[Buckeye_Sam]

Your log looks pretty good.
How are things working now? What problems do you still have?

[Advertisements]

everything seems to be working fine but ewido still finds moneytree/dyfuca on my system is that normal?---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:55:26 PM 8/28/2006

+ Scan result:



HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Error during cleaning.
:mozilla.33:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\zillah\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\zillah\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end

Edited by zillagod, 28 August 2006 - 07:15 PM.

[zillagod]

everything seems to be working fine but ewido still finds moneytree/dyfuca on my system is that normal?---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:55:26 PM 8/28/2006

+ Scan result:



HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Error during cleaning.
:mozilla.33:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\zillah\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\zillah\Application Data\Mozilla\Firefox\Profiles\urvv9bkl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\zillah\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end

Edited by zillagod, 28 August 2006 - 07:15 PM.

[Buckeye_Sam]

Let's try this.

Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[-HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj]

[-HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1]

Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.


Reboot and then run a new scan with Ewido and let me know if it's still there.

[zillagod]

its still not letting me quarantine it i ran the code as instructed
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:46:56 PM 8/29/2006

+ Scan result:



HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Error during cleaning.


::Report end

[Buckeye_Sam]

Are you running Ewido in normal mode, or safe mode?

[zillagod]

i followed the procedure in safe mode and normal mode

[Buckeye_Sam]

Please post a new log from Combofix.

[zillagod]

zillah - 06-09-02 17:08:08.22
ComboFix 06.08.18 - Running from: C:\Documents and Settings\zillah\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-02 to 2006-09-02 ))))))))))))))))))))))))))))))))))


2006-08-24 14:14 970,752 C:\WINDOWS\system32\cdintf210.dll
2006-08-24 05:37 1,492 C:\WINDOWSvundofix.reg
2006-08-23 20:03 172,688 C:\FxNetOpt.exe
2006-08-22 01:39 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-08-22 01:39 13,312 C:\WINDOWS\system32\irclass.dll
2006-08-21 20:49 46,352 C:\WINDOWS\setdebug.exe
2006-08-21 20:49 313,856 C:\WINDOWS\system32\dx3j.dll
2006-08-21 20:49 171,280 C:\WINDOWS\system32\jit.dll
2006-08-21 20:49 139,536 C:\WINDOWS\system32\javaee.dll
2006-08-21 20:48 945,424 C:\WINDOWS\system32\msjava.dll
2006-08-21 20:48 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-08-21 20:48 49,424 C:\WINDOWS\system32\clspack.exe
2006-08-21 20:48 404,752 C:\WINDOWS\system32\javart.dll
2006-08-21 20:48 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-08-21 20:48 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-08-21 20:48 187,152 C:\WINDOWS\system32\javacypt.dll
2006-08-21 20:48 172,304 C:\WINDOWS\system32\jview.exe
2006-08-21 20:48 171,792 C:\WINDOWS\system32\wjview.exe
2006-08-21 20:48 154,896 C:\WINDOWS\system32\msawt.dll
2006-08-21 20:48 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-08-21 20:48 113 C:\WINDOWS\system32\zonedon.reg
2006-08-21 20:48 113 C:\WINDOWS\system32\zonedoff.reg
2006-08-21 20:20 6,656 C:\WINDOWS\system32\wuauserv.dll
2006-08-21 20:20 382,464 C:\WINDOWS\system32\qmgr.dll
2006-08-21 20:20 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-08-21 20:20 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-08-21 20:19 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-08-21 20:19 628,224 C:\WINDOWS\system32\catsrvut.dll
2006-08-21 20:19 62,464 C:\WINDOWS\system32\colbact.dll
2006-08-21 20:19 540,160 C:\WINDOWS\system32\comuid.dll
2006-08-21 20:19 501,248 C:\WINDOWS\system32\clbcatq.dll
2006-08-21 20:19 38,912 C:\WINDOWS\system32\cfgbkend.dll
2006-08-21 20:19 229,888 C:\WINDOWS\system32\catsrv.dll
2006-08-21 20:19 185,344 C:\WINDOWS\system32\cmprops.dll
2006-08-21 20:19 183,808 C:\WINDOWS\system32\accwiz.exe
2006-08-21 20:19 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-08-21 20:19 102,912 C:\WINDOWS\system32\clipbrd.exe
2006-08-21 20:19 1,251,840 C:\WINDOWS\system32\comsvcs.dll
2006-08-21 20:18 949,248 C:\WINDOWS\system32\msdtctm.dll
2006-08-21 20:18 93,696 C:\WINDOWS\system32\tscfgwmi.dll
2006-08-21 20:18 90,112 C:\WINDOWS\system32\mtxoci.dll
2006-08-21 20:18 87,176 C:\WINDOWS\system32\rdpwsx.dll
2006-08-21 20:18 81,920 C:\WINDOWS\system32\isign32.dll
2006-08-21 20:18 81,920 C:\WINDOWS\system32\ils.dll
2006-08-21 20:18 73,728 C:\WINDOWS\system32\icwdial.dll
2006-08-21 20:18 69,632 C:\WINDOWS\system32\msconf.dll
2006-08-21 20:18 678,400 C:\WINDOWS\system32\inetcomm.dll
2006-08-21 20:18 67,584 C:\WINDOWS\system32\srclient.dll
2006-08-21 20:18 67,072 C:\WINDOWS\system32\rdshost.exe
2006-08-21 20:18 655,360 C:\WINDOWS\system32\mstscax.dll
2006-08-21 20:18 65,536 C:\WINDOWS\system32\icwphbk.dll
2006-08-21 20:18 62,464 C:\WINDOWS\system32\rdpclip.exe
2006-08-21 20:18 60,416 C:\WINDOWS\system32\remotepg.dll
2006-08-21 20:18 6,144 C:\WINDOWS\system32\msdtc.exe
2006-08-21 20:18 58,880 C:\WINDOWS\system32\msdtclog.dll
2006-08-21 20:18 58,880 C:\WINDOWS\system32\licwmi.dll
2006-08-21 20:18 56,320 C:\WINDOWS\system32\servdeps.dll
2006-08-21 20:18 538,624 C:\WINDOWS\system32\spider.exe
2006-08-21 20:18 48,128 C:\WINDOWS\system32\inetres.dll
2006-08-21 20:18 45,568 C:\WINDOWS\system32\safrslv.dll
2006-08-21 20:18 44,544 C:\WINDOWS\system32\tscupgrd.exe
2006-08-21 20:18 43,520 C:\WINDOWS\system32\safrcdlg.dll
2006-08-21 20:18 43,520 C:\WINDOWS\system32\racpldlg.dll
2006-08-21 20:18 425,472 C:\WINDOWS\system32\msdtcprx.dll
2006-08-21 20:18 407,552 C:\WINDOWS\system32\mstsc.exe
2006-08-21 20:18 4,096 C:\WINDOWS\system32\ksuser.dll
2006-08-21 20:18 343,040 C:\WINDOWS\system32\mspaint.exe
2006-08-21 20:18 34,560 C:\WINDOWS\system32\mnmdd.dll
2006-08-21 20:18 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-08-21 20:18 32,768 C:\WINDOWS\system32\isrdbg32.dll
2006-08-21 20:18 295,424 C:\WINDOWS\system32\termsrv.dll
2006-08-21 20:18 29,696 C:\WINDOWS\system32\safrdm.dll
2006-08-21 20:18 28,672 C:\WINDOWS\system32\nmmkcert.dll
2006-08-21 20:18 274,944 C:\WINDOWS\system32\mstask.dll
2006-08-21 20:18 274,432 C:\WINDOWS\system32\inetcfg.dll
2006-08-21 20:18 252,928 C:\WINDOWS\system32\msoeacct.dll
2006-08-21 20:18 239,104 C:\WINDOWS\system32\srrstr.dll
2006-08-21 20:18 20,480 C:\WINDOWS\system32\qprocess.exe
2006-08-21 20:18 190,976 C:\WINDOWS\system32\schedsvc.dll
2006-08-21 20:18 19,968 C:\WINDOWS\system32\rdpsnd.dll
2006-08-21 20:18 18,944 C:\WINDOWS\system32\qmgrprxy.dll
2006-08-21 20:18 170,496 C:\WINDOWS\system32\srsvc.dll
2006-08-21 20:18 17,408 C:\WINDOWS\system32\mmfutil.dll
2006-08-21 20:18 161,280 C:\WINDOWS\system32\msdtcuiu.dll
2006-08-21 20:18 147,968 C:\WINDOWS\system32\rdchost.dll
2006-08-21 20:18 131,584 C:\WINDOWS\system32\sndrec32.exe
2006-08-21 20:18 13,824 C:\WINDOWS\system32\rdsaddin.exe
2006-08-21 20:18 123,392 C:\WINDOWS\system32\mplay32.exe
2006-08-21 20:18 12,288 C:\WINDOWS\system32\mstinit.exe
2006-08-21 20:18 11,264 C:\WINDOWS\system32\icaapi.dll
2006-08-21 20:18 105,984 C:\WINDOWS\system32\msoert2.dll
2006-08-21 20:17 47,104 C:\WINDOWS\system32\mspmspsv.dll
2006-08-21 20:17 345,088 C:\WINDOWS\system32\hypertrm.dll
2006-08-21 20:17 140,800 C:\WINDOWS\system32\sessmgr.exe
2006-08-21 20:17 14,366 C:\WINDOWS\system32\asfsipc.dll
2006-08-21 20:17 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-08-21 19:49 64,512 C:\WINDOWS\system32\acctres.dll
2006-08-21 19:49 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-08-21 19:49 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-08-21 19:49 11,264 C:\WINDOWS\system32\atrace.dll
2006-08-21 19:47 73,216 C:\WINDOWS\system32\avwav.dll
2006-08-21 19:47 5,632 C:\WINDOWS\system32\write.exe
2006-08-21 19:47 44,544 C:\WINDOWS\system32\hticons.dll
2006-08-21 19:47 35,328 C:\WINDOWS\system32\winchat.exe
2006-08-21 19:47 227,840 C:\WINDOWS\system32\avtapi.dll
2006-08-21 19:47 16,384 C:\WINDOWS\system32\avmeter.dll
2006-08-21 19:47 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-08-21 19:46 9,728 C:\WINDOWS\system32\reset.exe
2006-08-21 19:46 82,432 C:\WINDOWS\system32\comrepl.dll
2006-08-21 19:46 80,384 C:\WINDOWS\system32\charmap.exe
2006-08-21 19:46 605,696 C:\WINDOWS\system32\getuname.dll
2006-08-21 19:46 56,832 C:\WINDOWS\system32\sol.exe
2006-08-21 19:46 55,296 C:\WINDOWS\system32\freecell.exe
2006-08-21 19:46 54,272 C:\WINDOWS\system32\stclient.dll
2006-08-21 19:46 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-08-21 19:46 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-08-21 19:46 4,096 C:\WINDOWS\system32\mtxex.dll
2006-08-21 19:46 33,792 C:\WINDOWS\system32\regini.exe
2006-08-21 19:46 25,600 C:\WINDOWS\system32\comaddin.dll
2006-08-21 19:46 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-08-21 19:46 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-08-21 19:46 20,992 C:\WINDOWS\system32\msg.exe
2006-08-21 19:46 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-08-21 19:46 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-08-21 19:46 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-08-21 19:46 16,384 C:\WINDOWS\system32\tskill.exe
2006-08-21 19:46 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-08-21 19:46 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-08-21 19:46 15,360 C:\WINDOWS\system32\logoff.exe
2006-08-21 19:46 147,456 C:\WINDOWS\system32\comsnap.dll
2006-08-21 19:46 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-08-21 19:46 14,848 C:\WINDOWS\system32\tscon.exe
2006-08-21 19:46 14,848 C:\WINDOWS\system32\shadow.exe
2006-08-21 19:46 126,976 C:\WINDOWS\system32\mshearts.exe
2006-08-21 19:46 119,808 C:\WINDOWS\system32\winmine.exe
2006-08-21 19:46 114,688 C:\WINDOWS\system32\calc.exe
2006-08-21 19:46 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-08-21 19:34 74,752 C:\WINDOWS\system32\storprop.dll
2006-08-21 19:34 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-08-21 19:34 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-08-13 15:07 9,728 C:\WINDOWS\system32\rwnh.dll
2006-08-13 15:07 9,728 C:\WINDOWS\system32\comsdupd.exe
2006-08-13 15:07 10,752 C:\WINDOWS\system32\smtpapi.dll
2006-08-13 15:06 870,784 C:\WINDOWS\system32\ati3d1ag.dll
2006-08-13 15:06 86,016 C:\WINDOWS\system32\mdmxsdk.dll
2006-08-13 15:06 73,832 C:\WINDOWS\system32\slcoinst.dll
2006-08-13 15:06 73,796 C:\WINDOWS\system32\slserv.exe
2006-08-13 15:06 516,768 C:\WINDOWS\system32\ativvaxx.dll
2006-08-13 15:06 397,056 C:\WINDOWS\system32\s3gnb.dll
2006-08-13 15:06 377,984 C:\WINDOWS\system32\ati2dvaa.dll
2006-08-13 15:06 32,866 C:\WINDOWS\system32\slrundll.exe
2006-08-13 15:06 32,866 C:\WINDOWS\slrundll.exe
2006-08-13 15:06 32,768 C:\WINDOWS\system32\ativtmxx.dll
2006-08-13 15:06 32,285 C:\WINDOWS\system32\hsfcisp2.dll
2006-08-13 15:06 286,792 C:\WINDOWS\system32\slextspk.dll
2006-08-13 15:06 229,376 C:\WINDOWS\system32\ati2cqag.dll
2006-08-13 15:06 22,528 C:\WINDOWS\system32\fltmc.exe
2006-08-13 15:06 201,728 C:\WINDOWS\system32\ati2dvag.dll
2006-08-13 15:06 188,508 C:\WINDOWS\system32\slgen.dll
2006-08-13 15:06 16,896 C:\WINDOWS\system32\fltlib.dll
2006-08-13 15:06 1,888,992 C:\WINDOWS\system32\ati3duag.dll
2006-08-13 15:06 1,737,856 C:\WINDOWS\system32\mtxparhd.dll
2006-08-13 11:03 579,328 C:\sevinst.exe
2006-08-11 15:27 90,112 C:\WINDOWS\system32\AVASTSS.scr
2006-08-09 04:53 8,192 C:\WINDOWS\system32\bitsprx2.dll
2006-08-09 04:53 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-08-09 04:51 99,840 C:\WINDOWS\system32\_003066_.tmp.dll
2006-08-09 04:51 87,040 C:\WINDOWS\system32\_003030_.tmp.dll
2006-08-09 04:51 671,744 C:\WINDOWS\system32\_003058_.tmp.dll
2006-08-09 04:51 631,808 C:\WINDOWS\system32\_003043_.tmp.dll
2006-08-09 04:51 6,656 C:\WINDOWS\system32\_003052_.tmp.dll
2006-08-09 04:51 558,080 C:\WINDOWS\system32\_003074_.tmp.dll
2006-08-09 04:51 557,056 C:\WINDOWS\system32\_003070_.tmp.dll
2006-08-09 04:51 55,808 C:\WINDOWS\system32\_003042_.tmp.dll
2006-08-09 04:51 375,808 C:\WINDOWS\system32\_003071_.tmp.dll
2006-08-09 04:51 295,936 C:\WINDOWS\system32\_003060_.tmp.dll
2006-08-09 04:51 29,184 C:\WINDOWS\system32\_003068_.tmp.dll
2006-08-09 04:51 258,048 C:\WINDOWS\system32\_003069_.tmp.dll
2006-08-09 04:51 217,088 C:\WINDOWS\system32\_003045_.tmp.dll
2006-08-09 04:51 132,096 C:\WINDOWS\system32\_003021_.tmp.dll
2006-08-09 04:51 101,376 C:\WINDOWS\system32\_003034_.tmp.dll
2006-08-09 04:50 47,104 C:\WINDOWS\system32\_002859_.tmp.dll
2006-08-09 03:38 930,304 C:\WINDOWS\system32\_003062_.tmp.dll
2006-08-09 03:38 668,672 C:\WINDOWS\system32\_003053_.tmp.dll
2006-08-09 03:38 47,104 C:\WINDOWS\system32\_002852_.tmp.dll
2006-08-09 03:38 136,704 C:\WINDOWS\system32\_003035_.tmp.dll
2006-08-09 03:38 132,096 C:\WINDOWS\system32\_003014_.tmp.dll
2006-08-09 03:38 126,976 C:\WINDOWS\system32\_003063_.tmp.dll
2006-08-09 03:38 12,288 C:\WINDOWS\system32\_003061_.tmp.dll
2006-08-09 03:38 1,813,632 C:\WINDOWS\system32\_003023_.tmp.dll
2006-08-08 14:31 522,240 C:\WINDOWS\system32\_003046_.tmp.dll
2006-08-08 14:31 45,568 C:\WINDOWS\system32\_003031_.tmp.dll
2006-08-08 14:31 411,136 C:\WINDOWS\system32\_003038_.tmp.dll
2006-08-08 14:31 132,096 C:\WINDOWS\system32\_003007_.tmp.dll
2006-08-08 14:31 108,544 C:\WINDOWS\system32\_003055_.tmp.dll
2006-08-08 14:31 1,813,632 C:\WINDOWS\system32\_003016_.tmp.dll
2006-08-08 14:30 47,104 C:\WINDOWS\system32\_002845_.tmp.dll
2006-08-06 16:54 1,167 C:\WINDOWS\system32\omnadd96.sys
2006-08-06 16:53 48,167 C:\WINDOWS\system32\VSL05.exe
2006-08-06 16:52 190 C:\WINDOWS\ujejl.dll
2006-08-06 16:47 151,112 C:\WINDOWS\system32\tam32.exe
2006-08-06 16:23 932,864 C:\WINDOWS\system32\_003032_.tmp.dll
2006-08-06 16:23 569,344 C:\WINDOWS\system32\_003048_.tmp.dll
2006-08-06 16:23 54,784 C:\WINDOWS\system32\_003039_.tmp.dll
2006-08-06 16:23 54,272 C:\WINDOWS\system32\_003041_.tmp.dll
2006-08-06 16:23 47,104 C:\WINDOWS\system32\_002838_.tmp.dll
2006-08-06 16:23 132,096 C:\WINDOWS\system32\_003000_.tmp.dll
2006-08-06 16:23 1,813,632 C:\WINDOWS\system32\_003009_.tmp.dll
2006-08-06 16:23 1,813,632 C:\WINDOWS\system32\_003002_.tmp.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-02 16:50 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-02 03:43 -------- d-------- C:\Program Files\eMule
2006-09-01 15:43 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-28 18:50 -------- d-------- C:\Program Files\The Print Shop 20
2006-08-27 21:38 -------- d-------- C:\Program Files\SmartDraw 7
2006-08-25 15:01 -------- d-------- C:\Program Files\Common Files
2006-08-24 14:58 -------- d---s---- C:\Documents and Settings\zillah\Application Data\Microsoft
2006-08-24 14:14 -------- d-------- C:\Program Files\Web Publish
2006-08-24 14:11 -------- d-------- C:\Program Files\Common Files\Broderbund
2006-08-24 05:37 1492 --a------ C:\WINDOWSvundofix.reg
2006-08-24 05:13 84028 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2006-08-24 04:45 -------- d-------- C:\Program Files\Internet Explorer
2006-08-24 04:16 -------- d-------- C:\Program Files\WinRAR
2006-08-23 20:03 172688 --a------ C:\FxNetOpt.exe
2006-08-23 01:17 -------- d-------- C:\Documents and Settings\zillah\Application Data\SmartDraw
2006-08-22 17:58 -------- d-------- C:\Program Files\Intrigue Learning
2006-08-22 01:49 -------- d-------- C:\Program Files\Windows Media Player
2006-08-22 01:49 -------- d-------- C:\Program Files\Outlook Express
2006-08-22 01:49 -------- d-------- C:\Program Files\NetMeeting
2006-08-22 01:49 -------- d-------- C:\Program Files\Movie Maker
2006-08-22 01:49 -------- d-------- C:\Program Files\Common Files\System
2006-08-22 01:47 -------- d-------- C:\Program Files\Windows NT
2006-08-22 01:47 -------- d-------- C:\Program Files\Messenger
2006-08-21 19:49 -------- d-------- C:\Program Files\Common Files\Services
2006-08-13 11:04 -------- d-------- C:\Program Files\Symantec
2006-08-13 11:04 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-13 11:02 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-08-13 11:02 579328 --a------ C:\sevinst.exe
2006-08-13 11:02 123248 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-08-13 10:48 -------- d-------- C:\Program Files\Symantec_Client_Security
2006-08-08 09:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-08-06 17:39 1167 --a------ C:\WINDOWS\system32\omnadd96.sys
2006-08-06 17:33 190 --a------ C:\WINDOWS\ujejl.dll
2006-08-06 16:53 48167 --a------ C:\WINDOWS\system32\VSL05.exe
2006-08-06 16:47 151112 --a------ C:\WINDOWS\system32\tam32.exe
2006-08-05 08:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 08:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 08:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 08:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-08-04 23:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-08-04 15:39 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-04 15:01 398912 --a------ C:\autoruns.exe
2006-08-04 15:01 294912 --a------ C:\autorunsc.exe
2006-08-02 18:57 -------- d-------- C:\Program Files\Sonique
2006-08-02 12:02 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-01 04:11 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-27 15:57 -------- d-------- C:\Program Files\TrojanHunter 4.5
2006-07-20 18:34 -------- d-------- C:\Program Files\ewido anti-malware
2006-07-13 17:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-13 17:02 -------- d-------- C:\Program Files\R.F.Design
2006-07-13 16:53 -------- d-------- C:\Documents and Settings\zillah\Application Data\VoipBuster
2006-07-12 01:25 -------- d-------- C:\Program Files\Electronic Arts
2006-07-06 20:13 -------- d-------- C:\Documents and Settings\zillah\Application Data\Help
2006-07-06 01:24 -------- d-------- C:\Program Files\Multiquence
2006-07-05 20:54 -------- d-------- C:\Program Files\Pinnacle
2006-07-05 20:53 -------- d-------- C:\Program Files\SmartSound Software
2006-07-05 20:52 95 --a------ C:\AUTOEXEC.BAT


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mfzz"="C:\\PROGRA~1\\COMMON~1\\mfzz\\mfzzm.exe"
"sdjvv"="C:\\WINDOWS\\System32\\woxcur.exe reg_run"
"PSHope"="\"C:\\Program Files\\PSHope\\PSHope.exe\""

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mfzz"="C:\\PROGRA~1\\COMMON~1\\mfzz\\mfzzm.exe"
"sdjvv"="C:\\WINDOWS\\System32\\woxcur.exe reg_run"
"PSHope"="\"C:\\Program Files\\PSHope\\PSHope.exe\""

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^zillah^Start Menu^Programs^Startup^HDDlife.lnk]
"path"="C:\\Documents and Settings\\zillah\\Start Menu\\Programs\\Startup\\HDDlife.lnk"
"backup"="C:\\WINDOWS\\pss\\HDDlife.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\BinarySense\\HDDlife\\HDDlifePro.exe "
"item"="HDDlife"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Cmaudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmicnfg"
"hkey"="HKLM"
"command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\eMuleAutoStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="emule"
"hkey"="HKCU"
"command"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NetZero_uoltray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="exec"
"hkey"="HKCU"
"command"="C:\\Program Files\\NetZero\\exec.exe regrun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\PCBG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pcbodyguard"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\INTRIG~1\\pcbodyguard.exe /start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\\\PSDrvCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Registry Crawler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RCrawler"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\RCrawler\\RCrawler.exe -TRAYONLY"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\spc_w]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nzspc"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\NZSearch\\nzspc.exe\" -w"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\THGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="THGuard"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TrojanHunter 4.5\\THGuard.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\VoipBuster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VoipBuster"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\vptray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vptray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec_Client_Security\\Symantec AntiVirus\\vptray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Win Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oleupdate"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\oleupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"inimapping"="0"



Completion time: Sat 09/02/2006 17:09:39.47
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

[Buckeye_Sam]

Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mfzz"=-
"sdjvv"=-
"PSHope"=-

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mfzz"=-
"sdjvv"=-
"PSHope"=-

Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.


===============


Delete these files with Killbox.

C:\WINDOWS\ujejl.dll
C:\WINDOWS\system32\VSL05.exe
C:\WINDOWS\system32\tam32.exe


===============


I'm suspicious of another file in your log, but would like to get some additional info before we act on it.

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
  
  
  
  C:\WINDOWS\system32\omnadd96.sys
  
  
  
  
• Disable your firewall if you are using one.
• Click on the submit button
• Reenable your firewall as soon as you get results.
• Please post the results in your next reply.

==============


These files found in your log are peculiar. They don't seem malicious, but do you have any idea what they are from?

2006-08-09 04:51 99,840 C:\WINDOWS\system32\_003066_.tmp.dll
2006-08-09 04:51 87,040 C:\WINDOWS\system32\_003030_.tmp.dll
2006-08-09 04:51 671,744 C:\WINDOWS\system32\_003058_.tmp.dll
2006-08-09 04:51 631,808 C:\WINDOWS\system32\_003043_.tmp.dll
2006-08-09 04:51 6,656 C:\WINDOWS\system32\_003052_.tmp.dll
2006-08-09 04:51 558,080 C:\WINDOWS\system32\_003074_.tmp.dll
2006-08-09 04:51 557,056 C:\WINDOWS\system32\_003070_.tmp.dll
2006-08-09 04:51 55,808 C:\WINDOWS\system32\_003042_.tmp.dll
2006-08-09 04:51 375,808 C:\WINDOWS\system32\_003071_.tmp.dll
2006-08-09 04:51 295,936 C:\WINDOWS\system32\_003060_.tmp.dll
2006-08-09 04:51 29,184 C:\WINDOWS\system32\_003068_.tmp.dll
2006-08-09 04:51 258,048 C:\WINDOWS\system32\_003069_.tmp.dll
2006-08-09 04:51 217,088 C:\WINDOWS\system32\_003045_.tmp.dll
2006-08-09 04:51 132,096 C:\WINDOWS\system32\_003021_.tmp.dll
2006-08-09 04:51 101,376 C:\WINDOWS\system32\_003034_.tmp.dll
2006-08-09 04:50 47,104 C:\WINDOWS\system32\_002859_.tmp.dll
2006-08-09 03:38 930,304 C:\WINDOWS\system32\_003062_.tmp.dll
2006-08-09 03:38 668,672 C:\WINDOWS\system32\_003053_.tmp.dll
2006-08-09 03:38 47,104 C:\WINDOWS\system32\_002852_.tmp.dll
2006-08-09 03:38 136,704 C:\WINDOWS\system32\_003035_.tmp.dll
2006-08-09 03:38 132,096 C:\WINDOWS\system32\_003014_.tmp.dll
2006-08-09 03:38 126,976 C:\WINDOWS\system32\_003063_.tmp.dll
2006-08-09 03:38 12,288 C:\WINDOWS\system32\_003061_.tmp.dll
2006-08-09 03:38 1,813,632 C:\WINDOWS\system32\_003023_.tmp.dll
2006-08-08 14:31 522,240 C:\WINDOWS\system32\_003046_.tmp.dll
2006-08-08 14:31 45,568 C:\WINDOWS\system32\_003031_.tmp.dll
2006-08-08 14:31 411,136 C:\WINDOWS\system32\_003038_.tmp.dll
2006-08-08 14:31 132,096 C:\WINDOWS\system32\_003007_.tmp.dll
2006-08-08 14:31 108,544 C:\WINDOWS\system32\_003055_.tmp.dll
2006-08-08 14:31 1,813,632 C:\WINDOWS\system32\_003016_.tmp.dll
2006-08-08 14:30 47,104 C:\WINDOWS\system32\_002845_.tmp.dll

Could they be from a Windows update or hotfix that didn't install properly?
Any ideas?

[zillagod]

File: omnadd96.sys
Status: OK
MD5 2b7a16af8e7bb5da85e12978a17c5b24
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
in the beginning i installed a bogus version of service pack 2 (at least i think it was bogus) it didnt install properly and then i was left with tons of viruses and trojans. i seemed to be able to get rid of everything exept for that dyfuca b.s. then i tried to install a good version of service pack 2 still wouldnt let me so i did a over the top install of a new version of xp with sp2 included that finally worked but dyfuca was still there. thats when i started talking to you guys. those files could be from that i guess. the only other thing i had that didnt install properly is a program called Broderbund Print Shop 20 (installed after problems occured) i installed but when i try to run the program it tries to install again. sorry if i should have explained that in the beginning i didnt want to bore anyone with all the details

Edited by zillagod, 03 September 2006 - 04:18 PM.

[Buckeye_Sam]

That makes sense.

Now that we've removed those three files, see if Ewido can remove those registry entries.

[zillagod]

still doesnt want to quarantine

[Buckeye_Sam]

Let's try something else.


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Double-click sspsetup1.exe to install it.
• Before installation it may ask you to check for program updates. Click YES.
  Then finish installation leaving all the default options.
• Once the program is installed, it will ask if you wish to reboot now choose YES.
• After reboot, open SpySweeper, by double-clicking the icon on your desktop.
• Click Options on the left side.
• Click the Sweep tab.
• Under Items to Sweep make sure the following are checked:
  • Windows registry
  • Memory objects
  • Cookies
  • Compressed Files
  • System Restore Folder
• Under Other Options make sure the following are checked:
  • Sweep all user accounts
  • Enable Direct Disk Sweeping
  • Sweep for rootkits
• Click the Sweep button on the left side.
• Click the Start Sweep button.
• When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
• It will quarantine all of the items found.
• Click View Session Log in the right corner above the box where the items are listed.
• Click Save to File and save it on your desktop.
• Exit SpySweeper.
• Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
• NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

[zillagod]

the warning message in this log made it too long to post the whole thing here so hopefully this parts im sending are the important parts. it did find some things and sucsessfully quarantined them. i ran a scan with ewido after and it didnt find dyfuca this time. horray! i sent the scan from that also. let me know if you need any other parts of the spysweeper log.
7:57 PM: Quarantining All Traces: winantiviruspro cookie
7:57 PM: Quarantining All Traces: 180search assistant/zango
7:57 PM: Quarantining All Traces: effective-i toolbar
7:57 PM: Quarantining All Traces: command
7:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:57 PM: Quarantining All Traces: oddbot
7:57 PM: Quarantining All Traces: trojan-dropper-joiner
7:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:57 PM: Quarantining All Traces: forethought
7:56 PM: Quarantining All Traces: enbrowser
7:56 PM: Quarantining All Traces: internetoptimizer
7:56 PM: c:\documents and settings\kelly\desktop\beach boys masters\vol.9\beach boys - unsurpassed masters volume 9 (disc 2) - the alternate 'summer days (and summer nights)\beach boys - unsurpassed masters volume 9 (disc 2) - the alternate 'summer days (and summer nights).m3u is in use. It will be removed on reboot.
7:56 PM: c:\documents and settings\kelly\desktop\beach boys masters\vol.9\beach boys - unsurpassed masters volume 9 (disc 4) - the alternate 'summer days (and summer nights)'\beach boys - unsurpassed masters volume 9 (disc 4) - the alternate 'summer days (and summer nights)'.m3u is in use. It will be removed on reboot.
7:56 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Quarantining All Traces: potentially rootkit-masked files
7:56 PM: Quarantining All Traces: zenosearchassistant
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Removal process initiated
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an instassenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Starting File Sweep
6:54 PM: Warning: Failed to access drive A:
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:54 PM: c:\documents and settings\smeghead\cookies\[email protected][2].txt (ID = 3690)
6:54 PM: Found Spy Cookie: winantiviruspro cookie
6:54 PM: Starting Cookie Sweep
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Registry Sweep Complete, Elapsed Time:00:00:28
6:54 PM: HKU\S-1-5-18\software\system\sysuid\ (ID = 731748)
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: HKU\S-1-5-21-57989841-1078145449-854245398-1003\software\system\sysuid\ (ID = 731748)
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: HKLM\software\classes\xsdu.ozbyq.1\ (ID = 1560783)
6:53 PM: HKLM\software\classes\xsdu.ozbyq\ (ID = 1560779)
6:53 PM: HKLM\software\classes\xsdu.bqok.1\ (ID = 1560775)
6:53 PM: HKLM\software\classes\xsdu.bqok\ (ID = 1560771)
6:53 PM: HKCR\xsdu.ozbyq.1\ (ID = 1560737)
6:53 PM: HKCR\xsdu.ozbyq\ (ID = 1560733)
6:53 PM: HKCR\xsdu.bqok.1\ (ID = 1560729)
6:53 PM: HKCR\xsdu.bqok\ (ID = 1560725)
6:53 PM: Found Adware: forethought
6:53 PM: HKCR\oddbot.adclicker\ (ID = 1527745)
6:53 PM: HKLM\software\classes\oddbot.adclicker.1\ (ID = 1525979)
6:53 PM: HKLM\software\classes\oddbot.adclicker\ (ID = 1525973)
6:53 PM: HKCR\oddbot.adclicker.1\ (ID = 1525943)
6:53 PM: Found Adware: oddbot
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/saix.dll\ (ID = 1156667)
6:53 PM: HKLM\software\classes\saix.installercaller\ (ID = 1156661)
6:53 PM: HKLM\software\classes\saix.installercaller.1\ (ID = 1156657)
6:53 PM: HKCR\saix.installercaller\ (ID = 1156613)
6:53 PM: HKCR\saix.installercaller.1\ (ID = 1156609)
6:53 PM: Found Adware: 180search assistant/zango
6:53 PM: HKLM\software\system\sysold\ (ID = 926808)
6:53 PM: Found Adware: enbrowser
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\enhanced ads by zeno\ (ID = 147931)
6:53 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\zeno search assistant\ (ID = 147930)
6:53 PM: Found Adware: zenosearchassistant
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: HKLM\software\classes\dyfuca_bh.bhobj\ (ID = 135194)
6:53 PM: HKCR\dyfuca_bh.bhobj\ (ID = 135176)
6:53 PM: HKCR\dyfuca_bh.bhobj.1\ (ID = 135175)
6:53 PM: Found Adware: internetoptimizer
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:42:52 PM 9/5/2006

+ Scan result:



Nothing found.


::Report end

Edited by zillagod, 05 September 2006 - 10:11 PM.

[Buckeye_Sam]

Spysweeper is very thorough in the registry scan, moreso than most other scanners.


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.
  
  You can find instructions on how to enable and reenable system restore here:
  
  Managing Windows Millenium System Restore
  
  or
  
  Windows XP System Restore Guide
  
  Renable system restore with instructions from tutorial above
  
  
• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online & their stand-alone antivirus programs:
  
  Virus, Spyware, and Malware Protection and Removal Resources
  
  
• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
  
  A tutorial on installing & using this product can be found here:
  
  Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  
  
• Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
  
  A tutorial on installing & using this product can be found here:
  
  Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.