Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Tagasaurus is killing me!

Started by The Blue Hell , Oct 08 2006 02:03 PM

  • This topic is locked This topic is locked

#1
The Blue Hell
Posted 08 October 2006 - 02:03 PM

The Blue Hell

    Member

  • Member
  • PipPip
  • 16 posts
I'm running with Windows XP Home Edition, and I've been hit with Tagasaurus. I'm now getting tons of pop-ups and having all of my functions and processes slowed considerably. Here is my HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:56:13 PM, on 10/8/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\newpop06.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\elitepop06.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\YnJhbnQgbWlsZXM\command.exe
C:\Documents and Settings\Thuginator\Application Data\??pPatch\??xplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\sys10-199819686.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Documents and Settings\Thuginator\Local Settings\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9913E0FB-581A-04BA-41F5-06E2EE79209B} - C:\WINDOWS\System32\jfbyxe.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [zxz417b6] RUNDLL32.EXE w2dae919.dll,n 005417b1000000122dae919
O4 - HKLM\..\Run: [novepop06ap2] C:\WINDOWS\newpop06.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINDOWS\elitepop06.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [sys10-199819686] C:\WINDOWS\sys10-199819686.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tmuc] "C:\PROGRA~1\RACLE~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Npv] C:\Documents and Settings\Thuginator\Application Data\??pPatch\??xplore.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunex.mht!http://adsextend.net...e.chm::/pre.exe
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...bs/motorsix.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nu...ATES/winwcd.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup161.cab
O16 - DPF: {FB942B0E-AA9D-4A33-844E-043E4D2FAB1F} (Jibe Downloader) - http://www.jibe.biz/...xdownloader.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallMSN.exe
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - AppInit_DLLs: BattyRun2.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YnJhbnQgbWlsZXM\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Please help me at your earliest convenience. Thanks.
  • 0

Advertisements

#2
don77
Posted 08 October 2006 - 02:06 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
The Blue Hell
Posted 08 October 2006 - 04:50 PM

The Blue Hell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 5:46:55 PM, on 10/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\newpop06.exe
C:\WINDOWS\elitepop06.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\sys10-199819686.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Thuginator\Application Data\??pPatch\??xplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\HEWLET~1\AiO\HPis\common\MOTIVE~1.EXE
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\DOCUME~1\THUGIN~1\LOCALS~1\Temp\!update.exe
C:\PROGRA~1\RACLE~1\logonui.exe
C:\Documents and Settings\Thuginator\Local Settings\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9913E0FB-581A-04BA-41F5-06E2EE79209B} - C:\WINDOWS\System32\jfbyxe.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [zxz417b6] RUNDLL32.EXE w2dae919.dll,n 005417b1000000122dae919
O4 - HKLM\..\Run: [novepop06ap2] C:\WINDOWS\newpop06.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINDOWS\elitepop06.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [sys10-199819686] C:\WINDOWS\sys10-199819686.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tmuc] "C:\PROGRA~1\RACLE~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Npv] C:\Documents and Settings\Thuginator\Application Data\??pPatch\??xplore.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunex.mht!http://adsextend.net...e.chm::/pre.exe
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...bs/motorsix.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nu...ATES/winwcd.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup161.cab
O16 - DPF: {FB942B0E-AA9D-4A33-844E-043E4D2FAB1F} (Jibe Downloader) - http://www.jibe.biz/...xdownloader.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallMSN.exe
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - AppInit_DLLs: BattyRun2.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YnJhbnQgbWlsZXM\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
  • 0

#4
don77
Posted 08 October 2006 - 07:14 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!


Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program
Reboot into normal windows and post a new HiJackThis log.
  • 0

#5
The Blue Hell
Posted 08 October 2006 - 07:55 PM

The Blue Hell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks for the feedback. Here's my latest log:

Logfile of HijackThis v1.99.1
Scan saved at 8:52:56 PM, on 10/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\newpop06.exe
C:\WINDOWS\elitepop06.exe
C:\Documents and Settings\Thuginator\Application Data\??pPatch\??xplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\HEWLET~1\AiO\HPis\common\MOTIVE~1.EXE
C:\DOCUME~1\THUGIN~1\LOCALS~1\Temp\!update.exe
C:\PROGRA~1\RACLE~1\logonui.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Thuginator\Local Settings\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9913E0FB-581A-04BA-41F5-06E2EE79209B} - C:\WINDOWS\System32\jfbyxe.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [zxz417b6] RUNDLL32.EXE w2dae919.dll,n 005417b1000000122dae919
O4 - HKLM\..\Run: [novepop06ap2] C:\WINDOWS\newpop06.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINDOWS\elitepop06.exe
O4 - HKLM\..\Run: [sys10-199819686] C:\WINDOWS\sys10-199819686.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tmuc] "C:\PROGRA~1\RACLE~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Npv] C:\Documents and Settings\Thuginator\Application Data\??pPatch\??xplore.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunex.mht!http://adsextend.net...e.chm::/pre.exe
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...bs/motorsix.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nu...ATES/winwcd.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup161.cab
O16 - DPF: {FB942B0E-AA9D-4A33-844E-043E4D2FAB1F} (Jibe Downloader) - http://www.jibe.biz/...xdownloader.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallMSN.exe
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - AppInit_DLLs: BattyRun2.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
  • 0

#6
don77
Posted 08 October 2006 - 08:08 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
From now on use HJT from here please

Next
1. Download this file - Combo Fix
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HJT log please

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#7
The Blue Hell
Posted 08 October 2006 - 10:04 PM

The Blue Hell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here's my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 23:02, on 06-10-08
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\newpop06.exe
C:\WINDOWS\elitepop06.exe
C:\WINDOWS\sys10-199819686.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HEWLET~1\AiO\HPis\common\MOTIVE~1.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9913E0FB-581A-04BA-41F5-06E2EE79209B} - C:\WINDOWS\System32\jfbyxe.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [zxz417b6] RUNDLL32.EXE w2dae919.dll,n 005417b1000000122dae919
O4 - HKLM\..\Run: [novepop06ap2] C:\WINDOWS\newpop06.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINDOWS\elitepop06.exe
O4 - HKLM\..\Run: [sys10-199819686] C:\WINDOWS\sys10-199819686.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tmuc] "C:\PROGRA~1\RACLE~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Npv] C:\Documents and Settings\Thuginator\Application Data\??pPatch\??xplore.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunex.mht!http://adsextend.net...e.chm::/pre.exe
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...bs/motorsix.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nu...ATES/winwcd.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup161.cab
O16 - DPF: {FB942B0E-AA9D-4A33-844E-043E4D2FAB1F} (Jibe Downloader) - http://www.jibe.biz/...xdownloader.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallMSN.exe
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

Here's the ComboFix log:

Thuginator - 06-10-08 22:40:29.95 Service Pack 1
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Thuginator\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{7F337AB9-CF4D-4F24-95F5-8E52BE946A36}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F337AB9-CF4D-4F24-95F5-8E52BE946A36}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F337AB9-CF4D-4F24-95F5-8E52BE946A36}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F337AB9-CF4D-4F24-95F5-8E52BE946A36}\InprocServer32]
@="C:\\WINDOWS\\system32\\ddsshlex.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{81D43887-A522-4052-B59F-43165DFE5714}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81D43887-A522-4052-B59F-43165DFE5714}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81D43887-A522-4052-B59F-43165DFE5714}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81D43887-A522-4052-B59F-43165DFE5714}\InprocServer32]
@="C:\\WINDOWS\\system32\\ooe32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{553D21DB-6FBE-44A5-81DD-2681FBC53D8C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{553D21DB-6FBE-44A5-81DD-2681FBC53D8C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{553D21DB-6FBE-44A5-81DD-2681FBC53D8C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{553D21DB-6FBE-44A5-81DD-2681FBC53D8C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{90BA71A8-EFAD-4A29-AD61-EDB96036A254}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90BA71A8-EFAD-4A29-AD61-EDB96036A254}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90BA71A8-EFAD-4A29-AD61-EDB96036A254}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{90BA71A8-EFAD-4A29-AD61-EDB96036A254}\InprocServer32]
@="C:\\WINDOWS\\system32\\rFsapi32.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\ennul1591.dll
C:\WINDOWS\system32\f42mlef11h2.dll
C:\WINDOWS\system32\f8l00i3me8.dll
C:\WINDOWS\system32\fpl6033se.dll
C:\WINDOWS\system32\fpr0039me.dll
C:\WINDOWS\system32\gp24l3fq1.dll
C:\WINDOWS\system32\k608lgdu1608.dll
C:\WINDOWS\system32\kt0ql7d51.dll
C:\WINDOWS\system32\kt22l7fo1.dll
C:\WINDOWS\system32\l2j8lc1u1f.dll
C:\WINDOWS\system32\lv2m09f1e.dll
C:\WINDOWS\system32\nmhtml.dll
C:\WINDOWS\system32\rFsapi32.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Pillock\Application Data\Dxccwrd.dll
C:\Documents and Settings\Pillock\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Pillock\Application Data\Dxcuknwrd.dll
C:\Documents and Settings\Thuginator\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Thuginator\Application Data\Dxcuknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\offun.exe
C:\WINDOWS\Eim03.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Thuginator\Application Data\PPATCH~1
C:\QooBox\Purity\Documents and Settings\Thuginator\Application Data\PPATCH~1\??xplore.exe
C:\QooBox\Purity\Program Files\RACLE~1
C:\QooBox\Purity\Program Files\Common Files\APPATC~1
C:\QooBox\Purity\Program Files\RACLE~1\bak
C:\QooBox\Purity\Program Files\RACLE~1\logonui.exe
C:\QooBox\Purity\Program Files\RACLE~1\__delete_on_reboot__l_o_g_o_n_u_i_._e_x_e_
C:\QooBox\Purity\Program Files\RACLE~1\?racle
C:\QooBox\Purity\Program Files\RACLE~1\bak\logonui.exe


((((((((((((((((((((((((((((((( Files Created from 2006-09-08 to 2006-10-08 ))))))))))))))))))))))))))))))))))


2006-10-08 20:49 86,036 --a------ C:\WINDOWS\system32\yfmggdrv.dll
2006-10-08 17:42 86,036 --a------ C:\WINDOWS\system32\mbxkhfbw.dll
2006-10-08 17:10 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-08 17:10 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-10-08 17:10 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-10-08 17:10 77,824 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-08 17:10 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-10-08 17:10 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-10-08 17:10 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-10-08 17:10 316,416 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-10-08 17:10 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-10-08 17:10 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2006-10-08 17:10 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-10-08 17:10 253,952 --a------ C:\WINDOWS\system32\wmpcd.dll
2006-10-08 17:10 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2006-10-08 17:10 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-10-08 17:10 189,440 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-08 17:10 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2006-10-08 17:10 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-10-08 17:10 139,776 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-08 17:10 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2006-10-08 17:10 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-10-08 17:10 1,998,848 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-08 17:10 1,404,928 --a------ C:\WINDOWS\system32\wmpui.dll
2006-10-08 17:10 1,298,432 --a------ C:\WINDOWS\system32\wmpcore.dll
2006-10-08 17:09 9,856 --------- C:\WINDOWS\system32\drivers\tunmp.sys
2006-10-08 17:09 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-08 17:09 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-10-08 17:09 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-10-08 17:09 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2006-10-08 17:09 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-10-08 17:09 71,168 --a------ C:\WINDOWS\system32\telnet.exe
2006-10-08 17:09 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-08 17:09 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-10-08 17:09 674,816 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-08 17:09 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-10-08 17:09 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-10-08 17:09 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-10-08 17:09 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-10-08 17:09 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-08 17:09 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2006-10-08 17:09 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2006-10-08 17:09 61,952 --a------ C:\WINDOWS\system32\sti.dll
2006-10-08 17:09 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-10-08 17:09 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2006-10-08 17:09 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-10-08 17:09 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-10-08 17:09 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-10-08 17:09 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-10-08 17:09 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-10-08 17:09 5,504 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-10-08 17:09 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-10-08 17:09 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2006-10-08 17:09 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-08 17:09 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2006-10-08 17:09 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-10-08 17:09 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-10-08 17:09 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-10-08 17:09 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-08 17:09 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-10-08 17:09 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-10-08 17:09 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-10-08 17:09 36,352 --a------ C:\WINDOWS\system32\sens.dll
2006-10-08 17:09 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-10-08 17:09 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-10-08 17:09 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-10-08 17:09 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2006-10-08 17:09 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-10-08 17:09 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2006-10-08 17:09 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-10-08 17:09 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-10-08 17:09 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-08 17:09 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-10-08 17:09 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-10-08 17:09 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-10-08 17:09 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-10-08 17:09 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-08 17:09 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-10-08 17:09 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-10-08 17:09 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-10-08 17:09 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-10-08 17:09 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-08 17:09 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-10-08 17:09 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-10-08 17:09 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-10-08 17:09 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2006-10-08 17:09 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2006-10-08 17:09 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-10-08 17:09 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-10-08 17:09 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-10-08 17:09 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2006-10-08 17:09 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2006-10-08 17:09 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2006-10-08 17:09 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-10-08 17:09 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2006-10-08 17:09 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-10-08 17:09 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-08 17:09 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-08 17:09 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-10-08 17:09 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-10-08 17:09 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-10-08 17:09 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-10-08 17:09 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-10-08 17:09 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2006-10-08 17:09 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2006-10-08 17:09 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-10-08 17:09 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-10-08 17:09 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-10-08 17:09 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-10-08 17:09 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-10-08 17:09 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-10-08 17:09 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-10-08 17:08 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-10-08 17:08 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-10-08 17:08 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2006-10-08 17:08 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-08 17:08 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-10-08 17:08 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2006-10-08 17:08 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-08 17:08 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-10-08 17:08 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2006-10-08 17:08 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-10-08 17:08 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-10-08 17:08 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-10-08 17:08 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2006-10-08 17:08 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-08 17:08 548,864 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-10-08 17:08 530,432 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-10-08 17:08 53,248 --a------ C:\WINDOWS\system32\packager.exe
2006-10-08 17:08 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-10-08 17:08 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-10-08 17:08 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-10-08 17:08 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-10-08 17:08 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-08 17:08 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2006-10-08 17:08 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-10-08 17:08 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-10-08 17:08 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-10-08 17:08 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-10-08 17:08 33,808 --a------ C:\WINDOWS\system32\ntio.sys
2006-10-08 17:08 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2006-10-08 17:08 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-10-08 17:08 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-10-08 17:08 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-10-08 17:08 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2006-10-08 17:08 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2006-10-08 17:08 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-10-08 17:08 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-08 17:08 221,696 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-08 17:08 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-10-08 17:08 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2006-10-08 17:08 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-10-08 17:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-08 17:08 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-10-08 17:08 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-10-08 17:08 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-10-08 17:08 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-10-08 17:08 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-10-08 17:08 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-10-08 17:08 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-08 17:08 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-10-08 17:08 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-08 17:08 134,144 --a------ C:\WINDOWS\regedit.exe
2006-10-08 17:08 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-10-08 17:08 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-10-08 17:08 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-10-08 17:08 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2006-10-08 17:08 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-08 17:08 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-10-08 17:08 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-10-08 17:08 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2006-10-08 17:08 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2006-10-08 17:08 1,169,920 --a------ C:\WINDOWS\system32\ole32.dll
2006-10-08 17:07 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-10-08 17:07 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2006-10-08 17:07 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-08 17:07 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-10-08 17:07 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-10-08 17:07 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-08 17:07 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2006-10-08 17:07 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-08 17:07 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-10-08 17:07 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-08 17:07 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-10-08 17:07 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-08 17:07 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-10-08 17:07 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2006-10-08 17:07 5,120 --------- C:\WINDOWS\system32\hccoin.dll
2006-10-08 17:07 450,176 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-10-08 17:07 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-10-08 17:07 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-10-08 17:07 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2006-10-08 17:07 401,462 --ahs---- C:\WINDOWS\system32\msvcp60.dll
2006-10-08 17:07 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2006-10-08 17:07 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-10-08 17:07 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-08 17:07 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-10-08 17:07 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-08 17:07 348,191 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-10-08 17:07 344,095 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-10-08 17:07 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-08 17:07 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-08 17:07 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-08 17:07 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2006-10-08 17:07 323,072 --ahs---- C:\WINDOWS\system32\msvcrt.dll
2006-10-08 17:07 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-10-08 17:07 310,272 --------- C:\WINDOWS\system32\winhttp.dll
2006-10-08 17:07 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-08 17:07 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2006-10-08 17:07 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-08 17:07 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-08 17:07 253,983 --a------ C:\WINDOWS\system32\mstext40.dll
2006-10-08 17:07 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-08 17:07 245,760 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-08 17:07 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-10-08 17:07 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-10-08 17:07 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-08 17:07 218,112 --------- C:\WINDOWS\system32\sbe.dll
2006-10-08 17:07 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-08 17:07 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-10-08 17:07 19,328 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-08 17:07 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-10-08 17:07 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2006-10-08 17:07 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-10-08 17:07 175,104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-08 17:07 172,032 --------- C:\WINDOWS\system32\mssap.dll
2006-10-08 17:07 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
2006-10-08 17:07 155,648 --------- C:\WINDOWS\system32\encdec.dll
2006-10-08 17:07 154,112 --a------ C:\WINDOWS\system32\netman.dll
2006-10-08 17:07 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-10-08 17:07 13,056 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-08 17:07 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-08 17:07 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-10-08 17:07 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-10-08 17:07 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2006-10-08 17:07 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-08 17:07 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-08 17:07 105,984 --a------ C:\WINDOWS\system32\netdde.exe
2006-10-08 17:07 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2006-10-08 17:07 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-10-08 17:07 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-10-08 17:07 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2006-10-08 17:06 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-10-08 17:06 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2006-10-08 17:06 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-08 17:06 64,512 --a------ C:\WINDOWS\system32\msiexec.exe
2006-10-08 17:06 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-08 17:06 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-08 17:06 512,031 --a------ C:\WINDOWS\system32\msexch40.dll
2006-10-08 17:06 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-10-08 17:06 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-10-08 17:06 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-10-08 17:06 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-10-08 17:06 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-10-08 17:06 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-08 17:06 348,195 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-10-08 17:06 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-08 17:06 319,519 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-10-08 17:06 305,664 --a------ C:\WINDOWS\system32\msihnd.dll
2006-10-08 17:06 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2006-10-08 17:06 241,695 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-10-08 17:06 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
2006-10-08 17:06 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2006-10-08 17:06 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-10-08 17:06 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-10-08 17:06 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-10-08 17:06 2,086,400 --a------ C:\WINDOWS\system32\msi.dll
2006-10-08 17:06 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-10-08 17:06 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-08 17:06 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-10-08 17:06 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2006-10-08 17:06 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-10-08 17:06 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-10-08 17:06 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-08 17:06 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-10-08 17:06 1,503,262 --a------ C:\WINDOWS\system32\msjet40.dll
2006-10-08 17:06 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-10-08 17:05 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
2006-10-08 17:05 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2006-10-08 17:05 60,928 --a------ C:\WINDOWS\system32\ipv6.exe
2006-10-08 17:05 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-10-08 17:05 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-10-08 17:05 435,200 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-10-08 17:05 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-10-08 17:05 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
2006-10-08 17:05 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2006-10-08 17:05 166,912 --a------ C:\WINDOWS\system32\iuengine.dll
2006-10-08 17:05 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-10-08 17:05 143,872 --a------ C:\WINDOWS\system32\itircl.dll
2006-10-08 17:05 134,144 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-10-08 17:05 122,368 --a------ C:\WINDOWS\system32\itss.dll
2006-10-08 17:04 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-08 17:04 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-08 17:04 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-10-08 17:04 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll
2006-10-08 17:04 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-10-08 17:04 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-10-08 17:04 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-10-08 17:04 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-10-08 17:04 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2006-10-08 17:04 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-10-08 17:04 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2006-10-08 17:04 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2006-10-08 17:04 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-10-08 17:04 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-08 17:04 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-08 17:04 557,568 --a------ C:\WINDOWS\system32\crypt32.dll
2006-10-08 17:04 55,296 --a------ C:\WINDOWS\system32\digest.dll
2006-10-08 17:04 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2006-10-08 17:04 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-10-08 17:04 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-10-08 17:04 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2006-10-08 17:04 489,984 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-10-08 17:04 471,040 --a------ C:\WINDOWS\system32\cryptui.dll
2006-10-08 17:04 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-10-08 17:04 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-10-08 17:04 380,445 --a------ C:\WINDOWS\system32\expsrv.dll
2006-10-08 17:04 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll
2006-10-08 17:04 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2006-10-08 17:04 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-10-08 17:04 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-10-08 17:04 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2006-10-08 17:04 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-08 17:04 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-08 17:04 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-08 17:04 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-10-08 17:04 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
2006-10-08 17:04 263,680 --a------ C:\WINDOWS\system32\duser.dll
2006-10-08 17:04 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2006-10-08 17:04 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-10-08 17:04 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-10-08 17:04 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-10-08 17:04 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-10-08 17:04 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-10-08 17:04 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2006-10-08 17:04 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-10-08 17:04 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-10-08 17:04 225,280 --a------ C:\WINDOWS\system32\es.dll
2006-10-08 17:04 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-08 17:04 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-10-08 17:04 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-10-08 17:04 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2006-10-08 17:04 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-10-08 17:04 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-10-08 17:04 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-10-08 17:04 165,376 --a------ C:\WINDOWS\system32\els.dll
2006-10-08 17:04 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-10-08 17:04 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-10-08 17:04 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-10-08 17:04 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2006-10-08 17:04 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-10-08 17:04 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-08 17:04 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2006-10-08 17:04 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2006-10-08 17:04 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-10-08 17:04 114,176 --a------ C:\WINDOWS\system32\input.dll
2006-10-08 17:04 113,152 --a------ C:\WINDOWS\system32\idq.dll
2006-10-08 17:04 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-10-08 17:04 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2006-10-08 17:04 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-10-08 17:04 10,752 --a------ C:\WINDOWS\hh.exe
2006-10-08 17:04 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-08 17:04 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-10-08 17:03 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2006-10-08 17:03 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-08 17:03 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-10-08 17:03 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-10-08 17:03 74,810 --a------ C:\WINDOWS\system32\atl.dll
2006-10-08 17:03 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-10-08 17:03 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-10-08 17:03 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-10-08 17:03 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-10-08 17:03 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2006-10-08 17:03 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-10-08 17:03 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-08 17:03 5,120 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-08 17:03 49,152 --a------ C:\WINDOWS\system32\browser.dll
2006-10-08 17:03 41,984 --a------ C:\WINDOWS\system32\alg.exe
2006-10-08 17:03 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-10-08 17:03 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-08 17:03 32,512 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2006-10-08 17:03 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-10-08 17:03 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-10-08 17:03 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2006-10-08 17:03 179,712 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-08 17:03 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2006-10-08 17:03 14,848 --a------ C:\WINDOWS\system32\cdm.dll
2006-10-08 17:03 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-10-08 17:03 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-10-08 17:03 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
2006-10-08 16:57 86,036 --a------ C:\WINDOWS\system32\nihcyhbs.dll
2006-10-08 16:45 86,036 --a------ C:\WINDOWS\system32\ddewiqgk.dll
2006-10-08 16:27 86,036 --a------ C:\WINDOWS\system32\armtcoep.dll
2006-10-08 16:22 86,036 --a------ C:\WINDOWS\system32\ipxasqqb.dll
2006-10-08 14:49 163,840 --a------ C:\WINDOWS\sys10-199819686.exe
2006-10-08 14:37 50,976 --a------ C:\WINDOWS\elitepop06.exe
2006-10-08 14:37 433,632 --a------ C:\WINDOWS\hancerdoem.exe
2006-10-08 14:37 217,840 --a------ C:\WINDOWS\justin-new.exe
2006-10-08 14:37 217,346 --a------ C:\WINDOWS\Setup90.exe
2006-10-08 14:32 877,104 ---hs---- C:\WINDOWS\system32\rqtss.ini2
2006-10-08 13:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-07 22:48 86,036 --a------ C:\WINDOWS\system32\dylcdlpl.dll
2006-10-07 22:37 53,120 --a------ C:\WINDOWS\optimize.exe
2006-10-07 22:37 36,608 --a------ C:\WINDOWS\nem220.dll
2006-10-07 22:36 45,056 --a------ C:\WINDOWS\newpop06.exe
2006-10-07 22:36 433,637 --a------ C:\WINDOWS\hancermm.exe
2006-10-07 22:36 147,456 --a------ C:\WINDOWS\aff_0006.exe
2006-10-06 23:37 1,233 --a------ C:\WINDOWS\system32\zxz417b6.sys
2006-10-06 18:11 65,536 --a------ C:\WINDOWS\system32\Winwcd.dll
2006-10-06 15:38 111,262 --a------ C:\WINDOWS\system32\justin.exe
2006-10-06 13:15 97,433 --a------ C:\WINDOWS\system32\traffic_solution_new.exe
2006-10-05 21:42 58,880 --a------ C:\WINDOWS\system32\adrotate1.dll
2006-10-05 16:27 86,036 --a------ C:\WINDOWS\system32\rbvmnfwx.dll
2006-10-05 16:27 143,380 --a------ C:\WINDOWS\system32\onkbmkag.exe
2006-10-04 12:20 876,887 ---hs---- C:\WINDOWS\system32\rqtss.bak2
2006-10-03 12:20 86,036 --a------ C:\WINDOWS\system32\cfsltnhb.dll
2006-10-03 12:19 815,277 ---hs---- C:\WINDOWS\system32\rqtss.bak1
2006-10-03 12:19 143,380 --a------ C:\WINDOWS\system32\xdlwxnbr.exe
2006-10-03 11:18 32,768 --a------ C:\WINDOWS\dzlaemvc.exe
2006-10-03 11:16 577,588 ---hs---- C:\WINDOWS\system32\sstqr.dll
2006-10-03 11:11 397,312 --a------ C:\WINDOWS\cfg32p.dll
2006-10-03 11:10 339,968 --a------ C:\921_135.exe
2006-10-03 11:10 183,478 --a------ C:\WINDOWS\srvmdxltpz.exe
2006-10-03 11:10 147,456 --a------ C:\InstallerC.exe
2006-10-03 11:09 53,120 --a------ C:\WINDOWS\srvmemsbxh.exe
2006-10-03 11:09 40,973 --------- C:\WINDOWS\system32\khffccd.dll
2006-10-03 11:09 367,616 --a------ C:\919_133.exe
2006-10-03 11:09 32,768 --a------ C:\WINDOWS\DXCecho.exe
2006-10-03 11:09 272,863 --a------ C:\WINDOWS\popupwithcast2.exe
2006-10-03 11:09 217,276 --a------ C:\WINDOWS\srvwbcqxzc.exe
2006-10-03 11:09 2,560 --a------ C:\WINDOWS\ac3_0018.exe
2006-10-03 11:09 175,180 --a------ C:\WINDOWS\snaper.exe
2006-09-28 18:24 75,264 --a------ C:\WINDOWS\system32\nsr41.dll
2006-09-24 18:50 17,787 --a------ C:\WINDOWS\system32\aut500.dll
2006-09-22 09:38 53,248 --a------ C:\WINDOWS\109uninst.exe
2006-09-22 09:36 53,248 --a------ C:\WINDOWS\uni_7eh.exe
2006-09-21 21:30 353,280 --a------ C:\803_104.exe
2006-09-21 21:30 2 --a------ C:\WINDOWS\system32\wnstssv.exe
2006-09-21 21:30 186,223 --a------ C:\WINDOWS\srvjpzhejf.exe
2006-09-21 21:29 53,120 --a------ C:\WINDOWS\srvpksfvya.exe
2006-09-21 21:29 32,768 --a------ C:\DXC1205b.exe
2006-09-21 21:29 215,308 --a------ C:\WINDOWS\srvieztnuh.exe
2006-09-21 21:28 430,592 --a------ C:\912_121.exe
2006-09-21 21:28 268,581 --a------ C:\WINDOWS\popupwithcast.exe
2006-09-15 16:16 53,248 --a------ C:\WINDOWS\uni_e6h.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-08 22:41 -------- d-------- C:\Program Files\Common Files
2006-10-08 22:38 -------- d-------- C:\Program Files\Hijackthis
2006-10-08 22:35 -------- d-------- C:\Documents and Settings\Thuginator\Application Data\MSN6
2006-10-08 17:40 -------- d-------- C:\Program Files\Internet Explorer
2006-10-08 17:20 -------- d-------- C:\Program Files\Movie Maker
2006-10-08 17:20 -------- d-------- C:\Program Files\Messenger
2006-10-08 17:19 -------- d-------- C:\Program Files\Windows Media Player
2006-10-08 17:19 -------- d-------- C:\Program Files\Outlook Express
2006-10-08 17:19 -------- d-------- C:\Program Files\NetMeeting
2006-10-08 17:19 -------- d-------- C:\Program Files\Common Files\System
2006-10-08 13:42 -------- d-------- C:\Program Files\spyware removal 2
2006-10-08 13:38 -------- d-------- C:\Program Files\Grisoft
2006-10-07 22:36 -------- d-------- C:\Program Files\mm
2006-10-06 23:03 -------- d-------- C:\Documents and Settings\Thuginator\Application Data\SearchToolbarCorp
2006-10-03 11:09 517 --a------ C:\Program Files\Common Files\horem
2006-10-03 11:09 -------- d-------- C:\Program Files\Online Services
2006-10-03 11:09 -------- d-------- C:\Program Files\MSN
2006-10-03 11:09 -------- d-------- C:\Program Files\mediasnapinstall
2006-09-22 22:46 -------- d-------- C:\Program Files\QuickTime
2006-09-22 21:58 -------- d-------- C:\Program Files\ewido anti-malware
2006-09-21 22:09 1493848 --a------ C:\Program Files\ccsetup133.exe
2006-09-07 13:36 -------- d---s---- C:\Documents and Settings\Thuginator\Application Data\Microsoft
2006-09-06 21:44 -------- d-------- C:\Program Files\MSN Messenger
2006-08-28 11:26 346879 --a------ C:\Program Files\e-fit_chart.pdf
2006-08-22 23:46 -------- d-------- C:\Program Files\Webteh
2006-08-16 22:50 -------- d-------- C:\Program Files\Soulseek
2006-07-28 22:21 65 --a------ C:\16663120234.exe
2006-07-25 22:17 875 --a------ C:\Documents and Settings\Thuginator\Application Data\AdobeDLM.log
2006-07-25 22:17 0 --a------ C:\Documents and Settings\Thuginator\Application Data\dm.ini
2006-07-25 22:14 533704 --a------ C:\Program Files\AdbeRdr708_DLM_en_US.exe
2006-07-16 14:42 299528 --a------ C:\57546148.exe
2006-07-04 20:03 1541810 --a------ C:\Program Files\aresregular191_installer.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Tmuc"="\"C:\\PROGRA~1\\RACLE~1\\logonui.exe\" -vt ndrv"
"Npv"="C:\\Documents and Settings\\Thuginator\\Application Data\\??pPatch\\??xplore.exe"
"PSDream"="\"C:\\Program Files\\PSDream\\PSDream.exe\""
"Kernel Fault Safe"="C:\\WINDOWS\\smss.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"zxz417b6"="RUNDLL32.EXE w2dae919.dll,n 005417b1000000122dae919"
"novepop06ap2"="C:\\WINDOWS\\newpop06.exe"
"1pop06apelt2"="C:\\WINDOWS\\elitepop06.exe"
"sys10-199819686"="C:\\WINDOWS\\sys10-199819686.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex]
@=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Online Services\\kyzezezox.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\MSN\\howyw.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,90,01,00,00,00,00,00,00,90,01,00,00,58,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]<
  • 0

#8
don77
Posted 09 October 2006 - 11:12 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK that revealed alot I m hoping you can help with providing a few files for me please,

Make sure you can view all Hidden Files/Folders

Create a new zip file on your desk top and search for the following files below and place them into the new zip file and please e-mail them to me at iamdon77"at" yahoo.com ( replace the "at" with @)
Note you may have to move some of them while in safe mode,,, I would apperciate it

C:\WINDOWS\justin-new.exe
C:\WINDOWS\newpop06.exe
C:\WINDOWS\system32\justin.exe
C:\WINDOWS\system32\traffic_solution_new.exe
C:\921_135.exe
C:\InstallerC.exe
C:\919_133.exe
C:\WINDOWS\DXCecho.exe
C:\WINDOWS\popupwithcast2.exe
C:\DXC1205b.exe
C:\912_121.exe


Next
Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX



Also
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

  • 0

#9
The Blue Hell
Posted 09 October 2006 - 09:26 PM

The Blue Hell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here are the various logs:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 06-10-09 21:57:03

Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020129.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020138.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020424.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020469.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029711.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029760.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029768.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029772.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029780.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0030775.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031776.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031785.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031789.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031809.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031817.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031855.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0032859.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0033858.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0034858.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0035858.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038517.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038607.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038616.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038620.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038658.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038659.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038660.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038661.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038662.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038663.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038664.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038665.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038666.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038667.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038668.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038669.dll
Infected! C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038670.dll

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020129.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020129.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020138.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020138.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020424.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020424.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020469.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP208\A0020469.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029711.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029711.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029760.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029760.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029768.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029768.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029772.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029772.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029780.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0029780.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0030775.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0030775.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031776.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031776.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031785.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031785.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031789.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031789.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031809.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031809.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031817.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031817.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031855.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0031855.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0032859.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0032859.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0033858.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0033858.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0034858.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0034858.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0035858.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP220\A0035858.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038517.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038517.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038607.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038607.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038616.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038616.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038620.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038620.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038658.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038658.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038659.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038659.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038660.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038660.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038661.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038661.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038662.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038662.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038663.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038663.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038664.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038664.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038665.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038665.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038666.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038666.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038667.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038667.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038668.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038668.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038669.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038669.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038670.dll
C:\System Volume Information\_restore{9BB8B812-DF46-44D0-8C76-64C5739EB549}\RP221\A0038670.dll Deleted successfully!

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


VUNDOFIX:

VundoFix V6.2.1

Checking Java version...

Sun Java not detected
Scan started at 22:11:59 06-10-09

Listing files found while scanning....

C:\WINDOWS\system32\armtcoep.dll
C:\WINDOWS\system32\cfsltnhb.dll
C:\WINDOWS\system32\ddewiqgk.dll
C:\WINDOWS\system32\dylcdlpl.dll
C:\WINDOWS\system32\ipxasqqb.dll
C:\WINDOWS\system32\mbxkhfbw.dll
C:\WINDOWS\system32\nihcyhbs.dll
C:\WINDOWS\system32\oftqganx.dll
C:\WINDOWS\system32\rbvmnfwx.dll
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\rqtss.bak2
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\rqtss.tmp
C:\WINDOWS\system32\yfmggdrv.dll
C:\WINDOWS\system32\onkbmkag.exe
C:\WINDOWS\system32\xdlwxnbr.exe
C:\WINDOWS\System32\sstqr.dll
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\rqtss.bak2
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\rqtss.tmp
C:\WINDOWS\System32\rqtss.ini
C:\WINDOWS\System32\rqtss.bak1
C:\WINDOWS\System32\rqtss.bak2
C:\WINDOWS\System32\rqtss.ini2
C:\WINDOWS\System32\rqtss.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\armtcoep.dll
C:\WINDOWS\system32\armtcoep.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cfsltnhb.dll
C:\WINDOWS\system32\cfsltnhb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddewiqgk.dll
C:\WINDOWS\system32\ddewiqgk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dylcdlpl.dll
C:\WINDOWS\system32\dylcdlpl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ipxasqqb.dll
C:\WINDOWS\system32\ipxasqqb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mbxkhfbw.dll
C:\WINDOWS\system32\mbxkhfbw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nihcyhbs.dll
C:\WINDOWS\system32\nihcyhbs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oftqganx.dll
C:\WINDOWS\system32\oftqganx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rbvmnfwx.dll
C:\WINDOWS\system32\rbvmnfwx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\sstqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\rqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtss.bak2
C:\WINDOWS\system32\rqtss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\rqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtss.tmp
C:\WINDOWS\system32\rqtss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\yfmggdrv.dll
C:\WINDOWS\system32\yfmggdrv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\onkbmkag.exe
C:\WINDOWS\system32\onkbmkag.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xdlwxnbr.exe
C:\WINDOWS\system32\xdlwxnbr.exe Has been deleted!

Performing Repairs to the registry.
Done!


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 22:21, on 06-10-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\newpop06.exe
C:\WINDOWS\elitepop06.exe
C:\WINDOWS\sys10-199819686.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\HPis\common\MOTIVE~1.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9913E0FB-581A-04BA-41F5-06E2EE79209B} - C:\WINDOWS\System32\jfbyxe.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {3543020E-611B-4B69-9D73-B1E3CBD258B7} - C:\WINDOWS\System32\sstqr.dll (file missing)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\System32\oftqganx.dll (file missing)
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINDOWS\System32\khffccd.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [zxz417b6] RUNDLL32.EXE w2dae919.dll,n 005417b1000000122dae919
O4 - HKLM\..\Run: [novepop06ap2] C:\WINDOWS\newpop06.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINDOWS\elitepop06.exe
O4 - HKLM\..\Run: [sys10-199819686] C:\WINDOWS\sys10-199819686.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tmuc] "C:\PROGRA~1\RACLE~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Npv] C:\Documents and Settings\Thuginator\Application Data\??pPatch\??xplore.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunex.mht!http://adsextend.net...e.chm::/pre.exe
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...bs/motorsix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160436012343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160435981750
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nu...ATES/winwcd.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup161.cab
O16 - DPF: {FB942B0E-AA9D-4A33-844E-043E4D2FAB1F} (Jibe Downloader) - http://www.jibe.biz/...xdownloader.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallMSN.exe
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: khffccd - C:\WINDOWS\SYSTEM32\khffccd.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
  • 0

#10
don77
Posted 10 October 2006 - 05:26 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Thanks for those files, I got them :whistling:

As I said in my e-mail get an anti virus program running

Make sure you can view all Hidden Files/Folders


Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9913E0FB-581A-04BA-41F5-06E2EE79209B} - C:\WINDOWS\System32\jfbyxe.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {3543020E-611B-4B69-9D73-B1E3CBD258B7} - C:\WINDOWS\System32\sstqr.dll (file missing)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\System32\oftqganx.dll (file missing)
O2 - BHO: (no name) - {C6E00DDA-FEAF-4D28-ADC4-055240E8F907} - C:\WINDOWS\System32\khffccd.dll
O4 - HKLM\..\Run: [zxz417b6] RUNDLL32.EXE w2dae919.dll,n 005417b1000000122dae919
O4 - HKLM\..\Run: [novepop06ap2] C:\WINDOWS\newpop06.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINDOWS\elitepop06.exe
O4 - HKLM\..\Run: [sys10-199819686] C:\WINDOWS\sys10-199819686.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [Tmuc] "C:\PROGRA~1\RACLE~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Npv] C:\Documents and Settings\Thuginator\Application Data\??pPatch\??xplore.exe
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunex.mht!http://adsextend.net...e.chm::/pre.exe
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...bs/motorsix.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nu...ATES/winwcd.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup161.cab
O16 - DPF: {FB942B0E-AA9D-4A33-844E-043E4D2FAB1F} (Jibe Downloader) - http://www.jibe.biz/...xdownloader.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: khffccd - C:\WINDOWS\SYSTEM32\khffccd.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)


Next Reboot into SAFE MODE
Search for and delete the Folders highlighted in Blue Files highlighted in BOLD

C:\WINDOWS\newpop06.exe
C:\WINDOWS\elitepop06.exe
C:\WINDOWS\sys10-199819686.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\smss.exe <-- make sure you delete this file from the windows folder and not the system32 folder which is a legit file
Restart your computer, Post back a fresh log please
  • 0

Advertisements

#11
The Blue Hell
Posted 10 October 2006 - 10:41 PM

The Blue Hell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here's my latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 23:36, on 06-10-10
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.20.exe
c:\92b237bd3ab606d7b8c692\mrtstub.exe
C:\WINDOWS\System32\MRT.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160436012343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160435981750
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallMSN.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

Thanks.
  • 0

#12
don77
Posted 11 October 2006 - 03:20 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Getting there, Have HJT fix the following entry

O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe

Next reboot to safe mode
go to add/remove programs and remove

PSDream


next delete the following folder
C:\Program Files\PSDream

delete the following file
c:\92b237bd3ab606d7b8c692\mrtstub.exe


reboot to normal mode and go back to the topic I e-mailed you and install AVG anti virus program

run a full system scan with it have it fix all it finds,


Next make AVG Anti-Spyware 7.5 is updated and run a full system scan with that as well please, make sure you choose Quaratine as the applied action when done,, save the log and post it back here along with a fresh HJT log for me please
  • 0

#13
The Blue Hell
Posted 11 October 2006 - 08:57 PM

The Blue Hell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I had HJT fix the PSDream entry, but I couldn't find C:\Program Files\PSDream or c:\92b237bd3ab606d7b8c692\mrtstub.exe. I also couldn't locate PSDream with the "Add/Remove Programs" function.

I have AVG Anti-Spyware, but I couldn't get the Anti-Virus file from AVG to download from the link in that thread.

Anyway, here are my logs from HJT and AVG Anti-Spyware:

Logfile of HijackThis v1.99.1
Scan saved at 21:49, on 06-10-11
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160436012343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160435981750
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallMSN.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:49 06-10-11

+ Scan result:



C:\Documents and Settings\All Users.WINDOWS\Application Data\AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Thuginator\My Documents\New Compressed (zipped) Folder.zip/InstallerC.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\aff_0006.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\cfg32p.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\dzlaemvc.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__B_a_t_t_y_R_u_n_2_._d_l_l_ -> Adware.CASClient : Cleaned with backup (quarantined).
C:\WINDOWS\YnJhbnQgbWlsZXM\__delete_on_reboot__a_s_a_p_p_s_r_v_._d_l_l_ -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\YnJhbnQgbWlsZXM\__delete_on_reboot__c_o_m_m_a_n_d_._e_x_e_ -> Adware.CommAd : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-602162358-725345543-1004\Software\Classes\AutoSearch.AutoSearchObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-602162358-725345543-1004\Software\Classes\AutoSearch.AutoSearchObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-602162358-725345543-1004\Software\Classes\AutoSearch.AutoSearchObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-602162358-725345543-1004\Software\Classes\AutoSearch.AutoSearchObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008791.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011105.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011444.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011488.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012511.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011502.dll -> Adware.F1Organizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-602162358-725345543-1004\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-602162358-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-602162358-725345543-1004\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008789.exe -> Adware.ISearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011442.exe -> Adware.ISearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011486.exe -> Adware.ISearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__g_u_a_r_d_._t_m_p_ -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20061010-231026-979.dll -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\motorsix.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__W_i_n_N_B_5_8_._d_l_l_ -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008724.exe:vhegkj -> Adware.OneMoreSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008764.exe:vhegkj -> Adware.OneMoreSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008609.dll -> Adware.Perez : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__j_f_b_y_x_e_._d_l_l_ -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\876056.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011237.dll -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Documents and Settings\Thuginator\My Documents\New Compressed (zipped) Folder.zip/DXC1205b.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Thuginator\My Documents\New Compressed (zipped) Folder.zip/DXCecho.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adrotate1.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\WINDOWS\system32\khffccd.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008722.ini:wdnkvp -> Backdoor.Small.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008762.ini:wdnkvp -> Backdoor.Small.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0009987.dll:szgcac -> Backdoor.Small.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0010021.dll:szgcac -> Backdoor.Small.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011096.dll:szgcac -> Backdoor.Small.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011435.dll:szgcac -> Backdoor.Small.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011475.dll:szgcac -> Backdoor.Small.dc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__a_a_a_0_0_0_0_0_._d_l_l_ -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008523.dll:wvcai -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008540.dll:wvcai -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008580.dll:wvcai -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008723.INI:pdxqxz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008739.dll:wvcai -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008763.INI:pdxqxz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008777.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008788.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008790.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0009987.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0009988.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0009988.dll:lazqum -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0010021.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0010022.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0010022.dll:lazqum -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011096.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011097.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011097.dll:lazqum -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011435.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011436.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011436.dll:lazqum -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011475.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011476.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011476.dll:lazqum -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012588.dll -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008803.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008924.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0009922.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0010000.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0010043.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011043.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011072.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011075.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011149.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011241.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011260.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011455.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011500.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012500.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012529.dll -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012533.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012559.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012583.dll -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012593.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012615.dll:wvcai -> Downloader.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008749.dll -> Downloader.Agent.jm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011461.dll -> Downloader.Agent.jm : Cleaned with backup (quarantined).
C:\WINDOWS\nem220.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\WINDOWS\srvmemsbxh.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\WINDOWS\srvpksfvya.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\Documents and Settings\Thuginator\My Documents\New Compressed (zipped) Folder.zip/919_133.exe -> Downloader.Dyfuca.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008562.vbs -> Downloader.Iwill.g : Cleaned with backup (quarantined).
C:\QooBox\Purity\Program Files\RACLE~1\__delete_on_reboot__l_o_g_o_n_u_i_._e_x_e_ -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\QooBox\Purity\Program Files\RACLE~1\logonui.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\QooBox\Purity\Program Files\RACLE~1\bak\logonui.exe -> Downloader.PurityScan.cx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__w_0_0_2_b_3_d_5_._d_l_l_ -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\__delete_on_reboot__a_c_3___0_0_0_2_._e_x_e_ -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\WINDOWS\ac3_0018.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\WINDOWS\bak\vascjdkA.exe -> Downloader.VB.ang : Cleaned with backup (quarantined).
C:\WINDOWS\__delete_on_reboot__m_s_0_6_9_6_8_6_-_1_9_9_8_1_._e_x_e_ -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\WINDOWS\__delete_on_reboot__w_i_n_3_2_0_7_6_8_6_-_1_9_9_8_1_9_._e_x_e_ -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\WINDOWS\bak\win3207686-199819.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\bintheredunthat\ms04819686-199.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\803_104.exe -> Dropper.Mudrop.bq : Cleaned with backup (quarantined).
C:\vbsys2.dll -> Hijacker.Agent.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008787.exe -> Hijacker.Agent.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0009993.exe -> Hijacker.Agent.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011102.exe -> Hijacker.Agent.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011434.exe -> Hijacker.Agent.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011441.exe -> Hijacker.Agent.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011483.exe -> Hijacker.Agent.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011485.exe -> Hijacker.Agent.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011107.exe -> Hijacker.Agent.bz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011447.exe -> Hijacker.Agent.bz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011491.exe -> Hijacker.Agent.bz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011106.exe -> Hijacker.Agent.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011445.exe -> Hijacker.Agent.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011490.exe -> Hijacker.Agent.ca : Cleaned with backup (quarantined).
C:\Program Files\MSN\howyw.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Online Services\kyzezezox.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\Thuginator\Local Settings\Temp\pre.exe -> Hijacker.VB.pg : Cleaned with backup (quarantined).
C:\Documents and Settings\Pillock\Local Settings\Temp\jqvgjoms.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008561.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008606.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008782.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008831.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0009982.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011144.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011179.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011430.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012513.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012586.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0012601.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\Documents and Settings\Thuginator\Cookies\thuginator@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Pillock\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Pillock\Cookies\pillock@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@epilot[2].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\[email protected][1].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@linkbuddies[1].txt -> TrackingCookie.Linkbuddies : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Planetactive : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Pillock\Cookies\pillock@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Pillock\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Thuginator\Cookies\thuginator@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\57546148.exe -> Trojan.Agent.rw : Cleaned with backup (quarantined).
C:\Documents and Settings\Pillock\Local Settings\Temp\bmbpkkyx.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Pillock\Local Settings\Temp\qovkiqhi.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\armtcoep.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\cfsltnhb.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddewiqgk.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\dylcdlpl.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\ipxasqqb.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\mbxkhfbw.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\nihcyhbs.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\oftqganx.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\rbvmnfwx.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\yfmggdrv.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008730.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0010026.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rlugvbj.dll -> Trojan.Kolweb.f : Cleaned with backup (quarantined).
C:\WINDOWS\system32\3jl7ro.exe -> Trojan.Kolweb.g : Cleaned with backup (quarantined).
C:\WINDOWS\cl2.exe -> Trojan.Kolweb.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cl2.exe -> Trojan.Kolweb.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Thuginator\My Documents\New Compressed (zipped) Folder.zip/912_121.exe -> Trojan.LdPinch.arr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0008786.exe -> Trojan.LowZones.aj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0009986.exe -> Trojan.LowZones.aj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011095.exe -> Trojan.LowZones.aj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011433.exe -> Trojan.LowZones.aj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{520B10CD-D07C-4A32-966C-C56EFB647E5F}\RP104\A0011482.exe -> Trojan.LowZones.aj : Cleaned with backup (quarantined).
C:\WINDOWS\109uninst.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\uni_7eh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end
  • 0

#14
don77
Posted 12 October 2006 - 04:22 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
NIcely done cleaned a lot o crap out :whistling:

Try Anti Vir
http://www.free-av.com/

you need an AV and a firewall
http://www.zonelabs....reeDownload.jsp


Please use the following suggestion to help prevent reinfection


Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep AD-Aware. and Spybot 1.4 handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, A handy tool to do this
Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Remeber to Check Windows for updates

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
  • 0

#15
The Blue Hell
Posted 14 October 2006 - 04:52 PM

The Blue Hell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Everything seems to be running fine now, and I'm not getting hit with pop-ups. I've downloaded the programs you recommended and will run them regularly. Do you think I'm free and clear now? If so, thanks for all of the help. I'm very grateful.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP