dll
C:\WINNT\Help\starter\mxlyss.dll Has been deleted!

 Attempting to delete C:\WINNT\Help\starter\ssylxm.bak1
C:\WINNT\Help\starter\ssylxm.bak1 Has been deleted!

 Attempting to delete C:\WINNT\Help\starter\ssylxm.bak2
C:\WINNT\Help\starter\ssylxm.bak2 Has been deleted!

 Attempting to delete C:\WINNT\Help\starter\ssylxm.ini
C:\WINNT\Help\starter\ssylxm.ini Has been deleted!

 Attempting to delete C:\WINNT\Help\starter\ssylxm.ini2
C:\WINNT\Help\starter\ssylxm.ini2 Has been deleted!

 Attempting to delete C:\WINNT\Help\starter\ssylxm.tmp
C:\WINNT\Help\starter\ssylxm.tmp Has been deleted!

 Attempting to delete C:\WINNT\system32\enylwpnk.dll
C:\WINNT\system32\enylwpnk.dll Has been deleted!

 Attempting to delete C:\WINNT\system32\iyfatcyr.exe
C:\WINNT\system32\iyfatcyr.exe Has been deleted!

 Attempting to delete C:\WINNT\system32\knpwlyne.ini
C:\WINNT\system32\knpwlyne.ini Has been deleted!

 Attempting to delete C:\WINNT\system32\rqrroll.dll
C:\WINNT\system32\rqrroll.dll Has been deleted!

 Attempting to delete C:\WINNT\system32\yflmiedu.exe
C:\WINNT\system32\yflmiedu.exe Has been deleted!

 Attempting to delete C:\WINNT\system32\yiqviesi.exe
C:\WINNT\system32\yiqviesi.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.3

Scan started at 1:11:07 AM 2/19/2007

Listing files found while scanning....

C:\WINNT\system32\anugbmlt.dll
C:\WINNT\system32\rtacltit.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.3

Scan started at 12:48:41 AM 2/20/2007

Listing files found while scanning....

C:\WINNT\system32\anugbmlt.dll
C:\WINNT\system32\rtacltit.dll
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #35 on: March 01, 2007, 12:05:19 AM »
I just wanted to bump this, and see if I was done with all the processes.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer infected with spyware, help
« Reply #36 on: March 10, 2007, 09:44:46 AM »
Very sorry again for the long delay in my return
How is everything running on your end now?
We still had a bit more cleaning to do, do you still have access to the computer?
Can you post a fresh hijackthis log if your still around

Again, I apologize for the extreme long delay in getting back to you
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #37 on: March 20, 2007, 11:43:57 PM »
[quote name=\'guestolo\' post=\'299488\' date=\'Mar 10 2007, 08:44 AM\']Very sorry again for the long delay in my return
How is everything running on your end now?
We still had a bit more cleaning to do, do you still have access to the computer?
Can you post a fresh hijackthis log if your still around

Again, I apologize for the extreme long delay in getting back to you[/quote]


I just got access to the computer again. I will be able to get to this computer more often now. Get back to me when you get a chance... Here's the log file.

Logfile of HijackThis v1.99.1
Scan saved at 10:41:15 PM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer infected with spyware, help
« Reply #38 on: March 22, 2007, 07:09:06 PM »
Looks good, for some final cleanup
Can you do the following
Find and delete these files if they are still hanging around
C:\WINNT\system32\rtacltit.dll <-this file
C:\WINNT\system32\anugbmlt.dll <-this file

To stop Net Nanny from popping up at startup
Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open SrEng.exe again
Click the System Repair button
Then choose "Browser Addon" tab
Use your mouse and expand CLSID 1 so you read the entire entry
Left click to Highlight then Delete Selected on only this one entry
{F18F04B0-9CF1-4B93-B004-77A288BEE28B}

Exit SrEng.exe afterwards

Reboot the computer, back in Windows
If everything is running better
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Give it a name and click Create
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

You should give your computer a bit more protection
Install
SpywareBlaster 3.5.1 by JavaCool  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

In addition, utilize the Immunization feature in Spybot 1.4
After every update
Click the "Immunize" button>>OK the prompt>>Immunize again at the top green cross

If there are other user profiles on the computer, have them login and enable all protections with Spywareblaster
and Immunize with Spybot after every update

Hope that helps
« Last Edit: March 23, 2007, 07:58:05 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer infected with spyware, help
« Reply #39 on: March 27, 2007, 11:20:04 PM »
Everything is great, when I restart my computer though, I get this error message. A window pops up and says avgcc.exe unable to locate component. This application has failed to start because MFC71.DLL was not found. Re-installing the application may fix this problem.

I just hit ok and everything is fine, I was just wondering if I could ger rid of this error message?
Logged
Pages: 1 [2] 3
« previous next »