Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer only freezes unless I'm in Safe mode [RESOLVED]

Started by phikapp , Nov 09 2007 01:06 PM

  • This topic is locked This topic is locked

#1
phikapp
Posted 09 November 2007 - 01:06 PM

phikapp

    New Member

  • Member
  • Pip
  • 6 posts
I am having multiple problems with my computer currently. At first my Desktop background was replaced with a black screen with red letters that said I had multiple virus and malware infections. Then, I realized that Ctrl-Alt-Del brought up a message that says "Task manager has been disabled by your Administrator." Next, I started getting little pop-up messages from the right side of the taskbar that suggested that I should install a particular adware remover. Finally, I installed Windows Defender. It appeared to work to delete multiple virus and tojan files when it ran at start up initially, but the next time I turned the computer on the viruses started getting worse. Now the computer is working on startup, but there are so many programs being run that the start menu won't even open (that's what I meant by freeze).

here is my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 12:44:11 PM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\Cleaning Supplies\HijackThis.exe

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {F52F21EE-C007-9083-7830-EDECDFE64ECB} - C:\WINDOWS\System32\ati.dll
O4 - HKLM\..\Run: [zoa1b9d5] RUNDLL32.EXE w2bb426f.dll,n 0021b9d3000000032bb426f
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  • 0

Advertisements

#2
Essexboy
Posted 09 November 2007 - 01:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi phikapp lets see if I can help out on this

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {F52F21EE-C007-9083-7830-EDECDFE64ECB} - C:\WINDOWS\System32\ati.dll
O4 - HKLM\..\Run: [zoa1b9d5] RUNDLL32.EXE w2bb426f.dll,n 0021b9d3000000032bb426f
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
phikapp
Posted 09 November 2007 - 07:01 PM

phikapp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Okay here's my combofix log file


ComboFix 07-11-08.1 - Administrator 2007-11-09 15:59:07.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.821 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\CROSOF~1
C:\Documents and Settings\Administrator\Application Data\CROSOF~1.NET
C:\Documents and Settings\Administrator\Application Data\ICROSO~1.NET
C:\Documents and Settings\Administrator\Application Data\install.dat
C:\Documents and Settings\Administrator\Application Data\STEM32~1
C:\Documents and Settings\Administrator\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Administrator\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\Administrator\Application Data\YSTEM~1
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\fnts~1
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\asembl~1
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\crosof~1.net
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\7_exception.nls
C:\WINDOWS\system32\beypkejw.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\bveivjpb.exe
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\cvgjyxud.exe
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\drivers\asc3550p.sys
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\newmaxxsv234.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\ppvktaqr.exe
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~2
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
  • 0

#4
Essexboy
Posted 10 November 2007 - 07:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi phikapp I am missing most of the combofix log log could you either repost or re-run combofix please
  • 0

#5
phikapp
Posted 10 November 2007 - 08:13 PM

phikapp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here you go. Thanks again



ComboFix 07-11-08.1 - Administrator 2007-11-09 15:59:07.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.821 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\CROSOF~1
C:\Documents and Settings\Administrator\Application Data\CROSOF~1.NET
C:\Documents and Settings\Administrator\Application Data\ICROSO~1.NET
C:\Documents and Settings\Administrator\Application Data\install.dat
C:\Documents and Settings\Administrator\Application Data\STEM32~1
C:\Documents and Settings\Administrator\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Administrator\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\Administrator\Application Data\YSTEM~1
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\fnts~1
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\asembl~1
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\crosof~1.net
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\7_exception.nls
C:\WINDOWS\system32\beypkejw.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\bveivjpb.exe
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\cvgjyxud.exe
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\drivers\asc3550p.sys
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\newmaxxsv234.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\ppvktaqr.exe
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~2
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\vedxg3am1et3.exe
C:\WINDOWS\system32\vMW10a
C:\WINDOWS\system32\vMW10a\vMW10a1099.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wjekpyeb.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wtsnedus.exe
C:\WINDOWS\system32\Y1
C:\WINDOWS\system32\ykwqvmwy.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\ystem~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_APIMON
-------\LEGACY_ASC3550P
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_DRIVER
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\asc3550p
-------\Driver
-------\runtime


((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.

2007-11-09 18:56 32,256 --a------ C:\WINDOWS\system32\uukjedxv.dll
2007-11-09 15:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-09 12:38 32,256 --a------ C:\WINDOWS\system32\sanykwyj.dll
2007-11-08 15:20 32,256 --a------ C:\WINDOWS\system32\frtahwye.dll
2007-11-08 15:14 32,256 --a------ C:\WINDOWS\system32\dinnrsxa.dll
2007-11-08 09:02 32,256 --a------ C:\WINDOWS\system32\kikmjklr.dll
2007-11-08 09:02 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2007-11-08 09:02 29,056 --a--c--- C:\WINDOWS\system32\dllcache\ip6fw.sys
2007-11-08 08:30 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-08 08:30 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-08 08:30 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-08 08:29 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-08 08:29 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-08 08:29 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-08 08:29 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-08 08:29 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-08 07:40 32,256 --a------ C:\WINDOWS\system32\ebiewsvq.dll
2007-11-06 23:27 32,256 --a------ C:\WINDOWS\system32\cpaqgkvk.dll
2007-11-06 07:43 32,256 --a------ C:\WINDOWS\system32\tweiubel.dll
2007-11-05 23:56 32,256 --a------ C:\WINDOWS\system32\pszouwcr.dll
2007-11-05 23:50 32,256 --a------ C:\WINDOWS\system32\ewrygksz.dll
2007-11-05 23:40 32,256 --a------ C:\WINDOWS\system32\qzoequjy.dll
2007-11-05 23:40 32,256 --a------ C:\WINDOWS\system32\lgcymdyt.dll
2007-11-05 23:35 32,256 --a------ C:\WINDOWS\system32\yukfedtn.dll
2007-11-05 23:35 32,256 --a------ C:\WINDOWS\system32\uknwcmgp.dll
2007-11-05 23:35 32,256 --a------ C:\WINDOWS\system32\bktucgor.dll
2007-11-05 23:25 85,568 --a------ C:\WINDOWS\system32\exmayxld.dll
2007-11-04 00:51 32,256 --a------ C:\WINDOWS\system32\xjaroaqg.dll
2007-11-04 00:51 32,256 --a------ C:\WINDOWS\system32\waeknqtd.dll
2007-11-02 23:32 123,911 --a------ C:\WINDOWS\system32\vvgeowbv.exe
2007-11-02 23:32 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-02 23:19 32,256 --a------ C:\WINDOWS\system32\ounwcmgp.dll
2007-11-02 23:19 32,256 --a------ C:\WINDOWS\system32\eywwtmjn.dll
2007-10-30 12:43 32,256 --a------ C:\WINDOWS\system32\yjublvgn.dll
2007-10-30 12:43 32,256 --a------ C:\WINDOWS\system32\nsttxcdg.dll
2007-10-26 01:57 32,256 --a------ C:\WINDOWS\system32\uxelxzgn.dll
2007-10-26 01:57 32,256 --a------ C:\WINDOWS\system32\mugtiuko.dll
2007-10-24 15:52 32,256 --a------ C:\WINDOWS\system32\sqstqrxt.dll
2007-10-24 15:36 32,256 --a------ C:\WINDOWS\system32\lkkksrqp.dll
2007-10-24 15:36 32,256 --a------ C:\WINDOWS\system32\gryjtdkv.dll
2007-10-18 11:24 32,256 --a------ C:\WINDOWS\system32\yitguiwj.dll
2007-10-18 11:24 32,256 --a------ C:\WINDOWS\system32\kjywuspq.dll
2007-10-17 00:00 32,256 --a------ C:\WINDOWS\system32\yepwhrbi.dll
2007-10-17 00:00 32,256 --a------ C:\WINDOWS\system32\ipszlrub.dll
2007-10-15 22:24 32,256 --a------ C:\WINDOWS\system32\uhypjvmd.dll
2007-10-15 22:24 32,256 --a------ C:\WINDOWS\system32\ckofqykq.dll
2007-10-15 22:21 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-15 22:16 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-15 22:16 10,240 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-15 22:15 32,256 --a------ C:\WINDOWS\system32\smkkhaxb.dll
2007-10-15 22:15 32,256 --a------ C:\WINDOWS\system32\kwiqdsiu.dll
2007-10-14 23:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-14 23:21 32,256 --a------ C:\WINDOWS\system32\uoigzsln.dll
2007-10-14 23:21 32,256 --a------ C:\WINDOWS\system32\awkbwrjz.dll
2007-10-13 21:35 32,256 --a------ C:\WINDOWS\system32\wkufwkcs.dll
2007-10-13 21:35 32,256 --a------ C:\WINDOWS\system32\cpylhtcp.dll
2007-10-13 19:58 32,256 --a------ C:\WINDOWS\system32\tsngecax.dll
2007-10-13 19:58 32,256 --a------ C:\WINDOWS\system32\sbgpnvej.dll
2007-10-13 10:45 32,256 --a------ C:\WINDOWS\system32\talvfmxk.dll
2007-10-13 10:45 32,256 --a------ C:\WINDOWS\system32\ocxojbvm.dll
2007-10-11 11:07 32,256 --a------ C:\WINDOWS\system32\vafiimqv.dll
2007-10-11 11:07 32,256 --a------ C:\WINDOWS\system32\neroeugp.dll
2007-10-10 11:27 32,256 --a------ C:\WINDOWS\system32\scfihvxa.dll
2007-10-10 11:27 32,256 --a------ C:\WINDOWS\system32\khkgcyxw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 15:12 --------- d-----w C:\Program Files\World of Warcraft
2007-11-08 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-27 17:36 --------- d-----w C:\Program Files\iPod
2007-09-27 17:06 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-27 16:31 --------- d-----w C:\Program Files\QuickTime
2007-09-27 16:31 --------- d-----w C:\Program Files\iTunes
2007-09-27 16:07 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-27 16:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Adssite Advanced Toolbar
2007-09-21 16:16 --------- d-----w C:\Program Files\Apple Software Update
2007-09-18 17:52 --------- d-----w C:\Program Files\Citrus Alarm Clock
2007-09-13 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2006-07-27 05:16 0 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb41.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 19:43]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-08-11 19:43]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-27 10:31]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli zgnuagmx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Beqr]
C:\PROGRA~1\COMMON~1\PPPATC~1\SANREG~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
"C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hadud]
C:\WINDOWS\System32\llsccn.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmou]
C:\PROGRA~1\COMMON~1\mmou\mmoum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smna]
"C:\PROGRA~1\COMMON~1\ICROSO~1\wuauboot.exe" -vt mt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xload]
"C:\WINDOWS\xload.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"VSS"=3 (0x3)
"VETMSGNT"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"lanmanserver"=2 (0x2)
"iPod Service"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"CryptSvc"=2 (0x2)
"ClipSrv"=3 (0x3)
"CAISafe"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Alerter"=3 (0x3)
"vsmon"=3 (0x3)
"IDriverT"=3 (0x3)
"dmadmin"=3 (0x3)


*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 22:30:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 18:56:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-09 18:58:16 - machine was rebooted
.
--- E O F ---
  • 0

#6
Essexboy
Posted 11 November 2007 - 07:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm still lots to do as you are badly infected. But, we are getting there :) This is a long fix so I would recommend copying to a text file for reference


FIRST TO KILL THE FILES

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\uukjedxv.dll
    C:\WINDOWS\system32\sanykwyj.dll
    C:\WINDOWS\system32\frtahwye.dll
    C:\WINDOWS\system32\dinnrsxa.dll
    C:\WINDOWS\system32\kikmjklr.dll
    C:\WINDOWS\system32\ebiewsvq.dll
    C:\WINDOWS\system32\cpaqgkvk.dll
    C:\WINDOWS\system32\tweiubel.dll
    C:\WINDOWS\system32\pszouwcr.dll
    C:\WINDOWS\system32\ewrygksz.dll
    C:\WINDOWS\system32\qzoequjy.dll
    C:\WINDOWS\system32\lgcymdyt.dll
    C:\WINDOWS\system32\yukfedtn.dll
    C:\WINDOWS\system32\uknwcmgp.dll
    C:\WINDOWS\system32\bktucgor.dll
    C:\WINDOWS\system32\exmayxld.dll
    C:\WINDOWS\system32\xjaroaqg.dll
    C:\WINDOWS\system32\waeknqtd.dll
    C:\WINDOWS\system32\vvgeowbv.exe
    C:\WINDOWS\system32\dpqaqlqx.bin
    C:\WINDOWS\system32\ounwcmgp.dll
    C:\WINDOWS\system32\eywwtmjn.dll
    C:\WINDOWS\system32\yjublvgn.dll
    C:\WINDOWS\system32\nsttxcdg.dll
    C:\WINDOWS\system32\uxelxzgn.dll
    C:\WINDOWS\system32\mugtiuko.dll
    C:\WINDOWS\system32\sqstqrxt.dll
    C:\WINDOWS\system32\lkkksrqp.dll
    C:\WINDOWS\system32\gryjtdkv.dll
    C:\WINDOWS\system32\yitguiwj.dll
    C:\WINDOWS\system32\kjywuspq.dll
    C:\WINDOWS\system32\yepwhrbi.dll
    C:\WINDOWS\system32\ipszlrub.dll
    C:\WINDOWS\system32\uhypjvmd.dll
    C:\WINDOWS\system32\ckofqykq.dll
    C:\WINDOWS\system32\stfv.bin
    C:\WINDOWS\system32\acespy
    C:\WINDOWS\system32\ace16win.dll
    C:\WINDOWS\system32\smkkhaxb.dll
    C:\WINDOWS\system32\kwiqdsiu.dll
    C:\WINDOWS\system32\uoigzsln.dll
    C:\WINDOWS\system32\awkbwrjz.dll
    C:\WINDOWS\system32\wkufwkcs.dll
    C:\WINDOWS\system32\cpylhtcp.dll
    C:\WINDOWS\system32\tsngecax.dll
    C:\WINDOWS\system32\sbgpnvej.dll
    C:\WINDOWS\system32\talvfmxk.dll
    C:\WINDOWS\system32\ocxojbvm.dll
    C:\WINDOWS\system32\vafiimqv.dll
    C:\WINDOWS\system32\neroeugp.dll
    C:\WINDOWS\system32\scfihvxa.dll
    C:\WINDOWS\system32\khkgcyxw.dll
    C:\Documents and Settings\Administrator\Application Data\Adssite Advanced Toolbar
    C:\Documents and Settings\Administrator\Application Data\internaldb41.dat
    C:\\WINDOWS\\system32\\vvgeowbv.exe
    C:\WINDOWS\System32\llsccn.exe
    C:\PROGRA~1\COMMON~1\mmou
    C:\PROGRA~1\COMMON~1\ICROSO~1
    C:\WINDOWS\xload.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

NEXT TO REPAIR THE REGISTRY

Download and run ERUNT http://majorgeeks.co...3a2853ad7ecc6a3

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe"

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Beqr]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hadud]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmou]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smna]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xload]


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

NOW TO CLEAR THE ORPHAN REGISTRY ENTRIES

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply

AND FINALLY TO FIND THE HIDDEN FILES

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Logs required this time are : OTMoveit, Superantispyware and Winpfind :)
  • 0

#7
phikapp
Posted 13 November 2007 - 05:58 PM

phikapp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here you go.


DllUnregisterServer procedure not found in C:\WINDOWS\system32\uukjedxv.dll
C:\WINDOWS\system32\uukjedxv.dll NOT unregistered.
C:\WINDOWS\system32\uukjedxv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sanykwyj.dll
C:\WINDOWS\system32\sanykwyj.dll NOT unregistered.
C:\WINDOWS\system32\sanykwyj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\frtahwye.dll
C:\WINDOWS\system32\frtahwye.dll NOT unregistered.
C:\WINDOWS\system32\frtahwye.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dinnrsxa.dll
C:\WINDOWS\system32\dinnrsxa.dll NOT unregistered.
C:\WINDOWS\system32\dinnrsxa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kikmjklr.dll
C:\WINDOWS\system32\kikmjklr.dll NOT unregistered.
C:\WINDOWS\system32\kikmjklr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ebiewsvq.dll
C:\WINDOWS\system32\ebiewsvq.dll NOT unregistered.
C:\WINDOWS\system32\ebiewsvq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cpaqgkvk.dll
C:\WINDOWS\system32\cpaqgkvk.dll NOT unregistered.
C:\WINDOWS\system32\cpaqgkvk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tweiubel.dll
C:\WINDOWS\system32\tweiubel.dll NOT unregistered.
C:\WINDOWS\system32\tweiubel.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pszouwcr.dll
C:\WINDOWS\system32\pszouwcr.dll NOT unregistered.
C:\WINDOWS\system32\pszouwcr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ewrygksz.dll
C:\WINDOWS\system32\ewrygksz.dll NOT unregistered.
C:\WINDOWS\system32\ewrygksz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qzoequjy.dll
C:\WINDOWS\system32\qzoequjy.dll NOT unregistered.
C:\WINDOWS\system32\qzoequjy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lgcymdyt.dll
C:\WINDOWS\system32\lgcymdyt.dll NOT unregistered.
C:\WINDOWS\system32\lgcymdyt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yukfedtn.dll
C:\WINDOWS\system32\yukfedtn.dll NOT unregistered.
C:\WINDOWS\system32\yukfedtn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uknwcmgp.dll
C:\WINDOWS\system32\uknwcmgp.dll NOT unregistered.
C:\WINDOWS\system32\uknwcmgp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bktucgor.dll
C:\WINDOWS\system32\bktucgor.dll NOT unregistered.
C:\WINDOWS\system32\bktucgor.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\exmayxld.dll
C:\WINDOWS\system32\exmayxld.dll NOT unregistered.
C:\WINDOWS\system32\exmayxld.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xjaroaqg.dll
C:\WINDOWS\system32\xjaroaqg.dll NOT unregistered.
C:\WINDOWS\system32\xjaroaqg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\waeknqtd.dll
C:\WINDOWS\system32\waeknqtd.dll NOT unregistered.
C:\WINDOWS\system32\waeknqtd.dll moved successfully.
C:\WINDOWS\system32\vvgeowbv.exe moved successfully.
C:\WINDOWS\system32\dpqaqlqx.bin moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ounwcmgp.dll
C:\WINDOWS\system32\ounwcmgp.dll NOT unregistered.
C:\WINDOWS\system32\ounwcmgp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\eywwtmjn.dll
C:\WINDOWS\system32\eywwtmjn.dll NOT unregistered.
C:\WINDOWS\system32\eywwtmjn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yjublvgn.dll
C:\WINDOWS\system32\yjublvgn.dll NOT unregistered.
C:\WINDOWS\system32\yjublvgn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nsttxcdg.dll
C:\WINDOWS\system32\nsttxcdg.dll NOT unregistered.
C:\WINDOWS\system32\nsttxcdg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uxelxzgn.dll
C:\WINDOWS\system32\uxelxzgn.dll NOT unregistered.
C:\WINDOWS\system32\uxelxzgn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mugtiuko.dll
C:\WINDOWS\system32\mugtiuko.dll NOT unregistered.
C:\WINDOWS\system32\mugtiuko.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sqstqrxt.dll
C:\WINDOWS\system32\sqstqrxt.dll NOT unregistered.
C:\WINDOWS\system32\sqstqrxt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lkkksrqp.dll
C:\WINDOWS\system32\lkkksrqp.dll NOT unregistered.
C:\WINDOWS\system32\lkkksrqp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gryjtdkv.dll
C:\WINDOWS\system32\gryjtdkv.dll NOT unregistered.
C:\WINDOWS\system32\gryjtdkv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yitguiwj.dll
C:\WINDOWS\system32\yitguiwj.dll NOT unregistered.
C:\WINDOWS\system32\yitguiwj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kjywuspq.dll
C:\WINDOWS\system32\kjywuspq.dll NOT unregistered.
C:\WINDOWS\system32\kjywuspq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yepwhrbi.dll
C:\WINDOWS\system32\yepwhrbi.dll NOT unregistered.
C:\WINDOWS\system32\yepwhrbi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ipszlrub.dll
C:\WINDOWS\system32\ipszlrub.dll NOT unregistered.
C:\WINDOWS\system32\ipszlrub.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uhypjvmd.dll
C:\WINDOWS\system32\uhypjvmd.dll NOT unregistered.
C:\WINDOWS\system32\uhypjvmd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ckofqykq.dll
C:\WINDOWS\system32\ckofqykq.dll NOT unregistered.
C:\WINDOWS\system32\ckofqykq.dll moved successfully.
C:\WINDOWS\system32\stfv.bin moved successfully.
C:\WINDOWS\system32\acespy moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\ace16win.dll NOT unregistered.
C:\WINDOWS\system32\ace16win.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\smkkhaxb.dll
C:\WINDOWS\system32\smkkhaxb.dll NOT unregistered.
C:\WINDOWS\system32\smkkhaxb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kwiqdsiu.dll
C:\WINDOWS\system32\kwiqdsiu.dll NOT unregistered.
C:\WINDOWS\system32\kwiqdsiu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uoigzsln.dll
C:\WINDOWS\system32\uoigzsln.dll NOT unregistered.
C:\WINDOWS\system32\uoigzsln.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\awkbwrjz.dll
C:\WINDOWS\system32\awkbwrjz.dll NOT unregistered.
C:\WINDOWS\system32\awkbwrjz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wkufwkcs.dll
C:\WINDOWS\system32\wkufwkcs.dll NOT unregistered.
C:\WINDOWS\system32\wkufwkcs.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cpylhtcp.dll
C:\WINDOWS\system32\cpylhtcp.dll NOT unregistered.
C:\WINDOWS\system32\cpylhtcp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tsngecax.dll
C:\WINDOWS\system32\tsngecax.dll NOT unregistered.
C:\WINDOWS\system32\tsngecax.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sbgpnvej.dll
C:\WINDOWS\system32\sbgpnvej.dll NOT unregistered.
C:\WINDOWS\system32\sbgpnvej.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\talvfmxk.dll
C:\WINDOWS\system32\talvfmxk.dll NOT unregistered.
C:\WINDOWS\system32\talvfmxk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ocxojbvm.dll
C:\WINDOWS\system32\ocxojbvm.dll NOT unregistered.
C:\WINDOWS\system32\ocxojbvm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vafiimqv.dll
C:\WINDOWS\system32\vafiimqv.dll NOT unregistered.
C:\WINDOWS\system32\vafiimqv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\neroeugp.dll
C:\WINDOWS\system32\neroeugp.dll NOT unregistered.
C:\WINDOWS\system32\neroeugp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\scfihvxa.dll
C:\WINDOWS\system32\scfihvxa.dll NOT unregistered.
C:\WINDOWS\system32\scfihvxa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\khkgcyxw.dll
C:\WINDOWS\system32\khkgcyxw.dll NOT unregistered.
C:\WINDOWS\system32\khkgcyxw.dll moved successfully.
C:\Documents and Settings\Administrator\Application Data\Adssite Advanced Toolbar moved successfully.
C:\Documents and Settings\Administrator\Application Data\internaldb41.dat moved successfully.
File/Folder C:\\WINDOWS\\system32\\vvgeowbv.exe not found.
File/Folder C:\WINDOWS\System32\llsccn.exe not found.
File/Folder C:\PROGRA~1\COMMON~1\mmou not found.
File/Folder C:\PROGRA~1\COMMON~1\ICROSO~1 not found.
File/Folder C:\WINDOWS\xload.exe not found.

Created on 11/13/2007 11:24:21


SUPERAntiSpyware


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/13/2007 at 03:04 PM

Application Version : 3.9.1008

Core Rules Database Version : 3343
Trace Rules Database Version: 1344

Scan type : Complete Scan
Total Scan Time : 00:33:06

Memory items scanned : 374
Memory threats detected : 0
Registry items scanned : 5518
Registry threats detected : 0
File items scanned : 28008
File threats detected : 6

Trojan.Downloader-FakeRX
C:\SYSTEM VOLUME INFORMATION\_RESTORE{799F3823-C297-4530-A9C5-8991F6C828B5}\RP5\A0000387.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{799F3823-C297-4530-A9C5-8991F6C828B5}\RP5\A0000388.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{799F3823-C297-4530-A9C5-8991F6C828B5}\RP5\A0000389.DLL

Trojan.Downloader-Gen/Burre
C:\SYSTEM VOLUME INFORMATION\_RESTORE{799F3823-C297-4530-A9C5-8991F6C828B5}\RP5\A0000390.DLL

Trojan.TaskDir
C:\SYSTEM VOLUME INFORMATION\_RESTORE{799F3823-C297-4530-A9C5-8991F6C828B5}\RP5\A0000391.DLL

Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{799F3823-C297-4530-A9C5-8991F6C828B5}\RP5\A0000392.EXE



WinPFind log



WinPFind3 logfile created on: 11/13/2007 5:16:11 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1022.99 Mb Total Physical Memory | 610.55 Mb Available Physical Memory | 59.68% Memory free
1.66 Gb Paging File | 1.43 Gb Available in Paging File | 86.42% Paging File free
Paging file location(s): C:\pagefile.sys 768 1553;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 12.72 Gb Free Space | 34.14% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: WEAR
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 5:06:10 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 5:06:04 AM | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 4:54:58 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/2/2007 6:36:32 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/2/2007 6:36:42 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 7:42:50 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]
wmp54gv4.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe -> Linksys [Ver = 1.0.1.8 | Size = 5238272 bytes | Modified Date = 11/16/2005 4:49:44 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 4:54:58 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %System32%\ati2evxx.exe -> [Ver = | Size = 303104 bytes | Modified Date = 9/6/2003 8:37:00 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 5:06:04 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 5:05:42 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 5:04:44 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | Disabled | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/2/2007 6:36:32 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 7:42:50 PM | Attr = ]
(WMP54Gv4SVC) WMP54Gv4SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ATIModeChange -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 9/4/2001 3:24:00 PM | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 5:06:10 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/2/2007 6:36:42 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 7:43:02 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 86016 bytes | Modified Date = 8/11/2006 7:43:04 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 10/19/2007 8:16:26 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
%UserStartup%\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 10/20/2005 12:04:08 PM | Attr = ]
< ICQ Agent [HKCU] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ ->
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\vvgeowbv.exe -> %System32%\vvgeowbv.exe -> File not found
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> www.google.com ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 2:43:40 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
{EC5DC32E-CE23-9402-3955-16C8DE90949A} -> ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{07383DDD-CCCF-482A-99B7-A4AEC796F2B7} -> (Linksys Wireless-G PCI Adapter) ->
{3F570B30-6703-45BF-9935-2B609ED9EB1F} -> (Intel® PRO/1000 MT Network Connection) ->
{DA18C2FA-A7C8-4842-AC19-2004DB311B27} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{7B19E477-0FF8-11d4-9914-005004D3B3DB} -> JavaPlugin.Object - CodeBase = http://java.sun.com/...122_011-win.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/...122_011-win.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 11/9/2007 3:57:50 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 11/9/2007 3:58:51 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 11/13/2007 11:24:10 AM | Attr = ]
absolute key logger.lnk -> %SystemRoot%\absolute key logger.lnk -> [Ver = | Size = 25344 bytes | Created Date = 10/15/2007 10:16:45 PM | Attr = ]
aconti.ini -> %SystemRoot%\aconti.ini -> [Ver = | Size = 18688 bytes | Created Date = 11/9/2007 12:40:43 PM | Attr = ]
aconti.sdb -> %SystemRoot%\aconti.sdb -> [Ver = | Size = 8192 bytes | Created Date = 11/9/2007 12:40:43 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 11/9/2007 3:57:58 PM | Attr = ]
default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1679 bytes | Created Date = 10/15/2007 10:16:42 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 11/9/2007 4:02:56 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 11/9/2007 3:57:58 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 10/30/2007 12:48:18 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 10/30/2007 12:48:18 PM | Attr = H ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 11/8/2007 8:29:52 AM | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Created Date = 11/8/2007 8:29:52 AM | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Created Date = 11/8/2007 8:29:59 AM | Attr = ]
bflqwlsw.ini -> %System32%\bflqwlsw.ini -> [Ver = | Size = 1280502 bytes | Created Date = 11/2/2007 11:34:50 PM | Attr = HS]
dlxyamxe.ini -> %System32%\dlxyamxe.ini -> [Ver = | Size = 1201486 bytes | Created Date = 11/5/2007 11:25:56 PM | Attr = HS]
jpewocmz.ini -> %System32%\jpewocmz.ini -> [Ver = | Size = 4 bytes | Created Date = 11/2/2007 11:32:34 PM | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.3 | Size = 49152 bytes | Created Date = 10/19/2007 8:16:46 PM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.3 | Size = 65536 bytes | Created Date = 10/19/2007 8:16:46 PM | Attr = ]
shgwndxg.ini -> %System32%\shgwndxg.ini -> [Ver = | Size = 1273287 bytes | Created Date = 10/24/2007 3:46:19 PM | Attr = HS]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 11/9/2007 3:57:58 PM | Attr = ]
sznf.ascii -> %System32%\sznf.ascii -> [Ver = | Size = 92 bytes | Created Date = 11/9/2007 12:37:58 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 11/9/2007 3:57:58 PM | Attr = ]
wwdqqcru.ini -> %System32%\wwdqqcru.ini -> [Ver = | Size = 1242406 bytes | Created Date = 11/3/2007 12:19:48 AM | Attr = HS]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Created Date = 11/8/2007 8:30:01 AM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Created Date = 11/8/2007 8:29:57 AM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Created Date = 11/8/2007 8:29:57 AM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Created Date = 11/8/2007 8:30:03 AM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Created Date = 11/8/2007 8:30:02 AM | Attr = ]

[Files/Folders - Modified Within 90 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 11/9/2007 6:58:38 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 11/13/2007 12:47:04 PM | Attr = HS]
dvdcopy -> %SystemDrive%\dvdcopy -> [Folder | Modified Date = 9/13/2007 1:33:56 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/13/2007 11:31:34 AM | Attr = R ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 11/9/2007 6:58:18 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 11/9/2007 4:04:04 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 11/9/2007 4:01:32 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 11/13/2007 12:48:42 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 11/13/2007 11:24:12 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 10/10/2007 11:30:36 AM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 8/29/2007 2:00:22 AM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/10/2007 11:30:38 AM | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Modified Date = 10/10/2007 11:30:22 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/10/2007 11:29:10 AM | Attr = H ]
absolute key logger.lnk -> %SystemRoot%\absolute key logger.lnk -> [Ver = | Size = 25344 bytes | Modified Date = 10/15/2007 10:16:46 PM | Attr = ]
aconti.ini -> %SystemRoot%\aconti.ini -> [Ver = | Size = 18688 bytes | Modified Date = 11/9/2007 12:40:44 PM | Attr = ]
aconti.sdb -> %SystemRoot%\aconti.sdb -> [Ver = | Size = 8192 bytes | Modified Date = 11/9/2007 12:40:44 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/13/2007 12:47:06 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 10/29/2007 6:56:20 PM | Attr = ]
default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1679 bytes | Modified Date = 11/9/2007 12:39:36 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 11/13/2007 12:47:02 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 11/13/2007 12:49:04 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/24/2007 5:10:08 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/10/2007 11:30:32 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 11/13/2007 10:41:06 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/13/2007 11:31:38 AM | Attr = HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 805306368 bytes | Modified Date = 11/8/2007 3:13:30 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 3866 bytes | Modified Date = 9/15/2007 9:01:14 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 9/25/2007 3:25:52 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/13/2007 5:14:12 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 10/30/2007 12:48:20 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 11/13/2007 12:49:16 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 9/27/2007 10:19:54 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 11/8/2007 3:54:48 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 11/13/2007 12:44:34 PM | Attr = HS]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 11/8/2007 8:28:18 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 11/13/2007 4:51:58 PM | Attr = ]
UHJlZmVycmVkIEN1c3RvbWVy -> %SystemRoot%\UHJlZmVycmVkIEN1c3RvbWVy -> [Folder | Modified Date = 11/8/2007 8:26:30 AM | Attr = HS]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 9/21/2007 10:20:26 AM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 11/12/2007 4:30:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/13/2007 12:47:10 PM | Attr = H ]
aaamhgfv.dll -> %System32%\aaamhgfv.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 11:07:12 AM | Attr = ]
ajcsmohw.dll -> %System32%\ajcsmohw.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/6/2007 12:10:54 PM | Attr = ]
ajysmodw.dll -> %System32%\ajysmodw.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/28/2007 1:37:48 AM | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 9/6/2007 5:09:50 AM | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Modified Date = 9/6/2007 5:00:08 AM | Attr = ]
beeisvux.dll -> %System32%\beeisvux.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/3/2007 10:45:52 AM | Attr = ]
bflqwlsw.ini -> %System32%\bflqwlsw.ini -> [Ver = | Size = 1280502 bytes | Modified Date = 11/2/2007 11:35:06 PM | Attr = HS]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/13/2007 12:47:20 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 11/9/2007 4:03:04 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 11/8/2007 8:30:02 AM | Attr = ]
cphtgtoa.dll -> %System32%\cphtgtoa.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/9/2007 11:41:34 AM | Attr = ]
din.ip -> %System32%\din.ip -> [Ver = | Size = 12 bytes | Modified Date = 11/2/2007 11:32:36 PM | Attr = ]
dirpxclm.dll -> %System32%\dirpxclm.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 11:07:12 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 11/8/2007 9:02:20 AM | Attr = RHS]
dlxyamxe.ini -> %System32%\dlxyamxe.ini -> [Ver = | Size = 1201486 bytes | Modified Date = 11/5/2007 11:41:12 PM | Attr = HS]
driv2 -> %System32%\driv2 -> [Folder | Modified Date = 11/13/2007 12:47:02 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/9/2007 6:55:46 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 11/13/2007 10:41:24 AM | Attr = ]
ebyvzrol.dll -> %System32%\ebyvzrol.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/4/2007 11:02:56 PM | Attr = ]
ehggconm.dll -> %System32%\ehggconm.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/3/2007 10:45:52 AM | Attr = ]
eimvckoa.dll -> %System32%\eimvckoa.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 10:56:48 AM | Attr = ]
emzoequj.dll -> %System32%\emzoequj.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/9/2007 11:11:36 AM | Attr = ]
euyqwroc.ini -> %System32%\euyqwroc.ini -> [Ver = | Size = 694081 bytes | Modified Date = 10/9/2007 11:11:48 AM | Attr = HS]
gdkgcuxw.dll -> %System32%\gdkgcuxw.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/1/2007 3:49:58 PM | Attr = ]
GroupPolicy -> %System32%\GroupPolicy -> [Folder | Modified Date = 10/14/2007 11:25:38 PM | Attr = H ]
hjbunskc.dll -> %System32%\hjbunskc.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/3/2007 10:42:18 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 163840 bytes | Modified Date = 9/27/2007 10:31:50 AM | Attr = ]
hlzodkym.dll -> %System32%\hlzodkym.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/4/2007 11:54:06 PM | Attr = ]
iblv.dll -> %System32%\iblv.dll -> [Ver = | Size = 69632 bytes | Modified Date = 11/5/2007 11:35:32 PM | Attr = ]
icwyngzf.dll -> %System32%\icwyngzf.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/2/2007 4:00:26 PM | Attr = ]
jhgfusqo.dll -> %System32%\jhgfusqo.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 10:31:48 AM | Attr = ]
jkmoijkl.dll -> %System32%\jkmoijkl.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 11:07:12 AM | Attr = ]
jllmjooo.dll -> %System32%\jllmjooo.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/1/2007 3:49:58 PM | Attr = ]
jpewocmz.ini -> %System32%\jpewocmz.ini -> [Ver = | Size = 4 bytes | Modified Date = 11/2/2007 11:32:36 PM | Attr = ]
keys.res -> %System32%\keys.res -> [Ver = | Size = 2354 bytes | Modified Date = 10/14/2007 11:24:54 PM | Attr = ]
kgcmhyth.dll -> %System32%\kgcmhyth.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/4/2007 9:32:34 PM | Attr = ]
kuxaznps.dll -> %System32%\kuxaznps.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/4/2007 1:01:42 AM | Attr = ]
kzhrgvgq.dll -> %System32%\kzhrgvgq.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/3/2007 10:45:52 AM | Attr = ]
lfnwfcks.dll -> %System32%\lfnwfcks.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/4/2007 9:32:32 PM | Attr = ]
mudjosmn.ini -> %System32%\mudjosmn.ini -> [Ver = | Size = 693841 bytes | Modified Date = 10/4/2007 9:34:02 PM | Attr = HS]
mwgmbocm.dll -> %System32%\mwgmbocm.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 11:07:12 AM | Attr = ]
mzmzrdqd.dll -> %System32%\mzmzrdqd.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/28/2007 1:37:48 AM | Attr = ]
navwanvd.ini -> %System32%\navwanvd.ini -> [Ver = | Size = 4 bytes | Modified Date = 10/14/2007 11:25:04 PM | Attr = ]
nosaizgs.dll -> %System32%\nosaizgs.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 11:07:12 AM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 81191 bytes | Modified Date = 11/13/2007 12:49:00 PM | Attr = ]
oeqlkosc.dll -> %System32%\oeqlkosc.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/9/2007 11:41:32 AM | Attr = ]
ogyobsjd.dll -> %System32%\ogyobsjd.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/4/2007 1:01:42 AM | Attr = ]
oowvutfd.dll -> %System32%\oowvutfd.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/4/2007 9:32:34 PM | Attr = ]
oqwcraku.dll -> %System32%\oqwcraku.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/6/2007 12:10:56 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 58596 bytes | Modified Date = 11/5/2007 11:42:48 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 392296 bytes | Modified Date = 11/5/2007 11:42:48 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 458340 bytes | Modified Date = 11/5/2007 11:42:48 PM | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.3 | Size = 49152 bytes | Modified Date = 10/19/2007 8:16:46 PM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.3 | Size = 65536 bytes | Modified Date = 10/19/2007 8:16:46 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 11/9/2007 4:04:04 PM | Attr = ]
rgtmmdns.ini -> %System32%\rgtmmdns.ini -> [Ver = | Size = 693721 bytes | Modified Date = 10/24/2007 3:43:46 PM | Attr = HS]
rpojcays.dll -> %System32%\rpojcays.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/9/2007 12:51:42 PM | Attr = ]
sets.res -> %System32%\sets.res -> [Ver = | Size = 399 bytes | Modified Date = 10/9/2007 11:12:16 AM | Attr = ]
sft.res -> %System32%\sft.res -> [Ver = | Size = 1943 bytes | Modified Date = 11/6/2007 7:24:30 AM | Attr = ]
shgwndxg.ini -> %System32%\shgwndxg.ini -> [Ver = | Size = 1273287 bytes | Modified Date = 11/2/2007 11:19:36 PM | Attr = HS]
smrajhpu.dll -> %System32%\smrajhpu.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/2/2007 4:00:24 PM | Attr = ]
sznf.ascii -> %System32%\sznf.ascii -> [Ver = | Size = 92 bytes | Modified Date = 11/9/2007 12:38:00 PM | Attr = ]
ueydmvtb.dll -> %System32%\ueydmvtb.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/3/2007 10:42:18 AM | Attr = ]
uiwgvwya.dll -> %System32%\uiwgvwya.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/4/2007 11:54:02 PM | Attr = ]
utstv.bak1 -> %System32%\utstv.bak1 -> [Ver = | Size = 2133026 bytes | Modified Date = 9/28/2007 10:14:14 PM | Attr = HS]
utstv.bak2 -> %System32%\utstv.bak2 -> [Ver = | Size = 6788 bytes | Modified Date = 9/28/2007 10:14:04 AM | Attr = HS]
utstv.ini -> %System32%\utstv.ini -> [Ver = | Size = 435938 bytes | Modified Date = 11/5/2007 11:37:00 PM | Attr = HS]
vbs9 -> %System32%\vbs9 -> [Folder | Modified Date = 10/13/2007 12:45:36 PM | Attr = ]
vtxgpquc.dll -> %System32%\vtxgpquc.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 11:07:12 AM | Attr = ]
wgyluhdl.dll -> %System32%\wgyluhdl.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 12:30:46 PM | Attr = ]
wmypswag.dll -> %System32%\wmypswag.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/9/2007 11:11:36 AM | Attr = ]
wnarlbsf.dll -> %System32%\wnarlbsf.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 11:37:00 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/13/2007 12:47:08 PM | Attr = ]
wuoolibf.dll -> %System32%\wuoolibf.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/3/2007 10:42:18 AM | Attr = ]
wwdqqcru.ini -> %System32%\wwdqqcru.ini -> [Ver = | Size = 1242406 bytes | Modified Date = 11/5/2007 7:35:16 PM | Attr = HS]
wykuqnmc.ini -> %System32%\wykuqnmc.ini -> [Ver = | Size = 693412 bytes | Modified Date = 9/30/2007 7:15:58 PM | Attr = HS]
ydausspi.dll -> %System32%\ydausspi.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 11:28:26 AM | Attr = ]
zenowair.dll -> %System32%\zenowair.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/28/2007 1:37:48 AM | Attr = ]
zgnuagmx.dll -> %System32%\zgnuagmx.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/27/2007 10:31:48 AM | Attr = ]
zgnuagmx.exe -> %System32%\zgnuagmx.exe -> [Ver = | Size = 3584 bytes | Modified Date = 9/27/2007 10:31:52 AM | Attr = ]
zip1 -> %System32%\zip1 -> [Folder | Modified Date = 9/27/2007 10:26:54 AM | Attr = ]
zncrymao.dll -> %System32%\zncrymao.dll -> [Ver = | Size = 32256 bytes | Modified Date = 10/9/2007 12:51:44 PM | Attr = ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Modified Date = 9/6/2007 5:00:54 AM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Modified Date = 9/6/2007 5:05:26 AM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Modified Date = 9/6/2007 5:05:10 AM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Modified Date = 9/6/2007 5:03:02 AM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Modified Date = 9/6/2007 5:02:20 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 11/9/2007 6:55:50 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 9/27/2007 10:07:42 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (805306368 bytes) ->
UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 9/6/2007 5:09:50 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 6:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Modified Date = 7/18/2006 5:09:26 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ffdshow.ax -> [Ver = 1.0.2.2605 | Size = 889344 bytes | Modified Date = 11/29/2005 2:51:02 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_kernelDeint.dll -> [Ver = | Size = 32256 bytes | Modified Date = 11/29/2005 2:10:46 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_liba52.dll -> [Ver = | Size = 24064 bytes | Modified Date = 11/29/2005 2:09:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_libdts.dll -> [Ver = | Size = 99840 bytes | Modified Date = 11/29/2005 2:09:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_libmad.dll -> [Ver = | Size = 67584 bytes | Modified Date = 11/29/2005 2:09:04 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_realaac.dll -> [Ver = | Size = 79872 bytes | Modified Date = 11/29/2005 2:09:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_samplerate.dll -> [Ver = | Size = 113152 bytes | Modified Date = 11/29/2005 2:09:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_theora.dll -> [Ver = | Size = 77824 bytes | Modified Date = 11/29/2005 2:09:14 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_unrar.dll -> [Ver = | Size = 29184 bytes | Modified Date = 11/29/2005 2:09:24 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_vfw.dll -> [Ver = | Size = 3584 bytes | Modified Date = 11/29/2005 2:17:16 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_wmv9.dll -> [Ver = | Size = 14848 bytes | Modified Date = 11/29/2005 2:09:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_x264.dll -> [Ver = | Size = 140800 bytes | Modified Date = 11/29/2005 2:10:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\iviaudio.ax -> InterVideo Inc. [Ver = 7.0.27.191 | Size = 462848 bytes | Modified Date = 4/17/2006 7:37:08 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Ivinav.ax -> InterVideo Inc. [Ver = 7.0.27.172 | Size = 601600 bytes | Modified Date = 2/14/2006 3:12:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\IVIVIDEO.ax -> InterVideo Inc. [Ver = 7.0.27.191 | Size = 1089536 bytes | Modified Date = 4/17/2006 7:37:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\LameACM.acm -> http://www.mp3dev.org/ [Ver = 0.9.1 | Size = 185344 bytes | Modified Date = 11/29/2005 3:39:24 AM | Attr = ]
UPX! , UPX0 , -> %System32%\libavcodec.dll -> [Ver = | Size = 912896 bytes | Modified Date = 11/29/2005 2:14:42 PM | Attr = ]
UPX! , UPX0 , -> %System32%\libmpeg2_ff.dll -> [Ver = | Size = 40448 bytes | Modified Date = 11/29/2005 2:10:10 PM | Attr = ]
UPX! , UPX0 , -> %System32%\libmplayer.dll -> [Ver = | Size = 114176 bytes | Modified Date = 11/29/2005 2:11:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\MODSource.ax -> [Ver = | Size = 70144 bytes | Modified Date = 12/10/2004 5:53:58 AM | Attr = ]
UPX! , UPX0 , -> %System32%\MP3Source.ax -> [Ver = | Size = 61952 bytes | Modified Date = 12/10/2004 5:51:50 AM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 4:49:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 9:36:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\TomsMoComp_ff.dll -> [Ver = | Size = 38912 bytes | Modified Date = 11/29/2005 2:09:50 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 6:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 6:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 11:41:38 PM | Attr = ]

< End of report >
  • 0

#8
Essexboy
Posted 14 November 2007 - 03:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok a few more to go

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
*UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YN -> C:\WINDOWS\system32\vvgeowbv.exe -> %System32%\vvgeowbv.exe
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
YN -> {EC5DC32E-CE23-9402-3955-16C8DE90949A} ->
[Files/Folders - Created Within 30 days]
NY -> absolute key logger.lnk -> %SystemRoot%\absolute key logger.lnk
NY -> aconti.ini -> %SystemRoot%\aconti.ini
NY -> aconti.sdb -> %SystemRoot%\aconti.sdb
NY -> bflqwlsw.ini -> %System32%\bflqwlsw.ini
NY -> dlxyamxe.ini -> %System32%\dlxyamxe.ini
NY -> jpewocmz.ini -> %System32%\jpewocmz.ini
NY -> shgwndxg.ini -> %System32%\shgwndxg.ini
NY -> sznf.ascii -> %System32%\sznf.ascii
NY -> wwdqqcru.ini -> %System32%\wwdqqcru.ini
[Files/Folders - Modified Within 90 days]
NY -> absolute key logger.lnk -> %SystemRoot%\absolute key logger.lnk
NY -> aconti.ini -> %SystemRoot%\aconti.ini
NY -> aconti.sdb -> %SystemRoot%\aconti.sdb
NY -> UHJlZmVycmVkIEN1c3RvbWVy -> %SystemRoot%\UHJlZmVycmVkIEN1c3RvbWVy
NY -> aaamhgfv.dll -> %System32%\aaamhgfv.dll
NY -> ajcsmohw.dll -> %System32%\ajcsmohw.dll
NY -> ajysmodw.dll -> %System32%\ajysmodw.dll
NY -> beeisvux.dll -> %System32%\beeisvux.dll
NY -> bflqwlsw.ini -> %System32%\bflqwlsw.ini
NY -> cphtgtoa.dll -> %System32%\cphtgtoa.dll
NY -> dirpxclm.dll -> %System32%\dirpxclm.dll
NY -> dlxyamxe.ini -> %System32%\dlxyamxe.ini
NY -> driv2 -> %System32%\driv2
NY -> ebyvzrol.dll -> %System32%\ebyvzrol.dll
NY -> ehggconm.dll -> %System32%\ehggconm.dll
NY -> eimvckoa.dll -> %System32%\eimvckoa.dll
NY -> emzoequj.dll -> %System32%\emzoequj.dll
NY -> euyqwroc.ini -> %System32%\euyqwroc.ini
NY -> gdkgcuxw.dll -> %System32%\gdkgcuxw.dll
NY -> hjbunskc.dll -> %System32%\hjbunskc.dll
NY -> hlzodkym.dll -> %System32%\hlzodkym.dll
NY -> iblv.dll -> %System32%\iblv.dll
NY -> icwyngzf.dll -> %System32%\icwyngzf.dll
NY -> jhgfusqo.dll -> %System32%\jhgfusqo.dll
NY -> jkmoijkl.dll -> %System32%\jkmoijkl.dll
NY -> jllmjooo.dll -> %System32%\jllmjooo.dll
NY -> jpewocmz.ini -> %System32%\jpewocmz.ini
NY -> keys.res -> %System32%\keys.res
NY -> kgcmhyth.dll -> %System32%\kgcmhyth.dll
NY -> kuxaznps.dll -> %System32%\kuxaznps.dll
NY -> kzhrgvgq.dll -> %System32%\kzhrgvgq.dll
NY -> lfnwfcks.dll -> %System32%\lfnwfcks.dll
NY -> mudjosmn.ini -> %System32%\mudjosmn.ini
NY -> mwgmbocm.dll -> %System32%\mwgmbocm.dll
NY -> mzmzrdqd.dll -> %System32%\mzmzrdqd.dll
NY -> navwanvd.ini -> %System32%\navwanvd.ini
NY -> nosaizgs.dll -> %System32%\nosaizgs.dll
NY -> oeqlkosc.dll -> %System32%\oeqlkosc.dll
NY -> ogyobsjd.dll -> %System32%\ogyobsjd.dll
NY -> oowvutfd.dll -> %System32%\oowvutfd.dll
NY -> oqwcraku.dll -> %System32%\oqwcraku.dll
NY -> rgtmmdns.ini -> %System32%\rgtmmdns.ini
NY -> rpojcays.dll -> %System32%\rpojcays.dll
NY -> sets.res -> %System32%\sets.res
NY -> sft.res -> %System32%\sft.res
NY -> shgwndxg.ini -> %System32%\shgwndxg.ini
NY -> smrajhpu.dll -> %System32%\smrajhpu.dll
NY -> sznf.ascii -> %System32%\sznf.ascii
NY -> ueydmvtb.dll -> %System32%\ueydmvtb.dll
NY -> uiwgvwya.dll -> %System32%\uiwgvwya.dll
NY -> utstv.bak1 -> %System32%\utstv.bak1
NY -> utstv.bak2 -> %System32%\utstv.bak2
NY -> utstv.ini -> %System32%\utstv.ini
NY -> vtxgpquc.dll -> %System32%\vtxgpquc.dll
NY -> wgyluhdl.dll -> %System32%\wgyluhdl.dll
NY -> wmypswag.dll -> %System32%\wmypswag.dll
NY -> wnarlbsf.dll -> %System32%\wnarlbsf.dll
NY -> wuoolibf.dll -> %System32%\wuoolibf.dll
NY -> wwdqqcru.ini -> %System32%\wwdqqcru.ini
NY -> wykuqnmc.ini -> %System32%\wykuqnmc.ini
NY -> ydausspi.dll -> %System32%\ydausspi.dll
NY -> zenowair.dll -> %System32%\zenowair.dll
NY -> zgnuagmx.dll -> %System32%\zgnuagmx.dll
NY -> zgnuagmx.exe -> %System32%\zgnuagmx.exe
NY -> zncrymao.dll -> %System32%\zncrymao.dll


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#9
phikapp
Posted 15 November 2007 - 09:18 AM

phikapp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit written successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\{EC5DC32E-CE23-9402-3955-16C8DE90949A} deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\absolute key logger.lnk moved successfully.
C:\WINDOWS\aconti.ini moved successfully.
C:\WINDOWS\aconti.sdb moved successfully.
C:\WINDOWS\SYSTEM32\bflqwlsw.ini moved successfully.
C:\WINDOWS\SYSTEM32\dlxyamxe.ini moved successfully.
C:\WINDOWS\SYSTEM32\jpewocmz.ini moved successfully.
C:\WINDOWS\SYSTEM32\shgwndxg.ini moved successfully.
C:\WINDOWS\SYSTEM32\sznf.ascii moved successfully.
C:\WINDOWS\SYSTEM32\wwdqqcru.ini moved successfully.
[Files/Folders - Modified Within 90 days]
File C:\WINDOWS\absolute key logger.lnk not found!
File C:\WINDOWS\aconti.ini not found!
File C:\WINDOWS\aconti.sdb not found!
C:\WINDOWS\UHJlZmVycmVkIEN1c3RvbWVy moved successfully.
C:\WINDOWS\SYSTEM32\aaamhgfv.dll moved successfully.
C:\WINDOWS\SYSTEM32\ajcsmohw.dll moved successfully.
C:\WINDOWS\SYSTEM32\ajysmodw.dll moved successfully.
C:\WINDOWS\SYSTEM32\beeisvux.dll moved successfully.
File C:\WINDOWS\SYSTEM32\bflqwlsw.ini not found!
C:\WINDOWS\SYSTEM32\cphtgtoa.dll moved successfully.
C:\WINDOWS\SYSTEM32\dirpxclm.dll moved successfully.
File C:\WINDOWS\SYSTEM32\dlxyamxe.ini not found!
C:\WINDOWS\SYSTEM32\driv2 moved successfully.
C:\WINDOWS\SYSTEM32\ebyvzrol.dll moved successfully.
C:\WINDOWS\SYSTEM32\ehggconm.dll moved successfully.
C:\WINDOWS\SYSTEM32\eimvckoa.dll moved successfully.
C:\WINDOWS\SYSTEM32\emzoequj.dll moved successfully.
C:\WINDOWS\SYSTEM32\euyqwroc.ini moved successfully.
C:\WINDOWS\SYSTEM32\gdkgcuxw.dll moved successfully.
C:\WINDOWS\SYSTEM32\hjbunskc.dll moved successfully.
C:\WINDOWS\SYSTEM32\hlzodkym.dll moved successfully.
C:\WINDOWS\SYSTEM32\iblv.dll moved successfully.
C:\WINDOWS\SYSTEM32\icwyngzf.dll moved successfully.
C:\WINDOWS\SYSTEM32\jhgfusqo.dll moved successfully.
C:\WINDOWS\SYSTEM32\jkmoijkl.dll moved successfully.
C:\WINDOWS\SYSTEM32\jllmjooo.dll moved successfully.
File C:\WINDOWS\SYSTEM32\jpewocmz.ini not found!
C:\WINDOWS\SYSTEM32\keys.res moved successfully.
C:\WINDOWS\SYSTEM32\kgcmhyth.dll moved successfully.
C:\WINDOWS\SYSTEM32\kuxaznps.dll moved successfully.
C:\WINDOWS\SYSTEM32\kzhrgvgq.dll moved successfully.
C:\WINDOWS\SYSTEM32\lfnwfcks.dll moved successfully.
C:\WINDOWS\SYSTEM32\mudjosmn.ini moved successfully.
C:\WINDOWS\SYSTEM32\mwgmbocm.dll moved successfully.
C:\WINDOWS\SYSTEM32\mzmzrdqd.dll moved successfully.
C:\WINDOWS\SYSTEM32\navwanvd.ini moved successfully.
C:\WINDOWS\SYSTEM32\nosaizgs.dll moved successfully.
C:\WINDOWS\SYSTEM32\oeqlkosc.dll moved successfully.
C:\WINDOWS\SYSTEM32\ogyobsjd.dll moved successfully.
C:\WINDOWS\SYSTEM32\oowvutfd.dll moved successfully.
C:\WINDOWS\SYSTEM32\oqwcraku.dll moved successfully.
C:\WINDOWS\SYSTEM32\rgtmmdns.ini moved successfully.
C:\WINDOWS\SYSTEM32\rpojcays.dll moved successfully.
C:\WINDOWS\SYSTEM32\sets.res moved successfully.
C:\WINDOWS\SYSTEM32\sft.res moved successfully.
File C:\WINDOWS\SYSTEM32\shgwndxg.ini not found!
C:\WINDOWS\SYSTEM32\smrajhpu.dll moved successfully.
File C:\WINDOWS\SYSTEM32\sznf.ascii not found!
C:\WINDOWS\SYSTEM32\ueydmvtb.dll moved successfully.
C:\WINDOWS\SYSTEM32\uiwgvwya.dll moved successfully.
C:\WINDOWS\SYSTEM32\utstv.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\utstv.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\utstv.ini moved successfully.
C:\WINDOWS\SYSTEM32\vtxgpquc.dll moved successfully.
C:\WINDOWS\SYSTEM32\wgyluhdl.dll moved successfully.
C:\WINDOWS\SYSTEM32\wmypswag.dll moved successfully.
C:\WINDOWS\SYSTEM32\wnarlbsf.dll moved successfully.
C:\WINDOWS\SYSTEM32\wuoolibf.dll moved successfully.
File C:\WINDOWS\SYSTEM32\wwdqqcru.ini not found!
C:\WINDOWS\SYSTEM32\wykuqnmc.ini moved successfully.
C:\WINDOWS\SYSTEM32\ydausspi.dll moved successfully.
C:\WINDOWS\SYSTEM32\zenowair.dll moved successfully.
C:\WINDOWS\SYSTEM32\zgnuagmx.dll moved successfully.
C:\WINDOWS\SYSTEM32\zgnuagmx.exe moved successfully.
C:\WINDOWS\SYSTEM32\zncrymao.dll moved successfully.
< End of log >
Created on 11/15/2007 09:17:06


Everything seems to be working much better thank you very much.
  • 0

#10
Essexboy
Posted 15 November 2007 - 02:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If I could have a final Hijackthis log now just to confirm :)
  • 0

#11
phikapp
Posted 17 November 2007 - 09:58 AM

phikapp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:57:34 AM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\Program Files\Microsoft Money\System\mis.exe
C:\Program Files\Microsoft Money\System\mnyschdl.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Administrator\Desktop\Cleaning Supplies\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  • 0

#12
Essexboy
Posted 17 November 2007 - 10:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#13
Essexboy
Posted 18 November 2007 - 07:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP