Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pop ups [RESOLVED]

Started by samo5816 , Oct 06 2006 02:36 AM

  • This topic is locked This topic is locked

#1
samo5816
Posted 06 October 2006 - 02:36 AM

samo5816

    New Member

  • Member
  • Pip
  • 7 posts
i keep getting removal tool pop ups i have avg vundo and spyboy help please here is my hijackthis log thanks


Logfile of HijackThis v1.99.1
Scan saved at 09:32:26, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonela...eqId=1062943005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D525DB1-DD36-CF17-CC91-08A1048BB658} - C:\WINDOWS\system32\egougfm.dll
O2 - BHO: (no name) - {34D4DF84-24D0-46C0-AAF2-98B3747BD230} - blank (file missing)
O2 - BHO: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - blank (file missing)
O3 - Toolbar: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [GSISETUP] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GsiInst.exe INSTALL C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.\V205Res 13
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [evwewbe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\evwewbe.dll,plovxo
O4 - HKCU\..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements

#2
Crustyoldbloke
Posted 06 October 2006 - 03:09 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Samo and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have quite a mixture of malware and Trojans. Let’s see what we can do.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
AVG AntiSpyware
combofix.exe

Please install, and update Ewido/ AVG Anti Spyware
  • Load AVGas and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Deselect "Only if threats were found"
  • Close AVGas. Do not run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode

  • In Safe Mode, load AVGas and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • AVGas will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVGas will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
  • Please ensure you post that log in your reply.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {0D525DB1-DD36-CF17-CC91-08A1048BB658} - C:\WINDOWS\system32\egougfm.dll
O2 - BHO: (no name) - {34D4DF84-24D0-46C0-AAF2-98B3747BD230} - blank (file missing)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - blank (file missing)
O4 - HKLM\..\Run: [evwewbe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\evwewbe.dll,plovxo

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into normal mode.

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\egougfm.dll
C:\WINDOWS\system32\evwewbe.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck AVGas Anti-malware log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 logs in total please).
  • 0

#3
samo5816
Posted 06 October 2006 - 06:37 AM

samo5816

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
First off all i would like to thank you in resolving my computer much appriecieted.Here are my logs;

Attached Files


  • 0

#4
samo5816
Posted 06 October 2006 - 06:44 AM

samo5816

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
just in case i have done it wrong .....
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:09:50 06/10/2006

+ Scan result:



C:\System Volume Information\_restore{116195E6-BED3-443F-B8DF-408EBA4A4B9A}\RP9\A0006086.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{116195E6-BED3-443F-B8DF-408EBA4A4B9A}\RP9\A0006053.exe -> Adware.Virtumionde : Cleaned.
C:\System Volume Information\_restore{116195E6-BED3-443F-B8DF-408EBA4A4B9A}\RP9\A0006063.dll -> Adware.Virtumionde : Cleaned.
C:\VundoFix Backups\mljkkhh.dll.bad -> Adware.Virtumionde : Cleaned.
C:\System Volume Information\_restore{116195E6-BED3-443F-B8DF-408EBA4A4B9A}\RP9\A0006029.exe -> Dialer.InstantAccess.k : Cleaned.
C:\System Volume Information\_restore{116195E6-BED3-443F-B8DF-408EBA4A4B9A}\RP9\A0006031.exe -> Dialer.InstantAccess.k : Cleaned.
C:\System Volume Information\_restore{116195E6-BED3-443F-B8DF-408EBA4A4B9A}\RP9\A0006032.exe -> Dialer.InstantAccess.k : Cleaned.
C:\System Volume Information\_restore{116195E6-BED3-443F-B8DF-408EBA4A4B9A}\RP9\A0006038.exe -> Dialer.InstantAccess.k : Cleaned.
C:\System Volume Information\_restore{116195E6-BED3-443F-B8DF-408EBA4A4B9A}\RP9\A0006059.dll -> Logger.VBStat.e : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\tinst4.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PCT0QZH0\WinAntiVirusPro2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{116195E6-BED3-443F-B8DF-408EBA4A4B9A}\RP9\A0006036.exe -> Trojan.Dialer.qs : Cleaned.


::Report end



Administrator - 06-10-06 13:30:34.03 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Administrator\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{E487A09A-07C7-2057-0912-03030820002c}


((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))


2006-10-06 11:15 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-06 09:47 26,368 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-03 14:13 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2006-10-03 14:13 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-10-03 14:13 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-10-03 14:13 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-10-03 14:13 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-10-03 14:13 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-10-03 13:06 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-02 13:37 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2006-10-02 13:37 3,440 --a------ C:\WINDOWS\undo.reg
2006-10-02 13:37 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2006-10-02 11:14 9,216 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2006-10-02 11:11 675,120 ---hs---- C:\WINDOWS\system32\hjllm.ini2
2006-10-01 16:38 668,517 ---hs---- C:\WINDOWS\system32\hjllm.bak1
2006-10-01 16:38 143,380 --a------ C:\WINDOWS\system32\tevqtpgs.exe
2006-10-01 15:48 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-01 15:48 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-01 15:48 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-01 15:48 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-01 15:48 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-01 15:43 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-10-01 15:43 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-10-01 15:43 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-10-01 15:43 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-10-01 15:43 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-10-01 15:43 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-10-01 15:43 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-10-01 15:42 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-01 15:42 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2006-10-01 15:42 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-10-01 15:42 211,712 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2006-10-01 15:42 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll
2006-10-01 15:42 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2006-10-01 15:42 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2006-10-01 15:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2006-10-01 15:30 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2006-10-01 15:30 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
2006-10-01 15:30 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2006-10-01 15:30 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-10-01 15:30 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-10-01 15:30 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-10-01 15:30 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-10-01 15:30 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-10-01 15:30 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-10-01 15:30 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
2006-10-01 15:30 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll
2006-10-01 15:30 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-10-01 15:30 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2006-10-01 15:30 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-10-01 15:30 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2006-10-01 15:30 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2006-10-01 15:30 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2006-10-01 15:30 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2006-10-01 15:30 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2006-10-01 15:30 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2006-10-01 15:30 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
2006-10-01 15:30 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2006-10-01 15:30 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-10-01 15:30 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2006-10-01 15:23 14,848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-01 15:21 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-10-01 15:07 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-01 14:13 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-01 14:13 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-01 13:36 30,371 --a------ C:\WINDOWS\system32\drivers\glauiad.sys
2006-10-01 13:36 24,576 --a------ C:\WINDOWS\system32\CoInst.dll
2006-10-01 13:25 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-01 13:25 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-01 13:25 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-01 13:25 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-01 13:25 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-01 13:25 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-01 13:25 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-01 13:25 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-01 13:25 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-01 13:25 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-01 13:25 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-01 13:25 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-01 13:24 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-01 13:24 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-10-01 13:23 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-01 13:23 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-01 13:23 41,088 --a------ C:\WINDOWS\system32\drivers\SISAGP.SYS
2006-10-01 13:23 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-01 13:23 145,920 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-10-01 13:23 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-10-01 13:22 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-10-01 13:22 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2006-10-01 13:22 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2006-10-01 13:22 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2006-10-01 13:22 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-10-01 13:22 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2006-10-01 13:17 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-01 13:17 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-10-01 13:17 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-01 13:17 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-01 13:17 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-01 13:17 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-01 13:17 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-01 13:17 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-01 13:17 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-01 13:17 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-01 13:17 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-01 13:17 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-01 13:17 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-01 13:17 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-01 13:17 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-01 13:17 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-01 13:17 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-01 13:17 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-01 13:17 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-01 13:17 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-01 13:17 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-01 13:17 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-01 13:17 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-01 13:17 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-01 13:17 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-01 13:17 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-01 13:17 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-01 13:17 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-01 13:17 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-01 13:17 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-01 13:17 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-01 13:17 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-01 13:14 267,136 --a------ C:\WINDOWS\system32\drivers\sis7012.sys
2006-10-01 13:14 115,864 --a------ C:\WINDOWS\system32\a3d.dll
2006-10-01 13:13 32,256 --a------ C:\WINDOWS\system32\drivers\nvcoam.dll
2006-10-01 13:13 10,240 --a------ C:\WINDOWS\system32\drivers\nvmpu401.sys
2006-10-01 13:12 32,768 --a------ C:\WINDOWS\system32\drivers\sisnicxp.sys
2006-10-01 13:12 243,712 --a------ C:\WINDOWS\system32\drivers\sisgrp.sys
2006-10-01 13:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-01 13:12 12,032 --a------ C:\WINDOWS\system32\drivers\srvkp.sys
2006-10-01 13:11 28,672 --a------ C:\WINDOWS\system32\SiSPInst.dll
2006-10-01 13:11 1,735,168 --a------ C:\WINDOWS\system32\sisgrv.dll
2006-10-01 13:11 1,570,489 --a------ C:\WINDOWS\system32\sisgl.dll
2006-10-01 13:08 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-10-01 13:08 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2006-10-01 13:07 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-10-01 13:07 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-10-01 13:07 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-10-01 13:07 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-10-01 13:07 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-10-01 13:07 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-10-01 13:07 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-10-01 13:01 843,776 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-01 13:01 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-01 13:01 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-10-01 13:01 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2006-10-01 13:01 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-10-01 13:01 2,024,448 --a------ C:\WINDOWS\system32\divx.dll
2006-10-01 13:01 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2006-10-01 13:01 157,696 --a------ C:\WINDOWS\system32\unrar.dll
2006-10-01 13:01 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-10-01 13:01 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2006-10-01 12:58 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-10-01 12:58 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-10-01 12:58 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-10-01 12:58 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-10-01 12:58 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-10-01 12:58 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-10-01 12:58 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-10-01 12:58 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-10-01 12:58 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-10-01 12:58 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-10-01 12:58 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-10-01 12:58 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-10-01 12:58 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-10-01 12:58 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-10-01 12:58 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-10-01 12:58 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-10-01 12:58 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-10-01 12:40 57,344 --a------ C:\WINDOWS\system32\SiSAudHk.exe
2006-10-01 12:40 434,176 --a------ C:\WINDOWS\system32\SiSaudUt.exe
2006-10-01 12:40 28,672 --a------ C:\WINDOWS\system32\unDrvApp.exe
2006-10-01 12:40 120,832 --a------ C:\WINDOWS\system32\SoundMan.exe
2006-10-01 12:37 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-01 12:37 0 -rahs---- C:\MSDOS.SYS
2006-10-01 12:37 0 -rahs---- C:\IO.SYS
2006-10-01 12:37 0 --a------ C:\CONFIG.SYS
2006-10-01 12:37 0 --a------ C:\AUTOEXEC.BAT
2006-10-01 12:33 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-01 12:33 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-01 12:33 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-01 12:32 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-01 12:32 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-01 12:32 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-10-01 12:32 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-01 12:32 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-01 12:32 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-10-01 12:32 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-01 12:32 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-01 12:32 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-01 12:32 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-01 12:32 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-01 12:32 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-01 12:32 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-01 12:32 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-01 12:32 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-01 12:32 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-01 12:32 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-01 12:32 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-01 12:32 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-01 12:32 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-01 12:32 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-01 12:32 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-01 12:32 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-01 12:32 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-01 12:32 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-01 12:32 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-01 12:32 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-01 12:32 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-10-01 12:32 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-01 12:32 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-01 12:32 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-01 12:32 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-01 12:32 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-01 12:32 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-01 12:32 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-01 12:32 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-01 12:32 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-10-01 12:32 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-01 12:32 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-01 12:32 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-01 12:32 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-01 12:32 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-01 12:30 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-01 12:29 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-01 12:29 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-01 12:29 946,448 --a------ C:\WINDOWS\system32\calc.exe
2006-10-01 12:29 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-01 12:29 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-01 12:29 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-01 12:29 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-01 12:29 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-01 12:29 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-01 12:29 753,664 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-01 12:29 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-01 12:29 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-01 12:29 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-01 12:29 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-01 12:29 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-01 12:29 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-01 12:29 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-01 12:29 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-01 12:29 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-01 12:29 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-01 12:29 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-01 12:29 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-01 12:29 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-01 12:29 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-01 12:29 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-01 12:29 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-01 12:29 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-01 12:29 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-01 12:29 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-01 12:29 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-01 12:29 420,352 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-01 12:29 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-01 12:29 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-01 12:29 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-01 12:29 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-01 12:29 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-01 12:29 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-01 12:29 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-01 12:29 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-01 12:29 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-01 12:29 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-01 12:29 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-01 12:29 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-01 12:29 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-01 12:29 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-01 12:29 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-01 12:29 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-01 12:29 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-01 12:29 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-01 12:29 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-01 12:29 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-01 12:29 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-01 12:29 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-01 12:29 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-01 12:29 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-01 12:29 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-01 12:29 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-01 12:29 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-01 12:29 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-01 12:29 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-01 12:29 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-01 12:29 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-01 12:29 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-01 12:29 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-01 12:29 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-01 12:29 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-01 12:29 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-01 12:29 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-01 12:29 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-01 12:29 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-01 12:29 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-01 12:29 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-01 12:29 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-01 12:29 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-01 12:29 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-01 12:29 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-01 12:29 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-01 12:29 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-01 12:29 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-01 12:28 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-01 12:28 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-01 12:28 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-01 12:28 185,344 --a------ C:\WINDOWS\system32\cmprops.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-06 13:30 -------- d-------- C:\Program Files\Common Files
2006-10-06 13:23 -------- d-------- C:\Program Files\Yahoo!
2006-10-06 13:23 -------- d-------- C:\Program Files\CCleaner
2006-10-06 11:15 -------- d-------- C:\Program Files\Grisoft
2006-10-06 10:23 -------- d-------- C:\Program Files\PokerRoom.com
2006-10-06 09:09 -------- d-------- C:\Program Files\Registry Mechanic
2006-10-06 08:38 -------- d-------- C:\Program Files\BitLord
2006-10-04 08:52 -------- d-------- C:\Program Files\Trojan Remover
2006-10-03 14:25 -------- d-------- C:\Program Files\VirtualDJ
2006-10-03 13:42 -------- d-------- C:\Program Files\Google
2006-10-03 13:28 -------- d-------- C:\Program Files\Internet Explorer
2006-10-03 13:27 -------- d-------- C:\Program Files\Windows Media Player
2006-10-03 13:22 -------- d-------- C:\Program Files\Outlook Express
2006-10-03 13:22 -------- d-------- C:\Program Files\Common Files\System
2006-10-02 10:27 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-10-02 09:41 -------- d-------- C:\Program Files\Winamp
2006-10-02 09:26 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-10-01 16:07 -------- d-------- C:\Program Files\WinAVIVideoConverter
2006-10-01 15:31 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-01 15:30 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-01 15:30 -------- d-------- C:\Program Files\Logitech
2006-10-01 15:29 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-01 14:56 -------- d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2006-10-01 14:55 -------- d-------- C:\Program Files\VideoLAN
2006-10-01 14:49 -------- d-------- C:\Program Files\FREE Hi-Q Recorder
2006-10-01 14:40 -------- d-------- C:\Program Files\MSN Messenger
2006-10-01 14:19 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-10-01 14:05 -------- d-------- C:\Program Files\BT Broadband
2006-10-01 13:36 -------- d-------- C:\Program Files\Motive
2006-10-01 13:36 -------- d-------- C:\Program Files\Common Files\Motive
2006-10-01 13:36 -------- d-------- C:\Program Files\BT Voyager 205 ADSL Router
2006-10-01 13:25 -------- d-------- C:\Program Files\GoGoData.com
2006-10-01 13:23 -------- d-------- C:\Program Files\SiS7012
2006-10-01 13:19 -------- d-------- C:\Program Files\Zone Labs
2006-10-01 13:17 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-10-01 13:17 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-01 13:17 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-01 13:17 -------- d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2006-10-01 13:12 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-01 13:12 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-01 13:12 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-10-01 13:11 -------- d-------- C:\Program Files\WinRAR
2006-10-01 13:11 -------- d-------- C:\Program Files\Trillian Pro
2006-10-01 13:09 -------- d-------- C:\Program Files\OO Software
2006-10-01 13:09 -------- d-------- C:\Program Files\CyberLink
2006-10-01 13:07 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-01 13:07 -------- d-------- C:\Program Files\Ahead
2006-10-01 13:06 -------- d-------- C:\Program Files\Jasc Software Inc
2006-10-01 13:06 -------- d-------- C:\Program Files\DVD2one
2006-10-01 13:06 -------- d-------- C:\Program Files\DVD Decrypter
2006-10-01 13:05 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-01 13:04 -------- d-------- C:\Program Files\Adobe
2006-10-01 13:03 -------- d-------- C:\Program Files\WinZip
2006-10-01 13:03 -------- d-------- C:\Program Files\Real Alternative
2006-10-01 13:03 -------- d-------- C:\Program Files\7-Zip
2006-10-01 13:02 -------- d-------- C:\Program Files\QuickTime Alternative
2006-10-01 13:02 -------- d-------- C:\Program Files\Media Player Classic
2006-10-01 13:02 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Real
2006-10-01 13:01 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-01 13:01 -------- d-------- C:\Program Files\Java
2006-10-01 12:59 -------- d-------- C:\Program Files\Common Files\Java
2006-10-01 12:34 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-01 12:34 -------- d-------- C:\Program Files\Online Services
2006-10-01 12:33 -------- d-------- C:\Program Files\NetMeeting
2006-10-01 12:33 -------- d-------- C:\Program Files\Common Files\Services
2006-10-01 12:32 -------- d-------- C:\Program Files\Movie Maker
2006-10-01 12:32 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-01 12:30 -------- d-------- C:\Program Files\Unlocker
2006-10-01 12:30 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-01 12:30 -------- d-------- C:\Program Files\Messenger
2006-10-01 12:30 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-01 12:29 -------- d-------- C:\Program Files\Windows NT
2006-10-01 12:29 -------- d-------- C:\Program Files\MSN
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-21 09:26 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoGoTray.exe"="C:\\Program Files\\GoGoData.com\\GoGoData Toolbar\\GoGoTray.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06/10/2006 13:31:36.78
ComboFix.txt



Logfile of HijackThis v1.99.1
Scan saved at 13:33:32, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonela...eqId=1062943005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




thats all 3 logs i hope this is what you was after .Once Again thank you
  • 0

#5
Crustyoldbloke
Posted 06 October 2006 - 08:10 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

The logs look good but there is some more to do; I spotted some vundo files.

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\tevqtpgs.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

How's the PC running now?
  • 0

#6
samo5816
Posted 06 October 2006 - 08:35 AM

samo5816

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Many Thanks Crusty no pop ups and the pc is running alot better 1 question tho my internet seems a little slower after the last 3 files where deleted in killbox, is this normal ? Oh and will be donating to your site you have saved me a fortune :whistling:
  • 0

#7
Crustyoldbloke
Posted 06 October 2006 - 08:43 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Please see here about donations: http://www.geekstogo...ation-t132.html

I don't see why your internet speed should suffer as a results of the removal of 3 bad files; let's try tweaking it up a little.

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run Tune Up 2006 Trial It is a 30-day free trial.

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable your anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running after the reboot.

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor
  • 0

#8
samo5816
Posted 06 October 2006 - 09:18 AM

samo5816

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Working a DREAM thank you for all your help crusty like i said before there will be a donation coming you way :whistling:
  • 0

#9
Crustyoldbloke
Posted 06 October 2006 - 09:24 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Great news, but your restore points are badly infected.

Congratulations! your last log was clean. :whistling: Just a little bit more to do to prevent further infection.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

MVPS Hosts file This replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

SiteAdvisor download this plug-in for your browser and it will alert you of a known bad site for FREE.

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
WINDOWS DEFENDER - With daily updates and scans, this programme offers good security against malware.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one (Windows XP has a built-in firewall).

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one antispyware programme for “on demand” scanning, having two or more antivirus systems is not recommended as they may well cause conflicts and slowness.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep your Windows, antispyware and antivirus updated. :blink:

It just remains for me to wish you happy safe surfing; I hope you found my advice helpful.
  • 0

#10
samo5816
Posted 06 October 2006 - 12:18 PM

samo5816

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank For All You Help :whistling:
  • 0

#11
Crustyoldbloke
Posted 06 October 2006 - 01:39 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
You are very welcome.

I will leave this thread open for a few days in case of misfortune.
  • 0

#12
samo5816
Posted 06 October 2006 - 01:58 PM

samo5816

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
cheers :whistling:
  • 0

#13
Crustyoldbloke
Posted 06 October 2006 - 06:05 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
My pleasure.
  • 0

#14
Crustyoldbloke
Posted 17 October 2006 - 02:59 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP