Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Your computer is infected"


  • Please log in to reply

#1
homersimpson2080

homersimpson2080

    Member

  • Member
  • PipPip
  • 65 posts
i have suspected malware and have got much needed help from this site
although i thought you guys got rid of it i got an icon a couple of minutes ago in the system tray down on the bottom right of the screen whic looked a bit like the killbox icon.it said your computer is infected.i pressed ctrl,alt,delete and stopped some weird process from running and it dissapeared.Here is my hijcakthis logfile. i just found out the process was winstall

Logfile of HijackThis v1.99.1
Scan saved at 9:28:24 PM, on 6/05/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.2\CM_CAMERA.EXE
C:\PROGRAM FILES\LOGITECH\PROFILER\LWEMON.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\MY DOCUMENTS\DEAN\ALL SPYWARE PROGRAMS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: Interface Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\PXWMA.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\Lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\Profiler\LwEmon.exe /noui"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab

Edited by homersimpson2080, 07 May 2006 - 01:33 AM.

  • 0

Advertisements


#2
jurgenv

jurgenv

    Visiting Staff

  • Visiting Consultant
  • 230 posts
Hi homersimpson2080,
I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
  • 0

#3
jurgenv

jurgenv

    Visiting Staff

  • Visiting Consultant
  • 230 posts
* Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
* Open notepad and copy and paste next in it:

RegDeleteKey HKCR\AppID\pxwma.DLL
RegDeleteKey HKCR\CLSID\{58F07DD3-924D-4141-BC74-299F523A95F1}
RegDeleteKey HKCR\Interface\{B1317C08-617A-435D-A24F-A930F4540696}
RegDeleteKey HKCR\TypeLib\{FAC55B9F-8F6A-4A41-AE16-36845D4679B2}
RegDeleteKey HKCR\interface.InterfaceOBJ
RegDeleteKey HKCR\interface.InterfaceOBJ.1
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F07DD3-924D-4141-BC74-299F523A95F1}
RegDeleteKey HKLM\SOFTWARE\Classes\AppID\DLP.DLL
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
RegDeleteKey HKLM\SOFTWARE\Classes\Interface\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}
RegDeleteKey HKLM\SOFTWARE\Classes\TypeLib\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}
RegDeleteKey HKLM\SOFTWARE\Classes\DLP.DLPObj
RegDeleteKey HKLM\SOFTWARE\Classes\DLP.DLPObj.1
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
RegDeleteKey HKUS\S-1-5-21-220523388-1844823847-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
RegSetStringValue HKLM\SOFTWARE\Classes\AppID|@|

FileDelete %WINDIR%\pxwma.dll
FileDelete %WINDIR%\web\related.htm

SystemEmptyTempFolder

Save this as fix.bfu , choose to save it as *all files and save it in the same folder you made earlier (c:\BFU)

* Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select fix.BFU
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
* Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply with a new hijackthis log.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#4
homersimpson2080

homersimpson2080

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
are both of these programs compatible with windows ME and also there is no make new folder option next to my computer
  • 0

#5
jurgenv

jurgenv

    Visiting Staff

  • Visiting Consultant
  • 230 posts
Yes they're compatible with windows ME :whistling:
You have to make a folder in the C:/ drive, not in My Computer :blink:
  • 0

#6
homersimpson2080

homersimpson2080

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
here is the new log :whistling:
@ECHO OFF

REM Smitfraud Fix by S!Ri
REM http://siri.urz.free...mitfraudFix.zip

REM Thanks, Help: balltrap34, Beamerke, derek, ipl_001, Marckie, moe31, ~Mark, Ruby, sebdraluorg, tirol, Vazkor,
REM and all the ones I forgot who submit files, analyse, help users.
REM Miekiemoes Shudder key fix added.
REM Process.exe by Craig.Peacock added (http://www.beyondlogic.org)
REM Reboot.exe by Shadowar/Option^Explicit added.
REM swreg.exe by SteelWerx (http://www.xs4all.nl...andline-us.html)
REM swsc.exe by SteelWerx (http://www.xs4all.nl...andline-us.html)
REM restart.exe - SuperFast Shutdown (http://www.xp-smoker.com/freeware.html)

set fixname=SmitFraudFix
set fixvers=v2.41

VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2003">NUL
IF NOT ERRORLEVEL 1 GOTO NT
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto end

:Win
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit

:NT
set DoReboot=0
set DoRestart=0
set syspath=%windir%\system32

echo Option Explicit>GetPaths.vbs
echo.>>GetPaths.vbs
echo Dim Shell>>GetPaths.vbs
echo Dim KeyPath>>GetPaths.vbs
echo Dim ObjFileSystem>>GetPaths.vbs
echo Dim ObjOutputFile>>GetPaths.vbs
echo Dim ObjRegExp>>GetPaths.vbs
echo Dim File>>GetPaths.vbs
echo Dim TmpVar>>GetPaths.vbs
echo Dim Var>>GetPaths.vbs
echo Dim Accent>>GetPaths.vbs

echo.>>GetPaths.vbs
echo KeyPath = "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
echo File = "SetPaths.bat">>GetPaths.vbs
echo.>>GetPaths.vbs
echo Set Shell = WScript.CreateObject("WScript.Shell")>>GetPaths.vbs
echo Set ObjFileSystem = CreateObject("Scripting.fileSystemObject")>>GetPaths.vbs
echo Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE)>>GetPaths.vbs
echo Set ObjRegExp = New RegExp>>GetPaths.vbs
echo.>>GetPaths.vbs

echo Function ShortFileName(Path)>>GetPaths.vbs
echo Dim f>>GetPaths.vbs
echo Set f = ObjFileSystem.GetFolder(Path)>>GetPaths.vbs
echo ShortFileName = f.ShortPath>>GetPaths.vbs
echo End Function>>GetPaths.vbs

echo Function Accents(Str)>>GetPaths.vbs
echo ObjRegExp.Pattern = "[^a-zA-Z_0-9\\: ]">>GetPaths.vbs
echo ObjRegExp.IgnoreCase = True>>GetPaths.vbs
echo ObjRegExp.Global = True>>GetPaths.vbs
echo Accents = ObjRegExp.Replace(Str, "?")>>GetPaths.vbs
echo End Function>>GetPaths.vbs

echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Desktop")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set desktop=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Favorites")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set favorites=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Programs")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set startprg=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Start Menu")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set startm=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Startup")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set startup=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs

echo KeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Desktop")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set audesktop=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Favorites")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set aufavorites=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Programs")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set austartprg=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Start Menu")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set austartm=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Startup")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set austartup=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo ObjOutputFile.Close>>GetPaths.vbs
echo Set objFileSystem = Nothing>>GetPaths.vbs
echo Set Shell = Nothing>>GetPaths.vbs
echo Set ObjRegExp = nothing>>GetPaths.vbs
echo.>>GetPaths.vbs
Start /W GetPaths.vbs
del GetPaths.vbs
Call SetPaths.bat
del SetPaths.bat

if exist "%userprofile%\Bureau" (
set lang=fra
) else (
set lang=int
)

goto test

:test
if not exist Process.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier Process.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo Process.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist swreg.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swreg.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swreg.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist swsc.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swsc.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swsc.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist SrchSTS.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier SrchSTS.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo SrchSTS.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist Reboot.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier Reboot.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo Reboot.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist restart.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier restart.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo restart.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist %syspath%\Process.exe copy Process.exe %syspath% >NUL
if not exist %syspath%\swreg.exe copy swreg.exe %syspath% >NUL
if not exist %syspath%\swsc.exe copy swsc.exe %syspath% >NUL
if not exist %syspath%\SrchSTS.exe copy SrchSTS.exe %syspath% >NUL

goto notice

:notice
color 17
cls
if %lang%==fra (
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo joedanger n'est pas affili^‚ avec SmitfraudFix!
echo.
echo Cet outil a ^‚t^‚ cr^‚^‚ par S!Ri pour une utilisation GRATUITE.
echo Des dons seront accept^‚es par S!Ri, uniquement sur son site Web principal
echo N'importe qui d'autre qui essaie d'en tirer profit
echo ou qui solicite de l'argent est impliqu^‚ dans une fraude.
echo.
echo.
echo Appuyez sur une touche pour continuer...
echo.
) else (
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo joedanger is NOT involved with Smitfraudfix in any way!
echo.
echo This tool was created by S!Ri, and is available for FREE.
echo Voluntary donations will be accepted by S!Ri, at his main website only.
echo Anyone, other than the creator, trying to make a profit
echo or solicit money from its use would be involved in fraudulent activity.
echo.
echo.
echo Press a key to continue...
echo.
)
pause>NUL
goto menu

:menu
color 17
cls

if %lang%==fra (
set sChoice=Entrez votre choix
set sScanDate=Rapport fait à
set sRunFrom=Executé à partir de
set sSearch=Recherche
set sFound=PRESENT !
set sDel=supprimé
set sInfect=infecté !
set sInfect2=infect^‚ !
set sWiniSearch=Recherche wininet.dll de remplacement
set sEnd=Fin
set sProcess=Arret des processus
set sError=Problème suppression
set sTempFolder=Suppression Fichiers Temporaires
set sRegCleanQ=Voulez-vous nettoyer le registre ? ^(o/n^)
set sRegClean=Nettoyage du registre
set sWininetQ=Corriger le fichier infect^‚ ? ^(o/n^)
set sTrustQ=R^‚initialiser la liste des sites de confiance et sensibles ? ^(o/n^)
set sTrustBackUp=Copie de sauvegarde
set sTrustDone=Sites de confiance et sensibles effac^‚s.
set sTrustError=*** Erreur : zone.reg non trouv^‚ ***

echo.
echo.
echo %fixname% %fixvers%
echo.
echo.
echo.
echo 1. Recherche
echo 2. Nettoyage ^( mode sans echec recommand^‚ ^)
echo 3. Effacer les sites de confiance et sensibles
echo L. Langue Anglaise
echo Q. Quitter
echo.
echo.
echo Fermez tous les programmes
echo un red^‚marrage peut-^ˆtre n^‚cessaire
echo.
echo.
echo.
) else (
set sChoice=Enter your choice
set sScanDate=Scan done at
set sRunFrom=Run from
set sSearch=Scanning
set sFound=FOUND !
set sDel=Deleted
set sInfect=infected !
set sInfect2=infected !
set sWiniSearch=Scanning wininet.dll backup
set sEnd=End
set sProcess=Killing process
set sError=Problem while deleting
set sTempFolder=Deleting Temp Files
set sRegCleanQ=Do you want to clean the registry ? ^(y/n^)
set sRegClean=Registry Cleaning
set sWininetQ=Replace infected file ? ^(y/n^)
set sTrustQ=Restore Trusted Zone ? ^(y/n^)
set sTrustBackUp=Saving BackUp
set sTrustDone=Trusted Zone deleted.
set sTrustError=*** Error : zone.reg not found ***

echo.
echo.
echo %fixname% %fixvers%
echo.
echo.
echo.
echo 1. Search
echo 2. Clean ^(safe mode recommended^)
echo 3. Delete Trusted zone
echo L. French Language
echo Q. Quit
echo.
echo.
echo Close all applications
echo Computer may reboot
echo.
echo.
echo.
)
set ChoixMenu=''
set /p ChoixMenu=%sChoice% (1,2,3,L,Q) :
if '%ChoixMenu%'=='l' GOTO SwappL
if '%ChoixMenu%'=='L' GOTO SwappL
if '%ChoixMenu%'=='q' GOTO exit
if '%ChoixMenu%'=='Q' GOTO exit
if '%ChoixMenu%'=='1' GOTO search
if '%ChoixMenu%'=='2' GOTO fix
if '%ChoixMenu%'=='3' GOTO zonefix
goto menu

:SwappL
if '%lang%'=='fra' (
set lang=int
) else (
set lang=fra
)
goto notice


:search
cls
echo %fixname% %fixvers%
echo %fixname% %fixvers%>%systemdrive%\rapport.txt
echo.
echo.>>%systemdrive%\rapport.txt
echo %sScanDate% %time%, %date%>>%systemdrive%\rapport.txt
for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
echo %sRunFrom% %CurDir%>>%systemdrive%\rapport.txt
IF ERRORLEVEL 1 (
echo %sRunFrom% >>%systemdrive%\rapport.txt
cd >>%systemdrive%\rapport.txt
)
for /f "Tokens=*" %%i in ('ver') do set Version=%%i
echo OS: %Version%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt




echo %sSearch% %HOMEDRIVE%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» %HOMEDRIVE%\>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %HOMEDRIVE%\

if exist bsw.exe (echo %HOMEDRIVE%\bsw.exe %sFound%>>%systemdrive%\rapport.txt)
if exist contextplus.exe (echo %HOMEDRIVE%\contextplus.exe %sFound%>>%systemdrive%\rapport.txt)
if exist country.exe (echo %HOMEDRIVE%\country.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload1.exe (echo %HOMEDRIVE%\drsmartload1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartloadb.exe (echo %HOMEDRIVE%\drsmartloadb.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ecsiin.stub.exe (echo %HOMEDRIVE%\ecsiin.stub.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exit (echo %HOMEDRIVE%\exit %sFound%>>%systemdrive%\rapport.txt)
if exist gimmysmileys.exe (echo %HOMEDRIVE%\gimmysmileys.exe %sFound%>>%systemdrive%\rapport.txt)
if exist gimmysmileys?.exe (echo %HOMEDRIVE%\gimmysmileys?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard.exe (echo %HOMEDRIVE%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard?.exe (echo %HOMEDRIVE%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard??.exe (echo %HOMEDRIVE%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl1.exe (echo %HOMEDRIVE%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist loader.exe (echo %HOMEDRIVE%\loader.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad.exe (echo %HOMEDRIVE%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad?.exe (echo %HOMEDRIVE%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad??.exe (echo %HOMEDRIVE%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname?.exe (echo %HOMEDRIVE%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname??.exe (echo %HOMEDRIVE%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntdetecd.exe (echo %HOMEDRIVE%\ntdetecd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntps.exe (echo %HOMEDRIVE%\ntps.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntnc.exe (echo %HOMEDRIVE%\ntnc.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ms1.exe (echo %HOMEDRIVE%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist r.exe (echo %HOMEDRIVE%\r.exe %sFound%>>%systemdrive%\rapport.txt)
if exist secure32.html (echo %HOMEDRIVE%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
if exist stub_113_4_0_4_0.exe (echo %HOMEDRIVE%\stub_113_4_0_4_0.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool1.exe (echo %HOMEDRIVE%\tool1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool2.exe (echo %HOMEDRIVE%\tool2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool3.exe (echo %HOMEDRIVE%\tool3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool4.exe (echo %HOMEDRIVE%\tool4.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool5.exe (echo %HOMEDRIVE%\tool5.exe %sFound%>>%systemdrive%\rapport.txt)
if exist toolbar.exe (echo %HOMEDRIVE%\toolbar.exe %sFound%>>%systemdrive%\rapport.txt)
if exist uniq (echo %HOMEDRIVE%\uniq %sFound%>>%systemdrive%\rapport.txt)
if exist winstall.exe (echo %HOMEDRIVE%\winstall.exe %sFound%>>%systemdrive%\rapport.txt)
if exist wp.bmp (echo %HOMEDRIVE%\wp.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist wp.exe (echo %HOMEDRIVE%\wp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist xxx.exe (echo %HOMEDRIVE%\xxx.exe %sFound%>>%systemdrive%\rapport.txt)

if exist "%HOMEDRIVE%\spywarevanisher-free" echo %HOMEDRIVE%\spywarevanisher-free\ %sFound%>>%systemdrive%\rapport.txt

popd



echo.>>%systemdrive%\rapport.txt
echo %sSearch% %windir%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %windir%

if exist ".protected" (echo %windir%\.protected %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbc.dll (echo %windir%\adsldpbc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbd.dll (echo %windir%\adsldpbd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbe.dll (echo %windir%\adsldpbe.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbf.dll (echo %windir%\adsldpbf.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbj.dll (echo %windir%\adsldpbj.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adtech2005.exe (echo %windir%\adtech2005.exe %sFound%>>%systemdrive%\rapport.txt)
if exist adtech2006a.exe (echo %windir%\adtech2006a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist adw.htm (echo %windir%\adw.htm %sFound%>>%systemdrive%\rapport.txt)
if exist "adware-sheriff-box.gif" (echo %windir%\adware-sheriff-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "adware-sheriff-header.gif" (echo %windir%\adware-sheriff-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist alexaie.dll (echo %windir%\alexaie.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alxie328.dll (echo %windir%\alxie328.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alxtb1.dll (echo %windir%\alxtb1.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "antispylab-logo.gif" (echo %windir%\antispylab-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist azesearch.bmp (echo %windir%\azesearch.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist back.gif (echo %windir%\back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist batserv2.exe (echo %windir%\batserv2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist bg.gif (echo %windir%\bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist blank.mht (echo %windir%\blank.mht %sFound%>>%systemdrive%\rapport.txt)
if exist "blue-bg.gif" (echo %windir%\blue-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist BTGrab.dll (echo %windir%\BTGrab.dll %sFound%>>%systemdrive%\rapport.txt)
if exist buy.gif (echo %windir%\buy.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "buy-now-btn.gif" (echo %windir%\buy-now-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bxproxy.exe (echo %windir%\bxproxy.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "close-bar.gif" (echo %windir%\close-bar.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "corner-left.gif" (echo %windir%\corner-left.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "corner-right.gif" (echo %windir%\corner-right.gif %sFound%>>%systemdrive%\rapport.txt)
if exist country.exe (echo %windir%\country.exe %sFound%>>%systemdrive%\rapport.txt)
if exist d3dn32.exe (echo %windir%\d3dn32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist d3??.dll (echo %windir%\d3??.dll %sFound%>>%systemdrive%\rapport.txt)
if exist d3pb.exe (echo %windir%\d3pb.exe %sFound%>>%systemdrive%\rapport.txt)
if exist desktop.html (echo %windir%\desktop.html %sFound%>>%systemdrive%\rapport.txt)
if exist dlmax.dll (echo %windir%\dlmax.dll %sFound%>>%systemdrive%\rapport.txt)
if exist download-btn.gif (echo %windir%\download-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload.dat (echo %windir%\drsmartload.dat %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload95a.exe (echo %windir%\drsmartload95a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartloadb1.dat (echo %windir%\drsmartloadb1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist "facts.gif" (echo %windir%\facts.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "footer.gif" (echo %windir%\footer.giff %sFound%>>%systemdrive%\rapport.txt)
if exist "free-scan-btn.gif" (echo %windir%\free-scan-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist gimmygames.dat (echo %windir%\gimmygames.dat %sFound%>>%systemdrive%\rapport.txt)
if exist "h-line-gradient.gif" (echo %windir%\h-line-gradient.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "header-bg.gif" (echo %windir%\header-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "infected.gif" (echo %windir%\infected.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "info.gif" (echo %windir%\info.gif %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard.exe (echo %windir%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard?.exe (echo %windir%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard??.exe (echo %windir%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl.exe (echo %windir%\kl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl1.exe (echo %windir%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist loadadv728.exe (echo %windir%\loadadv728.exe %sFound%>>%systemdrive%\rapport.txt)
if exist icont.exe (echo %windir%\icont.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ieyi.dll (echo %windir%\ieyi.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ieyi.exe (echo %windir%\ieyi.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad.exe (echo %windir%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad?.exe (echo %windir%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad??.exe (echo %windir%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname?.exe (echo %windir%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname??.exe (echo %windir%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ms1.exe (echo %windir%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "no-icon.gif" (echo %windir%\no-icon.gif %sFound%>>%systemdrive%\rapport.txt)
if exist notepad.com (echo %windir%\notepad.com %sFound%>>%systemdrive%\rapport.txt)
if exist osaupd.exe (echo %windir%\osaupd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist pop06ap2.exe (echo %windir%\pop06ap2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist popuper.exe (echo %windir%\popuper.exe %sFound%>>%systemdrive%\rapport.txt)
if exist psg.exe (echo %windir%\psg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist Pynix.dll (echo %windir%\Pynix.dll %sFound%>>%systemdrive%\rapport.txt)
if exist q*_disk.dll (echo %windir%\q*_disk.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "reg-freeze-box.gif" (echo %windir%\reg-freeze-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "reg-freeze-header.gif" (echo %windir%\reg-freeze-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "remove-spyware-btn.gif" (echo %windir%\remove-spyware-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist rzs.exe (echo %windir%\rzs.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sachostx.exe (echo %windir%\sachostx.exe %sFound%>>%systemdrive%\rapport.txt)
if exist screen.html (echo %windir%\screen.html %sFound%>>%systemdrive%\rapport.txt)
if exist sec.exe (echo %windir%\sec.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sdkcb.dll (echo %windir%\sdkcb.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sdkqq.exe (echo %windir%\sdkqq.exe %sFound%>>%systemdrive%\rapport.txt)
if exist secure32.html (echo %windir%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
if exist sites.ini (echo %windir%\sites.ini %sFound%>>%systemdrive%\rapport.txt)
if exist slassac.dll (echo %windir%\slassac.dll %sFound%>>%systemdrive%\rapport.txt)
if exist susp.exe (echo %windir%\susp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svchost.exe (echo %windir%\svchost.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysen.exe (echo %windir%\sysen.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysvx_.exe (echo %windir%\sysvx_.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysldr32.exe (echo %windir%\sysldr32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist teller2.chk (echo %windir%\teller2.chk %sFound%>>%systemdrive%\rapport.txt)
if exist temp.000.exe (echo %windir%\temp.000.exe %sFound%>>%systemdrive%\rapport.txt)
if exist timessquare.exe (echo %windir%\timessquare.exe %sFound%>>%systemdrive%\rapport.txt)
if exist timessquare1.dat (echo %windir%\timessquare1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist tool1.exe (echo %windir%\tool1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool2.exe (echo %windir%\tool2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool3.exe (echo %windir%\tool3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool4.exe (echo %windir%\tool4.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool5.exe (echo %windir%\tool5.exe %sFound%>>%systemdrive%\rapport.txt)
if exist toolbar.exe (echo %windir%\toolbar.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "true-stories.gif" (echo %windir%\true-stories.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spyware-sheriff-header.gif" (echo %windir%\spyware-sheriff-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spyware-sheriff-box.gif" (echo %windir%\spyware-sheriff-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "star.gif" (echo %windir%\star.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "star-grey.gif" (echo %windir%\star-grey.gif %sFound%>>%systemdrive%\rapport.txt)
if exist uninstDsk.exe (echo %windir%\uninstDsk.exe %sFound%>>%systemdrive%\rapport.txt)
if exist uninstIU.exe (echo %windir%\uninstIU.exe %sFound%>>%systemdrive%\rapport.txt)
if exist update13.js (echo %windir%\update13.js %sFound%>>%systemdrive%\rapport.txt)
if exist warnhp.html (echo %windir%\warnhp.html %sFound%>>%systemdrive%\rapport.txt)
if exist "warning-bar-ico.gif" (echo %windir%\warning-bar-ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "win-sec-center-logo.gif" (echo %windir%\win-sec-center-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "windows-compatible.gif" (echo %windir%\windows-compatible.gif %sFound%>>%systemdrive%\rapport.txt)
if exist winsysupd.exe (echo %windir%\winsysupd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winsysban.exe (echo %windir%\winsysban.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winsysban8.exe (echo %windir%\winsysban8.exe %sFound%>>%systemdrive%\rapport.txt)
if exist windows.html (echo %windir%\windows.html %sFound%>>%systemdrive%\rapport.txt)
if exist wupdmgr.exe (echo %windir%\wupdmgr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist xpupdate.exe (echo %windir%\xpupdate.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "yes-icon.gif" (echo %windir%\yes-icon.gif %sFound%>>%systemdrive%\rapport.txt)
if exist zloader3.exe (echo %windir%\zloader3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ZServ.dll (echo %windir%\ZServ.dll %sFound%>>%systemdrive%\rapport.txt)
if exist __delete_on_reboot__popuper.exe (echo %windir%\__delete_on_reboot__popuper.exe %sFound%>>%systemdrive%\rapport.txt)

if exist "%windir%\muwq" echo %windir%\muwq\ %sFound%>>%systemdrive%\rapport.txt

if exist "%windir%\inet20001" echo %windir%\inet20001\ %sFound%>>%systemdrive%\rapport.txt
if exist "%windir%\inet20010" echo %windir%\inet20010\ %sFound%>>%systemdrive%\rapport.txt
if exist "%windir%\inet20066" echo %windir%\inet20066\ %sFound%>>%systemdrive%\rapport.txt
if exist "%windir%\inet20099" echo %windir%\inet20099\ %sFound%>>%systemdrive%\rapport.txt

popd






echo.>>%systemdrive%\rapport.txt
echo %sSearch% %windir%\system...
echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%\system>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %windir%\system

if exist csrss.exe (echo %windir%\system\csrss.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svchost.exe (echo %windir%\system\svchost.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svchost.dll (echo %windir%\system\svchost.dll %sFound%>>%systemdrive%\rapport.txt)
if exist svwhost.exe (echo %windir%\system\svwhost.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svwhost.dll (echo %windir%\system\svwhost.dll %sFound%>>%systemdrive%\rapport.txt)

popd




echo.>>%systemdrive%\rapport.txt
echo %sSearch% %windir%\Web...
echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%\Web>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %windir%\Web

if exist desktop.html (echo %windir%\Web\desktop.html %sFound%>>%systemdrive%\rapport.txt)
if exist wallpaper.html (echo %windir%\Web\wallpaper.html %sFound%>>%systemdrive%\rapport.txt)

popd



echo.>>%systemdrive%\rapport.txt
echo %sSearch% %syspath%...
echo »»»»»»»»»»»»»»»»»»»»»»»» %syspath%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %syspath%

if exist ~update.exe (echo %syspath%\~update.exe %sFound%>>%systemdrive%\rapport.txt)
if exist a.exe (echo %syspath%\a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "Air Tickets.ico" (echo %syspath%\Air Tickets.ico %sFound%>>%systemdrive%\rapport.txt)
if exist AdService.dll (echo %syspath%\AdService.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsmart.exe (echo %syspath%\adsmart.exe %sFound%>>%systemdrive%\rapport.txt)
if exist alxres.dll (echo %syspath%\alxres.dll %sFound%>>%systemdrive%\rapport.txt)
if exist atmclk.exe (echo %syspath%\atmclk.exe %sFound%>>%systemdrive%\rapport.txt)
if exist bhoimpl.dll (echo %syspath%\bhoimpl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bin29a.log (echo %syspath%\bin29a.log %sFound%>>%systemdrive%\rapport.txt)
if exist "Big Tits.ico" (echo %syspath%\Big Tits.ico %sFound%>>%systemdrive%\rapport.txt)
if exist birdihuy.dll (echo %syspath%\birdihuy.dll %sFound%>>%systemdrive%\rapport.txt)
if exist birdihuy32.dll (echo %syspath%\birdihuy32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist Blackjack.ico (echo %syspath%\Blackjack.ico %sFound%>>%systemdrive%\rapport.txt)
if exist bnmsrv.exe (echo %syspath%\bnmsrv.exe %sFound%>>%systemdrive%\rapport.txt)
if exist bre.dll (echo %syspath%\bre.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bre32.dll (echo %syspath%\bre32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bridge.dll (echo %syspath%\bridge.dll %sFound%>>%systemdrive%\rapport.txt)
if exist browsela.dll (echo %syspath%\browsela.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "Britney Spears.ico" (echo %syspath%\Britney Spears.ico %sFound%>>%systemdrive%\rapport.txt)
if exist bu.exe (echo %syspath%\bu.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "Car Insurance.ico" (echo %syspath%\Car Insurance.ico %sFound%>>%systemdrive%\rapport.txt)
if exist casino.ico (echo %syspath%\casino.ico %sFound%>>%systemdrive%\rapport.txt)
if exist "Cheap Cigarettes.ico" (echo %syspath%\Cheap Cigarettes.ico %sFound%>>%systemdrive%\rapport.txt)
if exist child.dll (echo %syspath%\child.dll %sFound%>>%systemdrive%\rapport.txt)
if exist chp.dll (echo %syspath%\chp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist cmd32.exe (echo %syspath%\cmd32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist cmdtel.exe (echo %syspath%\cmdtel.exe %sFound%>>%systemdrive%\rapport.txt)
if exist cnymxw32.dll (echo %syspath%\cnymxw32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist combo.exe (echo %syspath%\combo.exe %sFound%>>%systemdrive%\rapport.txt)
if exist comdlg64.dll (echo %syspath%\comdlg64.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "Credit Card.ico" (echo %syspath%\Credit Card.ico %sFound%>>%systemdrive%\rapport.txt)
if exist Cruises.ico (echo %syspath%\Cruises.ico %sFound%>>%systemdrive%\rapport.txt)
if exist "Currency Trading.ico" (echo %syspath%\Currency Trading.ico %sFound%>>%systemdrive%\rapport.txt)
if exist cvxh8jkdq?.exe (echo %syspath%\cvxh8jkdq?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist CWS_iestart.exe (echo %syspath%\CWS_iestart.exe %sFound%>>%systemdrive%\rapport.txt)
if exist date.ico (echo %syspath%\date.ico %sFound%>>%systemdrive%\rapport.txt)
if exist dailytoolbar.dll (echo %syspath%\dailytoolbar.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dcom_14.dll (echo %syspath%\dcom_14.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dcom_15.dll (echo %syspath%\dcom_15.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dcomcfg.exe (echo %syspath%\dcomcfg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dial23.exe (echo %syspath%\dial23.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dlh9jkdq?.exe (echo %syspath%\dlh9jkdq?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist doser.exe (echo %syspath%\doser.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfrgsrv.exe (echo %syspath%\dfrgsrv.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dxole32.exe (echo %syspath%\dxole32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dxmpp.dll (echo %syspath%\dxmpp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dvdcap.dll (echo %syspath%\dvdcap.dll %sFound%>>%systemdrive%\rapport.txt)
if exist efsdfgxg.exe (echo %syspath%\efsdfgxg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exa32.exe (echo %syspath%\exa32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exeha2.exe (echo %syspath%\exeha2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exeha3.exe (echo %syspath%\exeha3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exuc32.tmp (echo %syspath%\exuc32.tmp %sFound%>>%systemdrive%\rapport.txt)
if exist games.ico (echo %syspath%\games.ico %sFound%>>%systemdrive%\rapport.txt)
if exist ginuerep.dll (echo %syspath%\ginuerep.dll %sFound%>>%systemdrive%\rapport.txt)
if exist gunist.exe (echo %syspath%\gunist.exe %sFound%>>%systemdrive%\rapport.txt)
if exist helper.exe (echo %syspath%\helper.exe %sFound%>>%systemdrive%\rapport.txt)
if exist hhk.dll (echo %syspath%\hhk.dll %sFound%>>%systemdrive%\rapport.txt)
if exist hookdump.exe (echo %syspath%\hookdump.exe %sFound%>>%systemdrive%\rapport.txt)
if exist hp????.tmp (echo %syspath%\hp????.tmp %sFound%>>%systemdrive%\rapport.txt)
if exist IeHelperEx.dll (echo %syspath%\IeHelperEx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist intel32.exe (echo %syspath%\intel32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist intell321.exe (echo %syspath%\intell321.exe %sFound%>>%systemdrive%\rapport.txt)
if exist intell32.exe (echo %syspath%\intell32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist interf.tlb (echo %syspath%\interf.tlb %sFound%>>%systemdrive%\rapport.txt)
if exist intmon.exe (echo %syspath%\intmon.exe %sFound%>>%systemdrive%\rapport.txt)
if exist intmonp.exe (echo %syspath%\intmonp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist intxt.exe (echo %syspath%\intxt.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ioctrl.dll (echo %syspath%\ioctrl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist jao.dll (echo %syspath%\jao.dll %sFound%>>%systemdrive%\rapport.txt)
if exist kernels32.exe (echo %syspath%\kernels32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kernels64.exe (echo %syspath%\kernels64.exe %sFound%>>%systemdrive%\rapport.txt)
if exist latest.exe (echo %syspath%\latest.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "Lesbian Sex.ico" (echo %syspath%\Lesbian Sex.ico %sFound%>>%systemdrive%\rapport.txt)
if exist ld????.tmp (echo %syspath%\ld????.tmp %sFound%>>%systemdrive%\rapport.txt)
if exist lich.exe (echo %syspath%\lich.exe %sFound%>>%systemdrive%\rapport.txt)
if exist links.exe (echo %syspath%\links.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ll.exe (echo %syspath%\ll.exe %sFound%>>%systemdrive%\rapport.txt)
if exist maxd1.exe (echo %syspath%\maxd1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist maxd64.exe (echo %syspath%\maxd64.exe %sFound%>>%systemdrive%\rapport.txt)
if exist migicons.exe (echo %syspath%\migicons.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mirarsearch_toolbar.exe (echo %syspath%\mirarsearch_toolbar.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mobile.ico (echo %syspath%\mobile.ico %sFound%>>%systemdrive%\rapport.txt)
if exist MP3.ico (echo %syspath%\MP3.ico %sFound%>>%systemdrive%\rapport.txt)
if exist msbe.dll (echo %syspath%\msbe.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mscornet.exe (echo %syspath%\mscornet.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mssearchnet.exe (echo %syspath%\mssearchnet.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msmsgs.exe (echo %syspath%\msmsgs.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msnscps.dll (echo %syspath%\msnscps.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msole32.exe (echo %syspath%\msole32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mspostsp.exe.exe (echo %syspath%\mspostsp.exe.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msupdate32.dll (echo %syspath%\msupdate32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msvcp.exe.exe (echo %syspath%\msvcp.exe.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msvol.tlb (echo %syspath%\msvol.tlb %sFound%>>%systemdrive%\rapport.txt)
if exist mswinb32.dll (echo %syspath%\mswinb32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mswinb32.exe (echo %syspath%\mswinb32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mswinf32.dll (echo %syspath%\mswinf32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mswinf32.exe (echo %syspath%\mswinf32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mswinup32.dll (echo %syspath%\mswinup32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mswinxml.dll (echo %syspath%\mswinxml.dll %sFound%>>%systemdrive%\rapport.txt)
if exist MTC.dll (echo %syspath%\MTC.dll %sFound%>>%systemdrive%\rapport.txt)
if exist MTC.ini (echo %syspath%\MTC.ini %sFound%>>%systemdrive%\rapport.txt)
if exist multitran.exe (echo %syspath%\multitran.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ncompat.tlb (echo %syspath%\ncompat.tlb %sFound%>>%systemdrive%\rapport.txt)
if exist netfilt4.exe (echo %syspath%\netfilt4.exe %sFound%>>%systemdrive%\rapport.txt)
if exist network.ico (echo %syspath%\network.ico %sFound%>>%systemdrive%\rapport.txt)
if exist netwrap.dll (echo %syspath%\netwrap.dll %sFound%>>%systemdrive%\rapport.txt)
if exist notepad.com (echo %syspath%\notepad.com %sFound%>>%systemdrive%\rapport.txt)
if exist NTCommLib3.exe (echo %syspath%\NTCommLib3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nuclabdll.dll (echo %syspath%\nuclabdll.dll %sFound%>>%systemdrive%\rapport.txt)
if exist nvctrl.exe (echo %syspath%\nvctrl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nvms.dll (echo %syspath%\nvms.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ole32vbs.exe (echo %syspath%\ole32vbs.exe %sFound%>>%systemdrive%\rapport.txt)
if exist oleadm.dll (echo %syspath%\oleadm.dll %sFound%>>%systemdrive%\rapport.txt)
if exist oleadm32.dll (echo %syspath%\oleadm32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist oleext.dll (echo %syspath%\oleext.dll %sFound%>>%systemdrive%\rapport.txt)
if exist oleext32.dll (echo %syspath%\oleext32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "Online Betting.ico" (echo %syspath%\Online Betting.ico %sFound%>>%systemdrive%\rapport.txt)
if exist "Online Gambling.ico" (echo %syspath%\Online Gambling.ico %sFound%>>%systemdrive%\rapport.txt)
if exist "Oral Sex.ico" (echo %syspath%\Oral Sex.ico %sFound%>>%systemdrive%\rapport.txt)
if exist ot.ico (echo %syspath%\ot.ico %sFound%>>%systemdrive%\rapport.txt)
if exist param32.dll (echo %syspath%\param32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist parad.raw.exe (echo %syspath%\parad.raw.exe %sFound%>>%systemdrive%\rapport.txt)
if exist paradise.raw.exe (echo %syspath%\paradise.raw.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "Party Poker.ico" (echo %syspath%\Party Poker.ico %sFound%>>%systemdrive%\rapport.txt)
if exist paytime.exe (echo %syspath%\paytime.exe %sFound%>>%systemdrive%\rapport.txt)
if exist perfcii.ini (echo %syspath%\perfcii.ini %sFound%>>%systemdrive%\rapport.txt)
if exist performent217.dll (echo %syspath%\performent217.dll %sFound%>>%systemdrive%\rapport.txt)
if exist pharm.ico (echo %syspath%\pharm.ico %sFound%>>%systemdrive%\rapport.txt)
if exist pharm2.ico (echo %syspath%\pharm2.ico %sFound%>>%systemdrive%\rapport.txt)
if exist Pharmacy.ico (echo %syspath%\Pharmacy.ico %sFound%>>%systemdrive%\rapport.txt)
if exist Phentermine.ico (echo %syspath%\Phentermine.ico %sFound%>>%systemdrive%\rapport.txt)
if exist pop_up.dll (echo %syspath%\pop_up.dll %sFound%>>%systemdrive%\rapport.txt)
if exist Pornstars.ico (echo %syspath%\Pornstars.ico %sFound%>>%systemdrive%\rapport.txt)
if exist priva.exe (echo %syspath%\priva.exe %sFound%>>%systemdrive%\rapport.txt)
if exist prflbmsgp32.dll (echo %syspath%\prflbmsgp32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist questmod.dll (echo %syspath%\questmod.dll %sFound%>>%systemdrive%\rapport.txt)
if exist qvxgamet?.exe (echo %syspath%\qvxgamet?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist reger.exe (echo %syspath%\reger.exe %sFound%>>%systemdrive%\rapport.txt)
if exist regperf.exe (echo %syspath%\regperf.exe %sFound%>>%systemdrive%\rapport.txt)
if exist reglogs.dll (echo %syspath%\reglogs.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "Remove Spyware.ico" (echo %syspath%\Remove Spyware.ico %sFound%>>%systemdrive%\rapport.txt)
if exist repigsp.exe (echo %syspath%\repigsp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist replmap.dll (echo %syspath%\replmap.dll %sFound%>>%systemdrive%\rapport.txt)
if exist RpcxSs.dll (echo %syspath%\RpcxSs.dll %sFound%>>%systemdrive%\rapport.txt)
if exist runsrv32.dll (echo %syspath%\runsrv32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist runsrv32.exe (echo %syspath%\runsrv32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sachostc.exe (echo %syspath%\sachostc.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sachostp.exe (echo %syspath%\sachostp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sachosts.exe (echo %syspath%\sachosts.exe %sFound%>>%systemdrive%\rapport.txt)
if exist scanner.ico (echo %syspath%\scanner.ico %sFound%>>%systemdrive%\rapport.txt)
if exist sdfdil.exe (echo %syspath%\sdfdil.exe %sFound%>>%systemdrive%\rapport.txt)
if exist searchdll.dll (echo %syspath%\searchdll.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "Security Toolbar.dll" (echo %syspath%\Security Toolbar.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sender.exe (echo %syspath%\sender.exe %sFound%>>%systemdrive%\rapport.txt)
if exist shdochp.dll (echo %syspath%\shdochp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist shdochp.exe (echo %syspath%\shdochp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist shdochop.dll (echo %syspath%\shdochop.dll %sFound%>>%systemdrive%\rapport.txt)
if exist shdocnva.dll (echo %syspath%\shdocnva.dll %sFound%>>%systemdrive%\rapport.txt)
if exist shdocsvc.dll (echo %syspath%\shdocsvc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist shdocsvc.exe (echo %syspath%\shdocsvc.exe %sFound%>>%systemdrive%\rapport.txt)
if exist shell386.exe (echo %syspath%\shell386.exe %sFound%>>%systemdrive%\rapport.txt)
if exist shellgui32.dll (echo %syspath%\shellgui32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist shnlog.exe (echo %syspath%\shnlog.exe %sFound%>>%systemdrive%\rapport.txt)
if exist shsexl32.dll (echo %syspath%\shsexl32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist simpole.tlb (echo %syspath%\simpole.tlb %sFound%>>%systemdrive%\rapport.txt)
if exist sivudro.dll (echo %syspath%\sivudro.dll %sFound%>>%systemdrive%\rapport.txt)
if exist socks.exe (echo %syspath%\socks.exe %sFound%>>%systemdrive%\rapport.txt)
if exist spam.ico (echo %syspath%\spam.ico %sFound%>>%systemdrive%\rapport.txt)
if exist split.exe (echo %syspath%\split.exe %sFound%>>%systemdrive%\rapport.txt)
if exist split1.exe (echo %syspath%\split1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist split2.exe (echo %syspath%\split2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist spyware.ico (echo %syspath%\spyware.ico %sFound%>>%systemdrive%\rapport.txt)
if exist srpcsrv32.dll (echo %syspath%\srpcsrv32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist srpcsrv32.exe (echo %syspath%\srpcsrv32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist st3.dll (echo %syspath%\st3.dll %sFound%>>%systemdrive%\rapport.txt)
if exist stdole3.tlb (echo %syspath%\stdole3.tlb %sFound%>>%systemdrive%\rapport.txt)
if exist stickrep.dll (echo %syspath%\stickrep.dll %sFound%>>%systemdrive%\rapport.txt)
if exist suprox.dll (echo %syspath%\suprox.dll %sFound%>>%systemdrive%\rapport.txt)
if exist susp.exe (echo %syspath%\susp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svchop.exe (echo %syspath%\svchop.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svchosts.dll (echo %syspath%\svchosts.dll %sFound%>>%systemdrive%\rapport.txt)
if exist svchosts.exe (echo %syspath%\svchosts.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svcnt.exe (echo %syspath%\svcnt.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svcnt32.exe (echo %syspath%\svcnt32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svcnva.exe (echo %syspath%\svcnva.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svwhost.exe (echo %syspath%\svwhost.exe %sFound%>>%systemdrive%\rapport.txt)
if exist symsvcsa.exe (echo %syspath%\symsvcsa.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysbho.exe (echo %syspath%\sysbho.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysinit32z.exe (echo %syspath%\sysinit32z.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysjv32.exe (echo %syspath%\sysjv32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysmain.dll (echo %syspath%\sysmain.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sysvcs.exe (echo %syspath%\sysvcs.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysvx.exe (echo %syspath%\sysvx.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sywsvcs.exe (echo %syspath%\sywsvcs.exe %sFound%>>%systemdrive%\rapport.txt)
if exist taras.exe (echo %syspath%\taras.exe %sFound%>>%systemdrive%\rapport.txt)
if exist taskdir.dll (echo %syspath%\taskdir.dll %sFound%>>%systemdrive%\rapport.txt)
if exist taskdir.exe (echo %syspath%\taskdir.exe %sFound%>>%systemdrive%\rapport.txt)
if exist taskdir~.exe (echo %syspath%\taskdir~.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tcpservice2.exe (echo %syspath%\tcpservice2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tetriz3.exe (echo %syspath%\tetriz3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist trf32.dll (echo %syspath%\trf32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ts.ico (echo %syspath%\ts.ico %sFound%>>%systemdrive%\rapport.txt)
if exist twain32.dll (echo %syspath%\twain32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist txfdb32.dll (echo %syspath%\txfdb32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist udpmod.dll (echo %syspath%\udpmod.dll %sFound%>>%systemdrive%\rapport.txt)
if exist viagra.ico (echo %syspath%\viagra.ico %sFound%>>%systemdrive%\rapport.txt)
if exist vxgame?.exe (echo %syspath%\vxgame?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist vxgame?.exe????.exe (echo %syspath%\vxgame?.exe????.exe %sFound%>>%systemdrive%\rapport.txt)
if exist vxgame?.exe????.exe.bak (echo %syspath%\vxgame?.exe????.exe.bak %sFound%>>%systemdrive%\rapport.txt)
if exist vxgamet?.exe (echo %syspath%\vxgamet?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist vxgamet?.exe????.exe (echo %syspath%\vxgamet?.exe????.exe %sFound%>>%systemdrive%\rapport.txt)
if exist vxh8jkdq?.exe (echo %syspath%\vxh8jkdq?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist w8673492.exe (echo %syspath%\w8673492.exe %sFound%>>%systemdrive%\rapport.txt)
if exist wbeconm.dll (echo %syspath%\wbeconm.dll %sFound%>>%systemdrive%\rapport.txt)
if exist web.exe (echo %syspath%\web.exe %sFound%>>%systemdrive%\rapport.txt)
if exist whitevx.lst (echo %syspath%\whitevx.lst %sFound%>>%systemdrive%\rapport.txt)
if exist wiatwain.dll (echo %syspath%\wiatwain.dll %sFound%>>%systemdrive%\rapport.txt)
if exist winapi32.dll (echo %syspath%\winapi32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist winbl32.dll (echo %syspath%\winbl32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist windesktop.dll (echo %syspath%\windesktop.dll %sFound%>>%systemdrive%\rapport.txt)
if exist windesktop.exe (echo %syspath%\windesktop.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winldra.exe (echo %syspath%\winldra.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winlfl32.dll (echo %syspath%\winlfl32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist winnook.exe (echo %syspath%\winnook.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winsrv32.exe (echo %syspath%\winsrv32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winstyle2.dll (echo %syspath%\winstyle2.dll %sFound%>>%systemdrive%\rapport.txt)
if exist winstyle3.dll (echo %syspath%\winstyle3.dll %sFound%>>%systemdrive%\rapport.txt)
if exist winstyle32.dll (echo %syspath%\winstyle32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist wldr.dll (echo %syspath%\wldr.dll %sFound%>>%systemdrive%\rapport.txt)
if exist wp.bmp (echo %syspath%\wp.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist wppp.html (echo %syspath%\wppp.html %sFound%>>%systemdrive%\rapport.txt)
if exist wstart.dll (echo %syspath%\wstart.dll %sFound%>>%systemdrive%\rapport.txt)
if exist x.exe (echo %syspath%\x.exe %sFound%>>%systemdrive%\rapport.txt)
if exist xenadot.dll (echo %syspath%\xenadot.dll %sFound%>>%systemdrive%\rapport.txt)
if exist yaemu.exe (echo %syspath%\yaemu.exe %sFound%>>%systemdrive%\rapport.txt)
if exist z11.exe (echo %syspath%\z11.exe %sFound%>>%systemdrive%\rapport.txt)
if exist z12.exe (echo %syspath%\z12.exe %sFound%>>%systemdrive%\rapport.txt)
if exist z13.exe (echo %syspath%\z13.exe %sFound%>>%systemdrive%\rapport.txt)
if exist z14.exe (echo %syspath%\z14.exe %sFound%>>%systemdrive%\rapport.txt)
if exist z15.exe (echo %syspath%\z15.exe %sFound%>>%systemdrive%\rapport.txt)
if exist z16.exe (echo %syspath%\z16.exe %sFound%>>%systemdrive%\rapport.txt)
if exist zlbw.dll (echo %syspath%\zlbw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist zolker011.dll (echo %syspath%\zolker011.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ztoolb011.dll (echo %syspath%\ztoolb011.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ztoolbar.bmp (echo %syspath%\ztoolbar.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist ztoolbar.xml (echo %syspath%\ztoolbar.xml %sFound%>>%systemdrive%\rapport.txt)
if exist __delete_on_reboot__intmon.exe (echo %syspath%\__delete_on_reboot__intmon.exe %sFound%>>%systemdrive%\rapport.txt)
if exist __delete_on_reboot__intel32.exe (echo %syspath%\__delete_on_reboot__intel32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist __delete_on_reboot__intell32.exe (echo %syspath%\__delete_on_reboot__intell32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist __delete_on_reboot__OLEADM.dll (echo %syspath%\__delete_on_reboot__OLEADM.dll %sFound%>>%systemdrive%\rapport.txt)
if exist __delete_on_reboot__stickrep.dll (echo %syspath%\__delete_on_reboot__stickrep.dll %sFound%>>%systemdrive%\rapport.txt)

if exist "%syspath%\1024" echo %syspath%\1024\ %sFound%>>%systemdrive%\rapport.txt

if exist "%syspath%\drivers\.protected" echo %syspath%\drivers\.protected %sFound%>>%systemdrive%\rapport.txt
if exist "%syspath%\drivers\hesvc.sys" echo %syspath%\drivers\hesvc.sys %sFound%>>%systemdrive%\rapport.txt


popd





if NOT exist %syspath%\LogFiles goto suiteScanAppData

echo.>>%systemdrive%\rapport.txt
echo %sSearch% %syspath%\LogFiles...
echo »»»»»»»»»»»»»»»»»»»»»»»» %syspath%\LogFiles>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt

pushd %syspath%\LogFiles

if exist A5281300.so (echo %syspath%\A5281300.so %sFound%>>%systemdrive%\rapport.txt)
if exist T54111925.so (echo %syspath%\T54111925.so %sFound%>>%systemdrive%\rapport.txt)
if exist H53131712.so (echo %syspath%\H53131712.so %sFound%>>%systemdrive%\rapport.txt)
if exist A54102200.so (echo %syspath%\A54102200.so %sFound%>>%systemdrive%\rapport.txt)
if exist S53252000.so (echo %syspath%\S53252000.so %sFound%>>%systemdrive%\rapport.txt)
if exist A04111925.so (echo %syspath%\A04111925.so %sFound%>>%systemdrive%\rapport.txt)
if exist M54111925.so (echo %syspath%\M54111925.so %sFound%>>%systemdrive%\rapport.txt)
if exist P54111925.so (echo %syspath%\P54111925.so %sFound%>>%systemdrive%\rapport.txt)

popd



:suiteScanAppData
echo.>>%systemdrive%\rapport.txt
echo %sSearch% %userpro
  • 0

#7
homersimpson2080

homersimpson2080

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
here is the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:23:27 PM, on 12/05/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.2\CM_CAMERA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LOGITECH\PROFILER\LWEMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NIMIQ\NIMIQ.EXE
C:\MY DOCUMENTS\DEAN\ALL SPYWARE PROGRAMS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\Lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\Profiler\LwEmon.exe /noui"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
  • 0

#8
jurgenv

jurgenv

    Visiting Staff

  • Visiting Consultant
  • 230 posts
Hijackthis log looks clean, how is everything working?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP