Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Latest report...


  • This topic is locked This topic is locked

#1
haku_orig

haku_orig

    New Member

  • Member
  • Pip
  • 9 posts
Hi!

Sometime last week i was trying to dowload flash 8 using limewire because i badly need it for my school requirement.. since some files requires being installed using winzip, i did so as instructed..step by step...but i couldnt download it because there are errors...i keep on downloading from limewire in the hope to find the program... as i was pissed and decided to stop, i deleted all the file download from limewire about flash 8. but then limewire keep on openning as if trying to download something. and i uninstalled limewire to stop it. but this keeps on appearing:


malware.JPG

onoes.JPG
and a square with no picture keeps on appearing on my local hard disk with the name "onoes"...
my desktop even deactivates everytime i log in...but before i log in my computer hangs and i have to reset it over again...please help.... :whistling:

this is the hijack this file:



Logfile of HijackThis v1.99.1
Scan saved at 1:07:36 AM, on 11/2/2001
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Common Files\{8CC1C65F-031D-1033-1102-010627010001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\TSKS~1\scanregw.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\VTTC.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Killbox & CCC\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TAGA LIPA ARE!
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4396C187-4870-498A-A7EF-99062BE83845} - C:\Program Files\Free iPod Video Converter\hokewo.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: 0 - {7B65277A-D360-4705-0194-0FC1DBE26654} - C:\Program Files\Windows NT\lavuqadu.dll
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [C-Media Speaker Configuration] E:\Sound\C-Media\Xp-2K-Me\drv\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\WEATHE~1\MiniBug.exe 1
O4 - HKLM\..\Run: [FS6519] C:\WINDOWS\FS6519.dll.vbs
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [ms077825-193345] C:\WINDOWS\ms077825-193345.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_SA.tmp"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ruaa] "C:\PROGRA~1\COMMON~1\TSKS~1\scanregw.exe" -vt yazb
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{03CD2F3B-8555-4A76-94B4-1B1A4257A393}: NameServer = 210.23.234.33 210.23.234.65
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  • 0

Advertisements


#2
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, haku_orig, I'll be helping you clean up your computer under the watchful eyes of our experts here at GeeksToGo.

Please give me a chance to look over your HijackThis log and come up with a fix, and I will be sure to post as soon as possible.

Edited by handhfan, 22 March 2007 - 12:51 PM.

  • 0

#3
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello again, haku_orig. It looks like you have got a nasty Alcan infection, which is the reason for LimeWire always running (sometime with more than one instance). This infection was more than likely installed via your cracked download from LimeWire. Please note that P2P networks such as LimeWire are filled with fake files like the one you found that can seriously infect your computer. We strongly suggest that you uninstall LimeWire and not pirate materials like you are planning on doing. You can either purchase the product, or ask your school if you can use their copy (if they have one) instead to further your studies. The fix below should help you get rid of the Alcan worm, and then we can clean up some of the other malware that is in your system. :whistling:

1. Please download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • 2. Please download Brute Force Uninstaller to your desktop.[list]
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while AVG Anti-spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do its job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of the AVG Anti-Spyware text report that you saved and a new HiJackThis log.
  • 0

#4
haku_orig

haku_orig

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey!

Yeah im sorry bout the p2p file...i just badly needed it that time...anyway, here's the Hijack file:


Logfile of HijackThis v1.99.1
Scan saved at 3:47:15 AM, on 11/2/2001
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BFU\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\BFU\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\TSKS~1\scanregw.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Killbox & CCC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TAGA LIPA ARE!
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {33C1538A-AEE5-440A-9B4C-D41279F917BE} - C:\Program Files\Reg Cure\hokewo.dll (file missing)
O2 - BHO: (no name) - {4396C187-4870-498A-A7EF-99062BE83845} - C:\Program Files\Free iPod Video Converter\hokewo.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: 0 - {7B65277A-D360-4705-0194-0FC1DBE26654} - C:\Program Files\Windows NT\lavuqadu.dll
O2 - BHO: (no name) - {C15E7CA9-14D7-4DC9-879D-84368F17CA89} - C:\Program Files\Flash MX\hokewo.dll
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
O2 - BHO: (no name) - {F1895534-ECC0-4285-97F3-24BC2C0D80EA} - C:\Program Files\Flash MX\hokewo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [C-Media Speaker Configuration] E:\Sound\C-Media\Xp-2K-Me\drv\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\WEATHE~1\MiniBug.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\BFU\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_SA.tmp"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ruaa] "C:\PROGRA~1\COMMON~1\TSKS~1\scanregw.exe" -vt yazb
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03CD2F3B-8555-4A76-94B4-1B1A4257A393}: NameServer = 210.23.234.33 210.23.234.65
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\BFU\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


AND here's the AVG report.......


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:54:28 AM 11/2/2001

+ Scan result:



C:\Program Files\Common Files\{8CC1C65F-031D-1033-1102-010627010001}\system.dll -> Adware.888Bar : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{8CC1C65F-031E-1033-1102-010627010001}\system.dll -> Adware.888Bar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.888Bar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195402.dll -> Adware.888Bar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195403.exe -> Adware.888Bar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0188298.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195341.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195343.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195344.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195386.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195393.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217686.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{8CC1C65F-031D-1033-1102-010627010001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{8CC1C65F-031E-1033-1102-010627010001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\SAcc.exe -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195404.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195405.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195406.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0196393.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bund1\ClientBundle1.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bund1\Delcom.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\Flash MX\hokewo.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\Free iPod Video Converter\hokewo.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\Reg Cure\hokewo.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195390.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195397.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195416.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0196394.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0206455.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0209455.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0211618.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0211632.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0215640.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0216632.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0216645.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0222730.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0222736.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\WINDOWS\VTTC.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189319.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189320.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189321.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189328.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189329.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217691.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217692.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-789336058-839522115-551112515-1004\Dc28.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187279.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195411.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0196404.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0198396.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0199399.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0200399.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203437.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203448.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0205448.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0206451.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0209454.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211454.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211460.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211461.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211462.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0214636.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0215636.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217645.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217666.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217667.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\onoes.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187277.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187280.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187281.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0188318.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0191340.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0191345.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0193340.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0194340.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195340.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195392.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189325.exe -> Downloader.Agent.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0217716.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0186206.exe -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\ysb.dll -> Downloader.IstBar.pb : Cleaned with backup (quarantined).
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\fmeCa1n.exe -> Downloader.IstBar.pe : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1670OinAdmin.exe -> Downloader.PurityScan.eb : Cleaned with backup (quarantined).
C:\WINDOWS\security.html -> Not-A-Virus.Hoax.Win32.Renos.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Saxobank : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195342.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0188296.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\ms077825-193345.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bund1\mac.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP122\A0149772.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Update.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Winzip.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\FS6519.dll.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0155908.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0155909.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0155930.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0155931.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0156930.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0156931.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0162952.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0162953.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0163955.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0163956.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0163987.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0163988.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0164990.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0164991.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0165990.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0165991.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0166990.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0166991.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0168036.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0168037.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0169038.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0169039.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0169050.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0169051.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0181086.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0181087.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0181098.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0181099.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0181120.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0181121.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0183123.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0183124.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0184126.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0184127.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0185126.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0185127.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0186126.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0186127.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0186265.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0186266.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187267.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187268.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0187302.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0187304.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0188312.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0188314.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189313.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189314.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189341.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189342.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0191341.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0191342.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195434.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0196401.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0196402.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0196413.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0196414.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0197396.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0197397.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0198397.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0198398.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0199400.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0199401.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0200400.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0200401.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203434.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203435.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203449.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203450.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0205449.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0205450.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0206452.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0206453.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0207451.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0207452.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0209451.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0209452.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0209460.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0209461.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0210463.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0210464.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211455.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211456.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0211599.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0211600.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0212636.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0212637.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0214637.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0214638.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0215637.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0215638.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0216642.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0216643.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0216673.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0216674.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217646.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217647.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0217701.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0217702.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0218722.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0218723.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0222724.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0222725.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\WINDOWS\FS6519.dll.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\Program Files\outlook\outlook.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end



thank you....i dont know if my PC would work well now...ill try in a few days if there's still something wrong...update me please if i still can do anything based on my report...thank you soo much.... :whistling:
  • 0

#5
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
1. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TAGA LIPA ARE!
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: (no name) - {33C1538A-AEE5-440A-9B4C-D41279F917BE} - C:\Program Files\Reg Cure\hokewo.dll (file missing)
O2 - BHO: (no name) - {4396C187-4870-498A-A7EF-99062BE83845} - C:\Program Files\Free iPod Video Converter\hokewo.dll (file missing)
O2 - BHO: 0 - {7B65277A-D360-4705-0194-0FC1DBE26654} - C:\Program Files\Windows NT\lavuqadu.dll
O2 - BHO: (no name) - {C15E7CA9-14D7-4DC9-879D-84368F17CA89} - C:\Program Files\Flash MX\hokewo.dll
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
O2 - BHO: (no name) - {F1895534-ECC0-4285-97F3-24BC2C0D80EA} - C:\Program Files\Flash MX\hokewo.dll
O4 - HKCU\..\Run: [Ruaa] "C:\PROGRA~1\COMMON~1\TSKS~1\scanregw.exe" -vt yazb

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2. Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\Reg Cure\hokewo.dll
    C:\Program Files\Free iPod Video Converter\hokewo.dll
    C:\Program Files\Windows NT\lavuqadu.dll
    C:\Program Files\Flash MX\hokewo.dll
    C:\Program Files\Web Buying
    C:\Program Files\Flash MX\hokewo.dll
    C:\Program Files\Common Files\{8CC1C65F-031D-1033-1102-010627010001}
    C:\Program Files\Common Files\{8CC1C65F-031E-1033-1102-010627010001}
    C:\WINDOWS\system32\bund1
    C:\WINDOWS\VTTC.exe
    C:\onoes.exe
    C:\Program Files\Common Files\Yazzle1670OinAdmin.exe
    C:\WINDOWS\security.html
    C:\WINDOWS\ms077825-193345.exe
    C:\WINDOWS\system32\bund1\mac.exe
    C:\WINDOWS\system32\Update.exe
    C:\WINDOWS\system32\Winzip.exe
    C:\FS6519.dll.vbs
    C:\WINDOWS\FS6519.dll.vbs
    C:\Program Files\outlook


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Then, please post a new HijackThis log and a new AVG Anti-Spyware log.
  • 0

#6
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
1. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TAGA LIPA ARE!
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: (no name) - {33C1538A-AEE5-440A-9B4C-D41279F917BE} - C:\Program Files\Reg Cure\hokewo.dll (file missing)
O2 - BHO: (no name) - {4396C187-4870-498A-A7EF-99062BE83845} - C:\Program Files\Free iPod Video Converter\hokewo.dll (file missing)
O2 - BHO: 0 - {7B65277A-D360-4705-0194-0FC1DBE26654} - C:\Program Files\Windows NT\lavuqadu.dll
O2 - BHO: (no name) - {C15E7CA9-14D7-4DC9-879D-84368F17CA89} - C:\Program Files\Flash MX\hokewo.dll
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
O2 - BHO: (no name) - {F1895534-ECC0-4285-97F3-24BC2C0D80EA} - C:\Program Files\Flash MX\hokewo.dll
O4 - HKCU\..\Run: [Ruaa] "C:\PROGRA~1\COMMON~1\TSKS~1\scanregw.exe" -vt yazb

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2. Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\Reg Cure\hokewo.dll
    C:\Program Files\Free iPod Video Converter\hokewo.dll
    C:\Program Files\Windows NT\lavuqadu.dll
    C:\Program Files\Flash MX\hokewo.dll
    C:\Program Files\Web Buying
    C:\Program Files\Flash MX\hokewo.dll
    C:\Program Files\Common Files\{8CC1C65F-031D-1033-1102-010627010001}
    C:\Program Files\Common Files\{8CC1C65F-031E-1033-1102-010627010001}
    C:\WINDOWS\system32\bund1
    C:\WINDOWS\VTTC.exe
    C:\onoes.exe
    C:\Program Files\Common Files\Yazzle1670OinAdmin.exe
    C:\WINDOWS\security.html
    C:\WINDOWS\ms077825-193345.exe
    C:\WINDOWS\system32\bund1\mac.exe
    C:\WINDOWS\system32\Update.exe
    C:\WINDOWS\system32\Winzip.exe
    C:\FS6519.dll.vbs
    C:\WINDOWS\FS6519.dll.vbs
    C:\Program Files\outlook


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Then, please post a new HijackThis log and a new AVG Anti-Spyware log.
  • 0

#7
haku_orig

haku_orig

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi!
here are the results....i think there are a lot more virus i scanned today when i used AVG...anyway, i know u know better...i hope there's more that you could help...thank u so much...ill wait for the reply.... :whistling:


OT Results:

File/Folder C:\Program Files\Reg Cure\hokewo.dll not found.
File/Folder C:\Program Files\Free iPod Video Converter\hokewo.dll not found.
File/Folder C:\Program Files\Windows NT\lavuqadu.dll not found.
File/Folder C:\Program Files\Flash MX\hokewo.dll not found.
File/Folder C:\Program Files\Web Buying not found.
File/Folder C:\Program Files\Flash MX\hokewo.dll not found.
C:\Program Files\Common Files\{8CC1C65F-031D-1033-1102-010627010001} moved successfully.
C:\Program Files\Common Files\{8CC1C65F-031E-1033-1102-010627010001} moved successfully.
C:\WINDOWS\system32\bund1 moved successfully.
C:\WINDOWS\VTTC.exe moved successfully.
File/Folder C:\onoes.exe not found.
File/Folder C:\Program Files\Common Files\Yazzle1670OinAdmin.exe not found.
File/Folder C:\WINDOWS\security.html not found.
File/Folder C:\WINDOWS\ms077825-193345.exe not found.
File/Folder C:\WINDOWS\system32\bund1\mac.exe not found.
File/Folder C:\WINDOWS\system32\Update.exe not found.
File/Folder C:\WINDOWS\system32\Winzip.exe not found.
File/Folder C:\FS6519.dll.vbs not found.
File/Folder C:\WINDOWS\FS6519.dll.vbs not found.
File/Folder C:\Program Files\outlook not found.

Created on 11/02/2001 01:22:31


Hi-Jack Log file Report

Logfile of HijackThis v1.99.1
Scan saved at 1:25:20 AM, on 11/2/2001
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BFU\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\BFU\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Killbox & CCC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [C-Media Speaker Configuration] E:\Sound\C-Media\Xp-2K-Me\drv\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\WEATHE~1\MiniBug.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\BFU\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03CD2F3B-8555-4A76-94B4-1B1A4257A393}: NameServer = 210.23.234.33 210.23.234.65
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\BFU\AVG Anti-Spyware 7.5\guard.exe



Here's the AVG report....


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:54:28 AM 11/2/2001

+ Scan result:



C:\Program Files\Common Files\{8CC1C65F-031D-1033-1102-010627010001}\system.dll -> Adware.888Bar : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{8CC1C65F-031E-1033-1102-010627010001}\system.dll -> Adware.888Bar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.888Bar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195402.dll -> Adware.888Bar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195403.exe -> Adware.888Bar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0188298.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195341.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195343.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195344.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195386.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195393.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217686.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{8CC1C65F-031D-1033-1102-010627010001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{8CC1C65F-031E-1033-1102-010627010001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\SAcc.exe -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195404.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195405.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195406.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0196393.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bund1\ClientBundle1.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bund1\Delcom.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\Flash MX\hokewo.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\Free iPod Video Converter\hokewo.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\Reg Cure\hokewo.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195390.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195397.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195416.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0196394.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0206455.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0209455.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0211618.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0211632.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0215640.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0216632.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0216645.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0222730.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0222736.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\WINDOWS\VTTC.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189319.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189320.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189321.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189328.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189329.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217691.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217692.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-789336058-839522115-551112515-1004\Dc28.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187279.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195411.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0196404.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0198396.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0199399.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0200399.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203437.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203448.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0205448.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0206451.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0209454.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211454.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211460.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211461.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211462.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0214636.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0215636.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217645.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217666.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217667.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\onoes.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187277.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187280.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187281.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0188318.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0191340.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0191345.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0193340.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0194340.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195340.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195392.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189325.exe -> Downloader.Agent.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0217716.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0186206.exe -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\ysb.dll -> Downloader.IstBar.pb : Cleaned with backup (quarantined).
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\fmeCa1n.exe -> Downloader.IstBar.pe : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1670OinAdmin.exe -> Downloader.PurityScan.eb : Cleaned with backup (quarantined).
C:\WINDOWS\security.html -> Not-A-Virus.Hoax.Win32.Renos.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Pango at Bungi\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Saxobank : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Palaka\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195342.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0188296.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\ms077825-193345.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bund1\mac.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP122\A0149772.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Update.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Winzip.exe -> Worm.Nyxem.e : Cleaned with backup (quarantined).
C:\FS6519.dll.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0155908.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0155909.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0155930.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0155931.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0156930.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0156931.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0162952.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0162953.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0163955.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0163956.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0163987.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0163988.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0164990.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0164991.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0165990.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0165991.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0166990.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0166991.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0168036.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0168037.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0169038.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0169039.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0169050.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0169051.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0181086.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP124\A0181087.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0181098.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0181099.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0181120.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0181121.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0183123.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0183124.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0184126.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0184127.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0185126.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0185127.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0186126.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0186127.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0186265.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0186266.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187267.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP125\A0187268.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0187302.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0187304.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0188312.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0188314.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189313.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189314.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189341.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0189342.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0191341.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0191342.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0195434.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0196401.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP126\A0196402.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0196413.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0196414.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0197396.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0197397.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0198397.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0198398.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0199400.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0199401.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0200400.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP127\A0200401.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203434.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203435.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203449.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0203450.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0205449.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0205450.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0206452.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0206453.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0207451.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0207452.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0209451.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP128\A0209452.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0209460.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0209461.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0210463.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0210464.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211455.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP129\A0211456.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0211599.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0211600.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0212636.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0212637.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0214637.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0214638.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0215637.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0215638.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0216642.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP130\A0216643.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0216673.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0216674.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217646.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP131\A0217647.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0217701.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0217702.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0218722.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0218723.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0222724.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A6B9E881-9366-49E2-8BD9-40D1517CB47D}\RP132\A0222725.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\WINDOWS\FS6519.dll.vbs -> Worm.Solow.a : Cleaned with backup (quarantined).
C:\Program Files\outlook\outlook.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end
  • 0

#8
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.
  • 0

#9
haku_orig

haku_orig

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi!

i did what you said and here are the reports....thanku agen...please inform me for further instructions...thank u much! :whistling:

COMBOFIX REPORT

"Editor" - 01-11-02 0:50:30 Service Pack 2
ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Editor\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1670OinUninstaller.exe
C:\DOCUME~1\Editor\APPLIC~1\Dxcknwrd.dll
C:\DOCUME~1\Editor\APPLIC~1\Dxcuknwrd.dll
c:\autorun.inf
C:\DOCUME~1\Editor\Desktop\internet.lnk
C:\WINDOWS\system32\alxres.dll
C:\WINDOWS\system32\bszip.dll
C:\Program Files\Common Files\{3CC1C~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\TSKS~1
C:\qoobox\purity\Program Files\Common Files\TSKS~1\scanregw.exe
C:\qoobox\purity\Program Files\Common Files\TSKS~1\T?sks


((((((((((((((((((((((((((((((( Files Created from 2001-10-02 to 2001-11-02 ))))))))))))))))))))))))))))))))))


2001-11-21 10:22 56,832 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2001-11-02 12:34 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2001-11-02 06:37 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2001-11-02 06:09 <DIR> d-------- C:\WINDOWS\Sun
2001-11-02 06:09 <DIR> d-------- C:\DOCUME~1\Editor\APPLIC~1\Sun
2001-11-02 04:24 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2001-11-02 04:23 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2001-11-02 04:23 <DIR> d-------- C:\Program Files\Free iPod Video Converter
2001-11-02 04:22 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2001-11-02 04:21 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2001-11-02 04:20 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2001-11-02 04:19 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2001-11-02 04:19 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2001-11-02 04:17 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2001-11-02 03:47 995,136 --a------ C:\WINDOWS\system\MSAJT200.DLL
2001-11-02 03:47 86,848 --a------ C:\WINDOWS\system\VBDB16.DLL
2001-11-02 03:47 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL
2001-11-02 03:47 57,632 --a------ C:\WINDOWS\system\QPRO200.DLL
2001-11-02 03:47 543,584 --a------ C:\WINDOWS\system\DAO2516.DLL
2001-11-02 03:47 2,920 --a------ C:\WINDOWS\system\VBAJET.DLL
2001-11-02 03:47 15,936 --a------ C:\WINDOWS\system\MSJETINT.DLL
2001-11-02 03:47 11,232 --a------ C:\WINDOWS\system\MSJETERR.DLL
2001-11-02 03:46 935,632 --a------ C:\WINDOWS\system\VB40016.DLL
2001-11-02 03:46 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
2001-11-02 03:46 536,048 --a------ C:\WINDOWS\system\OC25.DLL
2001-11-02 03:46 51,712 --a------ C:\WINDOWS\system\OLE2PROX.DLL
2001-11-02 03:46 5,120 --a------ C:\WINDOWS\system\STKIT416.DLL
2001-11-02 03:46 304,640 --a------ C:\WINDOWS\system\OLE2.DLL
2001-11-02 03:46 28,113 --a------ C:\WINDOWS\system\OLE2.REG
2001-11-02 03:46 177,824 --a------ C:\WINDOWS\system\TYPELIB.DLL
2001-11-02 03:46 164,960 --a------ C:\WINDOWS\system\OLE2DISP.DLL
2001-11-02 03:46 157,696 --a------ C:\WINDOWS\system\STORAGE.DLL
2001-11-02 03:46 152,976 --a------ C:\WINDOWS\system\OLE2NLS.DLL
2001-11-02 03:46 12,976 --a------ C:\WINDOWS\system\SCP.DLL
2001-11-02 03:46 109,056 --a------ C:\WINDOWS\system\COMPOBJ.DLL
2001-11-02 03:37 <DIR> d-------- C:\DOCUME~1\Palaka\APPLIC~1\Help
2001-11-02 01:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2001-11-02 01:42 <DIR> d-------- C:\DOCUME~1\Palaka\WINDOWS
2001-11-02 01:41 <DIR> d-------- C:\Program Files\Reg Cure
2001-11-02 01:18 <DIR> d-------- C:\Program Files\Flash MX
2001-11-02 01:13 <DIR> d-------- C:\Program Files\BFU
2001-11-02 00:18 36,512 --a------ C:\DOCUME~1\Palaka\APPLIC~1\GDIPFONTCACHEV1.DAT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-21 17:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 17:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-14 18:34 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys
2006-07-13 16:48 202240 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2006-06-14 17:00 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-06-14 16:47 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-06-14 16:47 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-05-05 17:47 174592 --a------ C:\WINDOWS\system32\drivers\rdbss.sys
2006-05-05 17:41 453120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2006-04-20 19:51 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2006-03-17 08:33 262784 --------- C:\WINDOWS\system32\drivers\http.sys
2006-02-15 08:22 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2005-06-10 12:09 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2004-09-30 06:28 134912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2004-08-04 16:01 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2004-08-04 16:01 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2004-08-04 16:01 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2004-08-04 14:15 64896 --a------ C:\WINDOWS\system32\drivers\serial.sys
2004-08-04 14:15 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2004-08-04 14:15 574592 --a------ C:\WINDOWS\system32\drivers\ntfs.sys
2004-08-04 14:15 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2004-08-04 14:15 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2004-08-04 14:15 107904 --a------ C:\WINDOWS\system32\drivers\mup.sys
2004-08-04 14:14 91776 --a------ C:\WINDOWS\system32\drivers\ndiswan.sys
2004-08-04 14:14 74752 --a------ C:\WINDOWS\system32\drivers\ipsec.sys
2004-08-04 14:14 63744 --a------ C:\WINDOWS\system32\drivers\cdfs.sys
2004-08-04 14:14 52736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2004-08-04 14:14 51328 --a------ C:\WINDOWS\system32\drivers\rasl2tp.sys
2004-08-04 14:14 49664 --a------ C:\WINDOWS\system32\drivers\classpnp.sys
2004-08-04 14:14 48384 --a------ C:\WINDOWS\system32\drivers\raspptp.sys
2004-08-04 14:14 182912 --a------ C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 14:14 162816 --a------ C:\WINDOWS\system32\drivers\netbt.sys
2004-08-04 14:14 143360 --a------ C:\WINDOWS\system32\drivers\fastfat.sys
2004-08-04 14:14 138496 --a------ C:\WINDOWS\system32\drivers\afd.sys
2004-08-04 14:10 78464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2004-08-04 14:10 59648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2004-08-04 14:10 38016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2004-08-04 14:10 35456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2004-08-04 14:10 274304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2004-08-04 14:10 25600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2004-08-04 14:10 18944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2004-08-04 14:10 17024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2004-08-04 14:09 25472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2004-08-04 14:08 57600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2004-08-04 14:08 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2004-08-04 14:08 36224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2004-08-04 14:08 30080 --a------ C:\WINDOWS\system32\drivers\modem.sys
2004-08-04 14:08 26624 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2004-08-04 14:08 24960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2004-08-04 14:08 17024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2004-08-04 14:08 16000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2004-08-04 14:08 15104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2004-08-04 14:08 142976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2004-08-04 14:08 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2004-08-04 14:07 799744 --a------ C:\WINDOWS\system32\drivers\dmboot.sys
2004-08-04 14:07 79744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2004-08-04 14:07 68224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2004-08-04 14:07 67584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2004-08-04 14:07 63744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2004-08-04 14:07 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2004-08-04 14:07 6016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2004-08-04 14:07 52864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2004-08-04 14:07 46464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2004-08-04 14:07 44928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2004-08-04 14:07 44672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2004-08-04 14:07 43008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2004-08-04 14:07 42752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2004-08-04 14:07 42368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2004-08-04 14:07 42240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2004-08-04 14:07 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2004-08-04 14:07 20992 --a------ C:\WINDOWS\system32\drivers\vga.sys
2004-08-04 14:07 187776 --a------ C:\WINDOWS\system32\drivers\acpi.sys
2004-08-04 14:07 18560 --a------ C:\WINDOWS\system32\drivers\tdi.sys
2004-08-04 14:07 15488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2004-08-04 14:07 153344 --a------ C:\WINDOWS\system32\drivers\dmio.sys
2004-08-04 14:07 119936 --a------ C:\WINDOWS\system32\drivers\pcmcia.sys
2004-08-04 14:06 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2004-08-04 14:05 41472 --a------ C:\WINDOWS\system32\drivers\raspppoe.sys
2004-08-04 14:05 14336 --a------ C:\WINDOWS\system32\drivers\asyncmac.sys
2004-08-04 14:04 69120 --a------ C:\WINDOWS\system32\drivers\psched.sys
2004-08-04 14:04 35072 --a------ C:\WINDOWS\system32\drivers\msgpc.sys
2004-08-04 14:04 34560 --a------ C:\WINDOWS\system32\drivers\wanarp.sys
2004-08-04 14:04 30080 --a------ C:\WINDOWS\system32\drivers\rndismp.sys
2004-08-04 14:04 30080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2004-08-04 14:04 20992 --a------ C:\WINDOWS\system32\drivers\ipinip.sys
2004-08-04 14:04 13568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2004-08-04 14:04 12672 --a------ C:\WINDOWS\system32\drivers\usb8023.sys
2004-08-04 14:04 12672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2004-08-04 14:04 12672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2004-08-04 14:03 88448 --a------ C:\WINDOWS\system32\drivers\nwlnkipx.sys
2004-08-04 14:03 34560 --a------ C:\WINDOWS\system32\drivers\netbios.sys
2004-08-04 14:03 12928 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys
2004-08-04 14:03 12416 --------- C:\WINDOWS\system32\drivers\tunmp.sys
2004-08-04 14:01 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2004-08-04 14:01 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2004-08-04 14:00 71040 --a------ C:\WINDOWS\system32\drivers\dxg.sys
2004-08-04 14:00 66176 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2004-08-04 14:00 52352 --a------ C:\WINDOWS\system32\drivers\volsnap.sys
2004-08-04 14:00 41856 --a------ C:\WINDOWS\system32\drivers\imapi.sys
2004-08-04 14:00 30848 --a------ C:\WINDOWS\system32\drivers\npfs.sys
2004-08-04 14:00 29056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2004-08-04 14:00 19072 --a------ C:\WINDOWS\system32\drivers\msfs.sys
2004-08-04 14:00 181248 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-04 14:00 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2004-08-04 13:59 96256 --a------ C:\WINDOWS\system32\drivers\scsiport.sys
2004-08-04 13:59 95360 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2004-08-04 13:59 92032 --a------ C:\WINDOWS\system32\drivers\ksecdd.sys
2004-08-04 13:59 80128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2004-08-04 13:59 71552 --a------ C:\WINDOWS\system32\drivers\bridge.sys
2004-08-04 13:59 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2004-08-04 13:59 49536 --a------ C:\WINDOWS\system32\drivers\cdrom.sys
2004-08-04 13:59 42496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2004-08-04 13:59 40320 --a------ C:\WINDOWS\system32\drivers\nmnt.sys
2004-08-04 13:59 37376 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2004-08-04 13:59 36992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2004-08-04 13:59 36480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2004-08-04 13:59 36352 --a------ C:\WINDOWS\system32\drivers\disk.sys
2004-08-04 13:59 36096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2004-08-04 13:59 35328 --a------ C:\WINDOWS\system32\drivers\processr.sys
2004-08-04 13:59 27392 --a------ C:\WINDOWS\system32\drivers\fdc.sys
2004-08-04 13:59 25088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2004-08-04 13:59 20480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys
2004-08-04 13:59 15488 --a------ C:\WINDOWS\system32\drivers\serenum.sys
2004-08-04 13:59 14976 --a------ C:\WINDOWS\system32\drivers\tape.sys
2004-08-04 13:59 14208 --a------ C:\WINDOWS\system32\drivers\diskdump.sys
2004-08-04 13:59 11392 --a------ C:\WINDOWS\system32\drivers\sfloppy.sys
2004-08-04 13:59 11136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2004-08-04 13:59 10240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2004-08-04 13:58 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2004-08-04 13:58 61824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2004-08-04 13:58 60800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2004-08-04 13:58 59904 --a------ C:\WINDOWS\system32\drivers\atmarpc.sys
2004-08-04 13:58 55936 --a------ C:\WINDOWS\system32\drivers\atmlane.sys
2004-08-04 13:58 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2004-08-04 13:58 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2004-08-04 13:58 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2004-08-04 13:58 42240 --a------ C:\WINDOWS\system32\drivers\mountmgr.sys
2004-08-04 13:58 24576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2004-08-04 13:58 23040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2004-08-04 13:58 209408 --a------ C:\WINDOWS\system32\drivers\update.sys
2004-08-04 13:58 100992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2004-08-04 13:41 95424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2004-08-04 13:41 685056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2004-08-04 13:41 404990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2004-08-04 13:41 220032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2004-08-04 13:41 180360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2004-08-04 13:41 13776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2004-08-04 13:41 13240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2004-08-04 13:41 1309184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2004-08-04 13:41 129535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2004-08-04 13:41 126686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2004-08-04 13:41 11868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2004-08-04 13:41 1041536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2004-08-04 13:29 73216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2004-08-04 13:29 701440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2004-08-04 13:29 63663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2004-08-04 13:29 63488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2004-08-04 13:29 57856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2004-08-04 13:29 56623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2004-08-04 13:29 52224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2004-08-04 13:29 452736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2004-08-04 13:29 36463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2004-08-04 13:29 34735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2004-08-04 13:29 327040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2004-08-04 13:29 31744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2004-08-04 13:29 30671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2004-08-04 13:29 29455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2004-08-04 13:29 28672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2004-08-04 13:29 26367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2004-08-04 13:29 25471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2004-08-04 13:29 22271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2004-08-04 13:29 21343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2004-08-04 13:29 1897408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2004-08-04 13:29 166912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2004-08-04 13:29 14336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2004-08-04 13:29 13824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2004-08-04 13:29 13824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2004-08-04 13:29 12047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2004-08-04 13:29 11935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2004-08-04 13:29 11871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2004-08-04 13:29 11807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2004-08-04 13:29 11615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2004-08-04 13:29 11295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2004-08-04 13:29 104960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2001-11-02 17:01 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2001-11-02 06:07 -------- d-------- C:\Program Files\java
2001-11-02 05:12 -------- d-------- C:\DOCUME~1\Editor\APPLIC~1\yahoo!
2001-11-02 04:11 -------- d-------- C:\Program Files\limewire
2001-11-02 03:38 -------- d-------- C:\Program Files\Common Files\symantec shared
2001-11-02 03:38 -------- d-------- C:\DOCUME~1\Editor\APPLIC~1\symantec
2001-11-02 03:36 -------- d-------- C:\Program Files\symantec
2001-11-02 03:32 -------- d--h----- C:\Program Files\installshield installation information
2001-11-02 02:20 45056 --a------ C:\WINDOWS\ncuninst.exe
2001-11-02 01:25 -------- d-------- C:\Program Files\killbox & ccc
2001-11-02 01:21 -------- d-------- C:\Program Files\windows nt
2001-11-02 00:54 -------- d-------- C:\Program Files\shareaza lite
2001-10-27 05:16 16384 --a------ C:\WINDOWS\system32\fileops.exe
2001-10-16 10:39 387584 --a------ C:\WINDOWS\system32\lostrun.exe
2001-09-28 11:52 27008 --a------ C:\WINDOWS\system32\drivers\SISAGP.SYS
2001-09-04 10:04 182 --a------ C:\WINDOWS\system32\ebpport.dat
2001-08-30 15:16 381440 --a------ C:\WINDOWS\system32\counter.exe
2001-08-18 20:00 99840 --a------ C:\WINDOWS\system32\mprmsg.dll
2001-08-18 20:00 9936 --a------ C:\WINDOWS\system32\lzexpand.dll
2001-08-18 20:00 98304 --a------ C:\WINDOWS\system32\verifier.exe
2001-08-18 20:00 98304 --a------ C:\WINDOWS\system32\rtm.dll
2001-08-18 20:00 9728 --a------ C:\WINDOWS\system32\sprestrt.exe
2001-08-18 20:00 9728 --a------ C:\WINDOWS\system32\sfc.exe
2001-08-18 20:00 9728 --a------ C:\WINDOWS\system32\rsvpperf.dll
2001-08-18 20:00 9728 --a------ C:\WINDOWS\system32\reset.exe
2001-08-18 20:00 9728 --a------ C:\WINDOWS\system32\label.exe
2001-08-18 20:00 9728 --a------ C:\WINDOWS\system32\change.exe
2001-08-18 20:00 94784 --a------ C:\WINDOWS\twain.dll
2001-08-18 20:00 94282 --a------ C:\WINDOWS\system32\msencode.dll
2001-08-18 20:00 9344 --a------ C:\WINDOWS\system32\vga.dll
2001-08-18 20:00 924432 --a------ C:\WINDOWS\system32\mfc40.dll
2001-08-18 20:00 9216 --a------ C:\WINDOWS\system32\wshatm.dll
2001-08-18 20:00 9216 --a------ C:\WINDOWS\system32\winfax.dll
2001-08-18 20:00 9216 --a------ C:\WINDOWS\system32\wifeman.dll
2001-08-18 20:00 9216 --a------ C:\WINDOWS\system32\subst.exe
2001-08-18 20:00 9216 --a------ C:\WINDOWS\system32\print.exe
2001-08-18 20:00 9216 --a------ C:\WINDOWS\system32\lprmonui.dll
2001-08-18 20:00 9216 --a------ C:\WINDOWS\system32\finger.exe
2001-08-18 20:00 9216 --a------ C:\WINDOWS\system32\find.exe
2001-08-18 20:00 9216 --a------ C:\WINDOWS\system32\diskcomp.com
2001-08-18 20:00 9029 --a------ C:\WINDOWS\system32\ansi.sys
2001-08-18 20:00 90112 --a------ C:\WINDOWS\system32\rsvpsp.dll
2001-08-18 20:00 90112 --a------ C:\WINDOWS\system32\mycomput.dll
2001-08-18 20:00 9008 --a------ C:\WINDOWS\system32\ver.dll
2001-08-18 20:00 89600 --a------ C:\WINDOWS\system32\langwrbk.dll
2001-08-18 20:00 882 --a------ C:\WINDOWS\system32\share.exe
2001-08-18 20:00 882 --a------ C:\WINDOWS\system32\fastopen.exe
2001-08-18 20:00 8704 --a------ C:\WINDOWS\system32\eventvwr.exe
2001-08-18 20:00 86528 --a------ C:\WINDOWS\system32\iassam.dll
2001-08-18 20:00 86073 --a------ C:\WINDOWS\system32\usrfaxa.dll
2001-08-18 20:00 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2001-08-18 20:00 847872 --a------ C:\WINDOWS\system32\dbgeng.dll
2001-08-18 20:00 8424 --a------ C:\WINDOWS\system32\exe2bin.exe
2001-08-18 20:00 83968 --a------ C:\WINDOWS\system32\ipxmontr.dll
2001-08-18 20:00 82944 --a------ C:\WINDOWS\system32\olecli.dll
2001-08-18 20:00 82432 --a------ C:\WINDOWS\system32\ufat.dll
2001-08-18 20:00 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2001-08-18 20:00 8192 --a------ C:\WINDOWS\system32\winhlp32.exe
2001-08-18 20:00 8192 --a------ C:\WINDOWS\system32\streamci.dll
2001-08-18 20:00 8192 --a------ C:\WINDOWS\system32\qosname.dll
2001-08-18 20:00 8192 --a------ C:\WINDOWS\system32\psnppagn.dll
2001-08-18 20:00 8192 --a------ C:\WINDOWS\system32\mountvol.exe
2001-08-18 20:00 8192 --a------ C:\WINDOWS\system32\mciole16.dll
2001-08-18 20:00 8192 --a------ C:\WINDOWS\system32\mag_hook.dll
2001-08-18 20:00 8192 --a------ C:\WINDOWS\system32\lpr.exe
2001-08-18 20:00 8192 --a------ C:\WINDOWS\system32\control.exe
2001-08-18 20:00 8192 --a------ C:\WINDOWS\system32\cidaemon.exe
2001-08-18 20:00 817 --a------ C:\WINDOWS\system32\mscdexnt.exe
2001-08-18 20:00 81408 --a------ C:\WINDOWS\system32\fsusd.dll
2001-08-18 20:00 80384 --a------ C:\WINDOWS\system32\charmap.exe
2001-08-18 20:00 80384 --a------ C:\WINDOWS\system32\autodisc.dll
2001-08-18 20:00 78848 --a------ C:\WINDOWS\system32\tapiui.dll
2001-08-18 20:00 77891 --a------ C:\WINDOWS\system32\usrmlnka.exe
2001-08-18 20:00 77890 --a------ C:\WINDOWS\system32\usrdpa.dll
2001-08-18 20:00 77883 --a------ C:\WINDOWS\system32\usrrtosa.dll
2001-08-18 20:00 77824 --a------ C:\WINDOWS\system32\wmpstub.exe
2001-08-18 20:00 76800 --a------ C:\WINDOWS\system32\gcdef.dll
2001-08-18 20:00 7680 --a------ C:\WINDOWS\system32\vcdex.dll
2001-08-18 20:00 7680 --a------ C:\WINDOWS\system32\ncxpnt.dll
2001-08-18 20:00 7680 --a------ C:\WINDOWS\system32\mll_mtf.dll
2001-08-18 20:00 7680 --a------ C:\WINDOWS\system32\mciole32.dll
2001-08-18 20:00 7680 --a------ C:\WINDOWS\system32\kbdcan.dll
2001-08-18 20:00 7680 --a------ C:\WINDOWS\system32\hostname.exe
2001-08-18 20:00 7680 --a------ C:\WINDOWS\system32\ckcnv.exe
2001-08-18 20:00 7680 --a------ C:\WINDOWS\system32\chcp.com
2001-08-18 20:00 74240 --a------ C:\WINDOWS\system32\dhcpsapi.dll
2001-08-18 20:00 741 --a------ C:\WINDOWS\system32\noise.dat
2001-08-18 20:00 73802 --a------ C:\WINDOWS\system32\msrclr40.dll
2001-08-18 20:00 73728 --a------ C:\WINDOWS\system32\csseqchk.dll
2001-08-18 20:00 73216 --a------ C:\WINDOWS\system32\avwav.dll
2001-08-18 20:00 72192 --a------ C:\WINDOWS\system32\sprio800.dll
2001-08-18 20:00 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2001-08-18 20:00 7168 --a------ C:\WINDOWS\system32\wshnetbs.dll
2001-08-18 20:00 7168 --a------ C:\WINDOWS\system32\recover.exe
2001-08-18 20:00 7168 --a------ C:\WINDOWS\system32\mscat32.dll
2001-08-18 20:00 7168 --a------ C:\WINDOWS\system32\kbdnec.dll
2001-08-18 20:00 7168 --a------ C:\WINDOWS\system32\forcedos.exe
2001-08-18 20:00 7168 --a------ C:\WINDOWS\system32\diskcopy.com
2001-08-18 20:00 707 --a------ C:\WINDOWS\_default.pif
2001-08-18 20:00 70656 --a------ C:\WINDOWS\system32\sprio600.dll
2001-08-18 20:00 70656 --a------ C:\WINDOWS\system32\ifsutil.dll
2001-08-18 20:00 7052 --a------ C:\WINDOWS\system32\nlsfunc.exe
2001-08-18 20:00 7040 --a------ C:\WINDOWS\system32\kdcom.dll
2001-08-18 20:00 69886 --a------ C:\WINDOWS\system32\edit.com
2001-08-18 20:00 69700 --a------ C:\WINDOWS\system32\usrshuta.exe
2001-08-18 20:00 69699 --a------ C:\WINDOWS\system32\usrcoina.dll
2001-08-18 20:00 69632 --a------ C:\WINDOWS\system32\spnike.dll
2001-08-18 20:00 69632 --a------ C:\WINDOWS\system32\msr2c.dll
2001-08-18 20:00 69584 --a------ C:\WINDOWS\system32\avicap.dll
2001-08-18 20:00 69120 --a------ C:\WINDOWS\system32\olethk32.dll
2001-08-18 20:00 69120 --a------ C:\WINDOWS\system32\mprddm.dll
2001-08-18 20:00 69120 --a------ C:\WINDOWS\system32\ipxpromn.dll
2001-08-18 20:00 673088 --a------ C:\WINDOWS\system32\mlang.dat
2001-08-18 20:00 66560 --a------ C:\WINDOWS\system32\ipxsap.dll
2001-08-18 20:00 66560 --a------ C:\WINDOWS\system32\console.dll
2001-08-18 20:00 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2001-08-18 20:00 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2001-08-18 20:00 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2001-08-18 20:00 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2001-08-18 20:00 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2001-08-18 20:00 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2001-08-18 20:00 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2001-08-18 20:00 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2001-08-18 20:00 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2001-08-18 20:00 6656 -ra------ C:\WINDOWS\system32\kbdal.dll
2001-08-18 20:00 6656 --a------ C:\WINDOWS\system32\routetab.dll
2001-08-18 20:00 6656 --a------ C:\WINDOWS\system32\msswchx.exe
2001-08-18 20:00 6656 --a------ C:\WINDOWS\system32\kbdsg.dll
2001-08-18 20:00 6656 --a------ C:\WINDOWS\system32\kbdla.dll
2001-08-18 20:00 65536 --a------ C:\WINDOWS\system32\jgsh400.dll
2001-08-18 20:00 65024 --a------ C:\WINDOWS\system32\msaudite.dll
2001-08-18 20:00 64512 --a------ C:\WINDOWS\system32\acctres.dll
2001-08-18 20:00 64000 --a------ C:\WINDOWS\system32\avicap32.dll
2001-08-18 20:00 62976 --a------ C:\WINDOWS\system32\dsauth.dll
2001-08-18 20:00 62464 --a------ C:\WINDOWS\system32\iasnap.dll
2001-08-18 20:00 62464 --a------ C:\WINDOWS\system32\dpnmodem.dll
2001-08-18 20:00 61952 --a------ C:\WINDOWS\system32\dpnwsock.dll
2001-08-18 20:00 61508 --a------ C:\WINDOWS\system32\usrprbda.exe
2001-08-18 20:00 61500 --a------ C:\WINDOWS\system32\usrcntra.dll
2001-08-18 20:00 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2001-08-18 20:00 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2001-08-18 20:00 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2001-08-18 20:00 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2001-08-18 20:00 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2001-08-18 20:00 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2001-08-18 20:00 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\svcpack.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\lpq.exe
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdusx.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdusr.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdusl.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdsw.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdsp.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdsf.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdpo.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdno.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdne.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdmac.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdic.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdgr1.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdgr.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdfr.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdfo.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdfi.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdfc.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdes.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdda.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdca.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdbr.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdbene.dll
2001-08-18 20:00 6144 --a------ C:\WINDOWS\system32\kbdbe.dll
2001-08-18 20:00 61168 --a------ C:\WINDOWS\system32\msacm.dll
2001-08-18 20:00 60928 --a------ C:\WINDOWS\system32\ocmanage.dll
2001-08-18 20:00 605696 --a------ C:\WINDOWS\system32\getuname.dll
2001-08-18 20:00 60416 --a------ C:\WINDOWS\system32\msratelc.dll
2001-08-18 20:00 59392 --a------ C:\WINDOWS\system32\iassvcs.dll
2001-08-18 20:00 590336 --a------ C:\WINDOWS\system32\d3dramp.dll
2001-08-18 20:00 57856 --a------ C:\WINDOWS\system32\scripto.dll
2001-08-18 20:00 57856 --a------ C:\WINDOWS\system32\ntlanui.dll
2001-08-18 20:00 56832 --a------ C:\WINDOWS\system32\sol.exe
2001-08-18 20:00 565760 --a------ C:\WINDOWS\system32\msvcp50.dll
2001-08-18 20:00 56320 --a------ C:\WINDOWS\system32\fsutil.exe
2001-08-18 20:00 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2001-08-18 20:00 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2001-08-18 20:00 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2001-08-18 20:00 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2001-08-18 20:00 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2001-08-18 20:00 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2001-08-18 20:00 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2001-08-18 20:00 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2001-08-18 20:00 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2001-08-18 20:00 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2001-08-18 20:00 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2001-08-18 20:00 5632 --a------ C:\WINDOWS\system32\write.exe
2001-08-18 20:00 5632 --a------ C:\WINDOWS\system32\tapiperf.dll
2001-08-18 20:00 5632 --a------ C:\WINDOWS\system32\softpub.dll
2001-08-18 20:00 5632 --a------ C:\WINDOWS\system32\skdll.dll
2001-08-18 20:00 5632 --a------ C:\WINDOWS\system32\mll_qic.dll
2001-08-18 20:00 5632 --a------ C:\WINDOWS\system32\kbdus.dll
2001-08-18 20:00 5632 --a------ C:\WINDOWS\system32\kbduk.dll
2001-08-18 20:00 5632 --a------ C:\WINDOWS\system32\kbdit142.dll
2001-08-18 20:00 5632 --a------ C:\WINDOWS\system32\kbdit.dll
2001-08-18 20:00 5632 --a------ C:\WINDOWS\system32\kbdir.dll
2001-08-18 20:00 5632 --a------ C:\WINDOWS\system32\kbdgae.dll
2001-08-18 20:00 55296 --a------ C:\WINDOWS\system32\freecell.exe
2001-08-18 20:00 55296 --a------ C:\WINDOWS\system32\dvdplay.exe
2001-08-18 20:00 54784 --a------ C:\WINDOWS\system32\icmui.dll
2001-08-18 20:00 54272 --a------ C:\WINDOWS\system32\stclient.dll
2001-08-18 20:00 53520 --a------ C:\WINDOWS\system32\dpserial.dll
2001-08-18 20:00 53305 --a------ C:\WINDOWS\system32\usrlbva.dll
2001-08-18 20:00 52224 --a------ C:\WINDOWS\system32\tsappcmp.dll
2001-08-18 20:00 51712 --a------ C:\WINDOWS\system32\migpwd.exe
2001-08-18 20:00 51456 --a------ C:\WINDOWS\system32\vga256.dll
2001-08-18 20:00 51200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2001-08-18 20:00 51200 --a------ C:\WINDOWS\system32\syncapp.exe
2001-08-18 20:00 51200 --a------ C:\WINDOWS\system32\dfrgres.dll
2001-08-18 20:00 5120 --a------ C:\WINDOWS\system32\winnls.dll
2001-08-18 20:00 5120 --a------ C:\WINDOWS\system32\shell.dll
2001-08-18 20:00 5120 --a------ C:\WINDOWS\system32\lodctr.exe
2001-08-18 20:00 5120 --a------ C:\WINDOWS\system32\kbddv.dll
2001-08-18 20:00 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2001-08-18 20:00 5120 --a------ C:\WINDOWS\system32\bootvrfy.exe
2001-08-18 20:00 50620 --a------ C:\WINDOWS\system32\command.com
2001-08-18 20:00 50176 --a------ C:\WINDOWS\system32\mdhcp.dll
2001-08-18 20:00 50176 --a------ C:\WINDOWS\system32\loghours.dll
2001-08-18 20:00 49680 --a------ C:\WINDOWS\twunk_16.exe
2001-08-18 20:00 49664 --a------ C:\WINDOWS\system32\w32tm.exe
2001-08-18 20:00 49211 --a------ C:\WINDOWS\system32\usrvpa.dll
2001-08-18 20:00 49211 --a------ C:\WINDOWS\system32\usrsdpia.dll
2001-08-18 20:00 49209 --a------ C:\WINDOWS\system32\usrv80a.dll
2001-08-18 20:00 49179 --a------ C:\WINDOWS\system32\sqlwoa.dll
2001-08-18 20:00 49152 --a------ C:\WINDOWS\system32\rsmui.exe
2001-08-18 20:00 49152 --a------ C:\WINDOWS\system32\rsm.exe
2001-08-18 20:00 49152 --a------ C:\WINDOWS\system32\mprdim.dll
2001-08-18 20:00 47952 --a------ C:\WINDOWS\system32\jobexec.dll
2001-08-18 20:00 47872 --a------ C:\WINDOWS\system32\user.exe
2001-08-18 20:00 4768 --a------ C:\WINDOWS\system32\himem.sys
2001-08-18 20:00 47616 --a------ C:\WINDOWS\system32\d3dxof.dll
2001-08-18 20:00 47104 --a------ C:\WINDOWS\system32\mprui.dll
2001-08-18 20:00 46592 --a------ C:\WINDOWS\system32\pmspl.dll
2001-08-18 20:00 4656 --a------ C:\WINDOWS\system32\ds16gt.dll
2001-08-18 20:00 46258 --a------ C:\WINDOWS\system32\mib.bin
2001-08-18 20:00 46080 --a------ C:\WINDOWS\system32\docprop.dll
2001-08-18 20:00 4608 --a------ C:\WINDOWS\system32\vjoy.dll
2001-08-18 20:00 4608 --a------ C:\WINDOWS\system32\regwiz.exe
2001-08-18 20:00 4608 --a------ C:\WINDOWS\system32\mssip32.dll
2001-08-18 20:00 4608 --a------ C:\WINDOWS\system32\mchgrcoi.dll
2001-08-18 20:00 4608 --a------ C:\WINDOWS\system32\dllhst3g.exe
2001-08-18 20:00 4608 --a------ C:\WINDOWS\system32\bootok.exe
2001-08-18 20:00 45568 --a------ C:\WINDOWS\system32\jgsd400.dll
2001-08-18 20:00 45568 --a------ C:\WINDOWS\system32\drwtsn32.exe
2001-08-18 20:00 45116 --a------ C:\WINDOWS\system32\usrvoica.dll
2001-08-18 20:00 45083 --a------ C:\WINDOWS\system32\dispex.dll
2001-08-18 20:00 450560 --a------ C:\WINDOWS\system32\infosoft.dll
2001-08-18 20:00 446464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2001-08-18 20:00 4461 --a------ C:\WINDOWS\system32\oembios.dat
2001-08-18 20:00 44544 --a------ C:\WINDOWS\system32\jgaw400.dll
2001-08-18 20:00 44544 --a------ C:\WINDOWS\system32\hticons.dll
2001-08-18 20:00 44032 --a------ C:\WINDOWS\system32\msxml3r.dll
2001-08-18 20:00 44032 --a------ C:\WINDOWS\system32\ipsec6.exe
2001-08-18 20:00 44032 --a------ C:\WINDOWS\system32\dimap.dll
2001-08-18 20:00 436224 --a------ C:\WINDOWS\system32\d3dim.dll
2001-08-18 20:00 435712 --a------ C:\WINDOWS\system32\shellstyle.dll
2001-08-18 20:00 42809 --a------ C:\WINDOWS\system32\key01.sys
2001-08-18 20:00 42768 --a------ C:\WINDOWS\system32\dpwsock.dll
2001-08-18 20:00 4208 --a------ C:\WINDOWS\system32\storage.dll
2001-08-18 20:00 41984 --a------ C:\WINDOWS\system32\msports.dll
2001-08-18 20:00 41472 --a------ C:\WINDOWS\system32\iasads.dll
2001-08-18 20:00 414208 --a------ C:\WINDOWS\system32\setupdll.dll
2001-08-18 20:00 41019 --a------ C:\WINDOWS\system32\usrsvpia.dll
2001-08-18 20:00 4096 --a------ C:\WINDOWS\system32\unlodctr.exe
2001-08-18 20:00 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2001-08-18 20:00 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2001-08-18 20:00 4096 --a------ C:\WINDOWS\system32\iprtprio.dll
2001-08-18 20:00 40448 --a------ C:\WINDOWS\system32\webhits.dll
2001-08-18 20:00 40448 --a------ C:\WINDOWS\system32\osuninst.exe
2001-08-18 20:00 39936 --a------ C:\WINDOWS\system32\ipxrtmgr.dll
2001-08-18 20:00 39744 --a------ C:\WINDOWS\system32\ole2.dll
2001-08-18 20:00 394240 --a------ C:\WINDOWS\system32\diactfrm.dll
2001-08-18 20:00 39424 --a------ C:\WINDOWS\system32\esentutl.exe
2001-08-18 20:00 39424 --a------ C:\WINDOWS\system32\ddeml.dll
2001-08-18 20:00 39274 --a------ C:\WINDOWS\system32\mem.exe
2001-08-18 20:00 37916 --a------ C:\WINDOWS\system32\msxml2r.dll
2001-08-18 20:00 3708 --a------ C:\WINDOWS\system32\pubprn.vbs
2001-08-18 20:00 370176 --a------ C:\WINDOWS\system32\dhcpmon.dll
2001-08-18 20:00 368710 --a------ C:\WINDOWS\system32\msisam11.dll
2001-08-18 20:00 36864 --a------ C:\WINDOWS\system32\syskey.exe
2001-08-18 20:00 36864 --a------ C:\WINDOWS\system32\ntsdexts.dll
2001-08-18 20:00 36864 --a------ C:\WINDOWS\system32\ntmsevt.dll
2001-08-18 20:00 362496 --a------ C:\WINDOWS\system32\jet500.dll
2001-08-18 20:00 359936 --a------ C:\WINDOWS\system32\cards.dll
2001-08-18 20:00 35840 --a------ C:\WINDOWS\system32\narrhook.dll
2001-08-18 20:00 35840 --a------ C:\WINDOWS\system32\mssign32.dll
2001-08-18 20:00 35840 --a------ C:\WINDOWS\system32\jgmd400.dll
2001-08-18 20:00 3584 --a------ C:\WINDOWS\system32\riched32.dll
2001-08-18 20:00 3584 --a------ C:\WINDOWS\system32\regedt32.exe
2001-08-18 20:00 3584 --a------ C:\WINDOWS\system32\mll_hp.dll
2001-08-18 20:00 3584 --a------ C:\WINDOWS\system32\iprop.dll
2001-08-18 20:00 3584 --a------ C:\WINDOWS\system32\comcat.dll
2001-08-18 20:00 35328 --a------ C:\WINDOWS\system32\winchat.exe
2001-08-18 20:00 35328 --a------ C:\WINDOWS\system32\pifmgr.dll
2001-08-18 20:00 350208 --a------ C:\WINDOWS\system32\d3drm.dll
2001-08-18 20:00 34816 --a------ C:\WINDOWS\system32\d3dpmesh.dll
2001-08-18 20:00 34816 --a------ C:\WINDOWS\system32\atmpvcno.dll
2001-08-18 20:00 345600 --a------ C:\WINDOWS\system32\confmsp.dll
2001-08-18 20:00 33792 --a------ C:\WINDOWS\system32\vssadmin.exe
2001-08-18 20:00 33792 --a------ C:\WINDOWS\system32\regini.exe
2001-08-18 20:00 33280 --a------ C:\WINDOWS\system32\ping6.exe
2001-08-18 20:00 33280 --a------ C:\WINDOWS\system32\msobjs.dll
2001-08-18 20:00 33280 --a------ C:\WINDOWS\system32\eventcls.dll
2001-08-18 20:00 330752 --a------ C:\WINDOWS\system32\dmconfig.dll
2001-08-18 20:00 33040 --a------ C:\WINDOWS\system32\dplay.dll
2001-08-18 20:00 32816 --a------ C:\WINDOWS\system32\commdlg.dll
2001-08-18 20:00 32768 --a------ C:\WINDOWS\system32\cnetcfg.dll
2001-08-18 20:00 323641 --a------ C:\WINDOWS\system32\usrdtea.dll
2001-08-18 20:00 32256 --a------ C:\WINDOWS\system32\wupdmgr.exe
2001-08-18 20:00 32256 --a------ C:\WINDOWS\system32\iashlpr.dll
2001-08-18 20:00 3200 --a------ C:\WINDOWS\system32\wowfax.dll
2001-08-18 20:00 31744 --a------ C:\WINDOWS\system32\tracert6.exe
2001-08-18 20:00 31744 --a------ C:\WINDOWS\system32\ntsd.exe
2001-08-18 20:00 31744 --a------ C:\WINDOWS\system32\fxsroute.dll
2001-08-18 20:00 31232 --a------ C:\WINDOWS\system32\traffic.dll
2001-08-18 20:00 31232 --a------ C:\WINDOWS\system32\sc.exe
2001-08-18 20:00 311327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2001-08-18 20:00 308224 --a------ C:\WINDOWS\system32\netui2.dll
2001-08-18 20:00 30720 --a------ C:\WINDOWS\system32\plustab.dll
2001-08-18 20:00 30720 --a------ C:\WINDOWS\system32\iologmsg.dll
2001-08-18 20:00 3072 --a------ C:\WINDOWS\system32\systray.exe
2001-08-18 20:00 3072 --a------ C:\WINDOWS\system32\rnr20.dll
2001-08-18 20:00 3072 --a------ C:\WINDOWS\system32\fixmapi.exe
2001-08-18 20:00 30160 --a------ C:\WINDOWS\system32\compobj.dll
2001-08-18 20:00 29696 --a------ C:\WINDOWS\system32\lights.exe
2001-08-18 20:00 29370 --a------ C:\WINDOWS\system32\ntdos411.sys
2001-08-18 20:00 29274 --a------ C:\WINDOWS\system32\ntdos412.sys
2001-08-18 20:00 29146 --a------ C:\WINDOWS\system32\ntdos804.sys
2001-08-18 20:00 29146 --a------ C:\WINDOWS\system32\ntdos404.sys
2001-08-18 20:00 2864 --a------ C:\WINDOWS\system32\winsock.dll
2001-08-18 20:00 28626 --a------ C:\WINDOWS\system32\perfd009.dat
2001-08-18 20:00 285184 --a------ C:\WINDOWS\system32\glmf32.dll
2001-08-18 20:00 28112 --a------ C:\WINDOWS\system32\drwatson.exe
2001-08-18 20:00 27866 --a------ C:\WINDOWS\system32\ntdos.sys
2001-08-18 20:00 27648 --a------ C:\WINDOWS\system32\ccfgnt.dll
2001-08-18 20:00 273920 --a------ C:\WINDOWS\system32\dmdlgs.dll
2001-08-18 20:00 2736 --a------ C:\WINDOWS\system32\wowdeb.exe
2001-08-18 20:00 272128 --a------ C:\WINDOWS\system32\perfi009.dat
2001-08-18 20:00 27200 -ra------ C:\WINDOWS\system32\ctl3dv2.dll
2001-08-18 20:00 27136 --a------ C:\WINDOWS\system32\ctl3d32.dll
2001-08-18 20:00 27097 --a------ C:\WINDOWS\system32\country.sys
2001-08-18 20:00 26624 --a------ C:\WINDOWS\system32\scredir.dll
2001-08-18 20:00 26624 --a------ C:\WINDOWS\system32\msxmlr.dll
2001-08-18 20:00 26624 --a------ C:\WINDOWS\system32\cnvfat.dll
2001-08-18 20:00 26224 --a------ C:\WINDOWS\system32\odbc16gt.dll
2001-08-18 20:00 26112 --a------ C:\WINDOWS\system32\graftabl.com
2001-08-18 20:00 26112 --a------ C:\WINDOWS\system32\adptif.dll
2001-08-18 20:00 256192 --a------ C:\WINDOWS\winhelp.exe
2001-08-18 20:00 25600 --a------ C:\WINDOWS\twunk_32.exe
2001-08-18 20:00 25600 --a------ C:\WINDOWS\system32\utildll.dll
2001-08-18 20:00 25600 --a------ C:\WINDOWS\system32\routemon.exe
2001-08-18 20:00 25600 --a------ C:\WINDOWS\system32\msvidc32.dll
2001-08-18 20:00 25600 --a------ C:\WINDOWS\system32\format.com
2001-08-18 20:00 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2001-08-18 20:00 25600 --a------ C:\WINDOWS\system32\aaaamon.dll
2001-08-18 20:00 2560 --a------ C:\WINDOWS\system32\lz32.dll
2001-08-18 20:00 253952 --a------ C:\WINDOWS\system32\neth.dll
2001-08-18 20:00 253952 --a------ C:\WINDOWS\system32\msvcrt20.dll
2001-08-18 20:00 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2001-08-18 20:00 25088 --a------ C:\WINDOWS\system32\lnkstub.exe
2001-08-18 20:00 247808 --a------ C:\WINDOWS\system32\iassdo.dll
2001-08-18 20:00 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2001-08-18 20:00 24603 --a------ C:\WINDOWS\system32\sqlwid.dll
2001-08-18 20:00 24576 --a------ C:\WINDOWS\system32\rsmsink.exe
2001-08-18 20:00 24576 --a------ C:\WINDOWS\system32\gdi.exe
2001-08-18 20:00 24576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2001-08-18 20:00 241725 --a------ C:\WINDOWS\system32\msuni11.dll
2001-08-18 20:00 24064 --a------ C:\WINDOWS\system32\olesvr.dll
2001-08-18 20:00 23552 --a------ C:\WINDOWS\system32\sort.exe
2001-08-18 20:00 23552 --a------ C:\WINDOWS\system32\sfmapi.dll
2001-08-18 20:00 23552 --a------ C:\WINDOWS\system32\rsvpmsg.dll
2001-08-18 20:00 23552 --a------ C:\WINDOWS\system32\rasrad.dll
2001-08-18 20:00 23552 --a------ C:\WINDOWS\system32\iasacct.dll
2001-08-18 20:00 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2001-08-18 20:00 22528 --a------ C:\WINDOWS\system32\rasmxs.dll
2001-08-18 20:00 22016 --a------ C:\WINDOWS\system32\w32topl.dll
2001-08-18 20:00 22016 --a------ C:\WINDOWS\system32\rpcns4.dll
2001-08-18 20:00 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2001-08-18 20:00 22016 --a------ C:\WINDOWS\system32\olesvr32.dll
2001-08-18 20:00 22016 --a------ C:\WINDOWS\system32\mpnotify.exe
2001-08-18 20:00 218003 --a------ C:\WINDOWS\system32\dssec.dat
2001-08-18 20:00 21504 --a------ C:\WINDOWS\system32\pathping.exe
2001-08-18 20:00 21504 --a------ C:\WINDOWS\system32\ipxrip.dll
2001-08-18 20:00 214016 --a------ C:\WINDOWS\system32\netevent.dll
2001-08-18 20:00 2112 --a------ C:\WINDOWS\system32\winspool.exe
2001-08-18 20:00 20992 --a------ C:\WINDOWS\system32\msg.exe
2001-08-18 20:00 20992 --a------ C:\WINDOWS\system32\ipxwan.dll
2001-08-18 20:00 208896 --a------ C:\WINDOWS\system32\wavemsp.dll
2001-08-18 20:00 20634 --a------ C:\WINDOWS\system32\debug.exe
2001-08-18 20:00 20535 --a------ C:\WINDOWS\system32\vfpodbc.dll
2001-08-18 20:00 20480 --a------ C:\WINDOWS\system32\nbtstat.exe
2001-08-18 20:00 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2001-08-18 20:00 20480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2001-08-18 20:00 19968 --a------ C:\WINDOWS\system32\route.exe
2001-08-18 20:00 199168 --a------ C:\WINDOWS\system32\ir32_32.dll
2001-08-18 20:00 19694 --a------ C:\WINDOWS\system32\graphics.com
2001-08-18 20:00 19456 --a------ C:\WINDOWS\system32\tcpsvcs.exe
2001-08-18 20:00 19456 --a------ C:\WINDOWS\system32\mode.com
2001-08-18 20:00 19456 --a------ C:\WINDOWS\system32\dmocx.dll
2001-08-18 20:00 19456 --a------ C:\WINDOWS\system32\arp.exe
2001-08-18 20:00 19200 --a------ C:\WINDOWS\system32\tapi.dll
2001-08-18 20:00 18944 --a------ C:\WINDOWS\vmmreg32.dll
2001-08-18 20:00 18944 --a------ C:\WINDOWS\system32\wmiprop.dll
2001-08-18 20:00 18944 --a------ C:\WINDOWS\system32\winstrm.dll
2001-08-18 20:00 18896 --a------ C:\WINDOWS\system32\sysedit.exe
2001-08-18 20:00 18432 --a------ C:\WINDOWS\system32\win.com
2001-08-18 20:00 18432 --a------ C:\WINDOWS\system32\dmintf.dll
2001-08-18 20:00 18432 --a------ C:\WINDOWS\system32\deskperf.dll
2001-08-18 20:00 18432 --a------ C:\WINDOWS\system32\cacls.exe
2001-08-18 20:00 18176 --a------ C:\WINDOWS\system32\vga64k.dll
2001-08-18 20:00 17920 --a------ C:\WINDOWS\system32\ureg.dll
2001-08-18 20:00 17920 --a------ C:\WINDOWS\system32\iaspolcy.dll
2001-08-18 20:00 17920 --a------ C:\WINDOWS\system32\diskperf.exe
2001-08-18 20:00 177856 --a------ C:\WINDOWS\system32\typelib.dll
2001-08-18 20:00 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2001-08-18 20:00 176128 --a------ C:\WINDOWS\system32\ftsrch.dll
2001-08-18 20:00 17408 --a------ C:\WINDOWS\system32\mcicda.dll
2001-08-18 20:00 17408 --a------ C:\WINDOWS\system32\esentprf.dll
2001-08-18 20:00 17408 --a------ C:\WINDOWS\system32\compact.exe
2001-08-18 20:00 171008 --a------ C:\WINDOWS\system32\netmsg.dll
2001-08-18 20:00 169984 --a------ C:\WINDOWS\system32\iprtrmgr.dll
2001-08-18 20:00 169520 --a------ C:\WINDOWS\system32\ole2disp.dll
2001-08-18 20:00 16896 --a------ C:\WINDOWS\system32\vss_ps.dll
2001-08-18 20:00 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2001-08-18 20:00 16896 --a------ C:\WINDOWS\system32\tftp.exe
2001-08-18 20:00 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2001-08-18 20:00 16896 --a------ C:\WINDOWS\system32\perfnet.dll
2001-08-18 20:00 16896 --a------ C:\WINDOWS\system32\oleaccrc.dll
2001-08-18 20:00 16896 --a------ C:\WINDOWS\system32\deskmon.dll
2001-08-18 20:00 163840 --a------ C:\WINDOWS\system32\mindex.dll
2001-08-18 20:00 16384 --a------ C:\WINDOWS\system32\tskill.exe
2001-08-18 20:00 16384 --a------ C:\WINDOWS\system32\runas.exe
2001-08-18 20:00 16384 --a------ C:\WINDOWS\system32\prflbmsg.dll
2001-08-18 20:00 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2001-08-18 20:00 16384 --a------ C:\WINDOWS\system32\fmifs.dll
2001-08-18 20:00 16384 --a------ C:\WINDOWS\system32\deskadp.dll
2001-08-18 20:00 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2001-08-18 20:00 163328 --a------ C:\WINDOWS\system32\oleacc.dll
2001-08-18 20:00 163328 --a------ C:\WINDOWS\system32\ciadmin.dll
2001-08-18 20:00 15872 --a------ C:\WINDOWS\system32\sysinv.dll
2001-08-18 20:00 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2001-08-18 20:00 15872 --a------ C:\WINDOWS\system32\more.com
2001-08-18 20:00 15872 --a------ C:\WINDOWS\system32\expand.exe
2001-08-18 20:00 15872 --a------ C:\WINDOWS\system32\comp.exe
2001-08-18 20:00 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2001-08-18 20:00 157696 --a------ C:\WINDOWS\system32\paqsp.dll
2001-08-18 20:00 154112 --a------ C:\WINDOWS\system32\ipmontr.dll
2001-08-18 20:00 15360 --a------ C:\WINDOWS\taskman.exe
2001-08-18 20:00 15360 --a------ C:\WINDOWS\system32\tsd32.dll
2001-08-18 20:00 15360 --a------ C:\WINDOWS\system32\taskman.exe
2001-08-18 20:00 15360 --a------ C:\WINDOWS\system32\pentnt.exe
2001-08-18 20:00 15360 --a------ C:\WINDOWS\system32\logoff.exe
2001-08-18 20:00 153008 --a------ C:\WINDOWS\system32\ole2nls.dll
2001-08-18 20:00 152064 --a------ C:\WINDOWS\system32\datime.dll
2001-08-18 20:00 1501696 --a------ C:\WINDOWS\system32\diskcopy.dll
2001-08-18 20:00 149019 --a------ C:\WINDOWS\system32\crtdll.dll
2001-08-18 20:00 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2001-08-18 20:00 14848 --a------ C:\WINDOWS\system32\tscon.exe
2001-08-18 20:00 14848 --a------ C:\WINDOWS\system32\slbrccsp.dll
2001-08-18 20:00 14848 --a------ C:\WINDOWS\system32\shadow.exe
2001-08-18 20:00 14848 --a------ C:\WINDOWS\system32\serwvdrv.dll
2001-08-18 20:00 14848 --a------ C:\WINDOWS\system32\msidntld.dll
2001-08-18 20:00 14848 --a------ C:\WINDOWS\system32\hnetmon.dll
2001-08-18 20:00 14848 --a------ C:\WINDOWS\system32\help.exe
2001-08-18 20:00 14848 --a------ C:\WINDOWS\system32\fc.exe
2001-08-18 20:00 147968 --a------ C:\WINDOWS\system32\mdwmdmsp.dll
2001-08-18 20:00 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2001-08-18 20:00 14710 --a------ C:\WINDOWS\system32\kb16.com
2001-08-18 20:00 145408 --a------ C:\WINDOWS\system32\wiavusd.dll
2001-08-18 20:00 144384 --a------ C:\WINDOWS\system32\dskquoui.dll
2001-08-18 20:00 143360 --a------ C:\WINDOWS\system32\rasmontr.dll
2001-08-18 20:00 14336 --a------ C:\WINDOWS\system32\serialui.dll
2001-08-18 20:00 14336 --a------ C:\WINDOWS\system32\ntlanui2.dll
2001-08-18 20:00 14336 --a------ C:\WINDOWS\system32\cmpbk32.dll
2001-08-18 20:00 142848 --a------ C:\WINDOWS\system32\capesnpn.dll
2001-08-18 20:00 141312 --a------ C:\WINDOWS\system32\iasrecst.dll
2001-08-18 20:00 13888 --a------ C:\WINDOWS\system32\toolhelp.dll
2001-08-18 20:00 138752 --a------ C:\WINDOWS\system32\swprv.dll
2001-08-18 20:00 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2001-08-18 20:00 13824 --a------ C:\WINDOWS\system32\wowfaxui.dll
2001-08-18 20:00 13824 --a------ C:\WINDOWS\system32\sisbkup.dll
2001-08-18 20:00 13824 --a------ C:\WINDOWS\system32\senscfg.dll
2001-08-18 20:00 13824 --a------ C:\WINDOWS\system32\convert.exe
2001-08-18 20:00 1355776 --a------ C:\WINDOWS\system32\msvbvm50.dll
2001-08-18 20:00 13312 --a------ C:\WINDOWS\system32\win87em.dll
2001-08-18 20:00 13312 --a------ C:\WINDOWS\system32\verifier.dll
2001-08-18 20:00 13312 --a------ C:\WINDOWS\system32\umdmxfrm.dll
2001-08-18 20:00 13312 --a------ C:\WINDOWS\system32\ntvdmd.dll
2001-08-18 20:00 13312 --a------ C:\WINDOWS\system32\msswch.dll
2001-08-18 20:00 13312 --a------ C:\WINDOWS\system32\irclass.dll
2001-08-18 20:00 13312 --a------ C:\WINDOWS\system32\atkctrs.dll
2001-08-18 20:00 132608 --a------ C:\WINDOWS\system32\rsvp.exe
2001-08-18 20:00 132608 --a------ C:\WINDOWS\system32&
  • 0

#10
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
It looks like the log got cut off. If you could please post the rest, I can come up with a new fix. :whistling:
  • 0

#11
haku_orig

haku_orig

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
HI!
this is the new log file...i scanned it again using combofix... and also with hijackfile...

"Editor" - 07-03-29 11:18:43 Service Pack 2
ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Editor\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Editor\Desktop.\internet explorer.lnk
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\TSKS~1
C:\qoobox\purity\Program Files\Common Files\TSKS~1\scanregw.exe
C:\qoobox\purity\Program Files\Common Files\TSKS~1\T?sks


((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-29 ))))))))))))))))))))))))))))))))))


2007-03-03 03:59 53,248 --a------ C:\WINDOWS\uni_eh10.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-29 10:50 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\Srv32 spool service]
"Adware.Srv32"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"C-Media Speaker Configuration"="E:\\Sound\\C-Media\\Xp-2K-Me\\drv\\Setup.exe /SPEAKER"
"Tray Temperature"="C:\\PROGRA~1\\AWS\\WEATHE~1\\MiniBug.exe 1"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\BFU\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Srv32 spool service]
"Adware.Srv32"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Real-time Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\Real-time Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{A839294B-70A9-11D5-9F5A-0050DAD742CD}\\_5880C51.exe "
"item"="Real-time Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^wupdmgr.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\wupdmgr.exe"
"backup"="C:\\WINDOWS\\pss\\wupdmgr.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\wupdmgr.exe"
"item"="wupdmgr"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\49MOtd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vpxkr"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\vpxkr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adware.Admess]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tcpservice2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\tcpservice2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adware.Srv32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="runsrv32"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\runsrv32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alexa]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alxtb1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alxtb1.dll"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO\y-]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vpxkr"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\vpxkr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO/G%)fNbC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO/G%)fNbC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO/G%)fNbC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO/G%)fNbC:\Program Files\ISTsvc\istsvc.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vpxkr"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\vpxkr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO/fNbC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO/fNbC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO/fNbC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO/fNbC:\Program Files\ISTsvc\istsvc.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vpxkr"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\vpxkr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C25FHeCc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vpxkr"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\vpxkr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CallControl 4.5]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FTCtrl32"
"hkey"="HKLM"
"command"="C:\\PROGRAM FILES\\FAXTALK COMMUNICATOR\\FTCtrl32.exe /autoload"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DailyToolbar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dailytoolbar"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dailytoolbar.dll"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C41 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S10IC2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C41 Series\" /O5 \"LPT1:\" /M \"Stylus C41\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="istsvc"
"hkey"="HKLM"
"command"="C:\\Program Files\\ISTsvc\\istsvc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="keyboard7"
"hkey"="HKLM"
"command"="C:\\windows\\keyboard7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mousepad7"
"hkey"="HKLM"
"command"="C:\\windows\\mousepad7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="newname7"
"hkey"="HKLM"
"command"="C:\\windows\\newname7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pop3trap"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2000\\Pop3trap.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SAcc"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfAccuracy\\SAcc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transponder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="susp"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\susp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebTrapNT.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebTrapNT"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2000\\WebTrapNT.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\# L"h'9Ӝ3rWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\# L"h'9Ӝ3rWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\# L"h'9Ӝ3rWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\# L"h'9Ӝ3rWC:\Program Files\ISTsvc\istsvc.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vpxkr"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\vpxkr.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source REG_SZ C:\Program Files\MSN\profsyfsywue.html

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ C:\Program Files\ewido\profsyfsywue.html

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ C:\Program Files\Windows NT\profsyfsywue.html

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source REG_SZ C:\WINDOWS\system32\ad.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
HTTPFilter REG_MULTI_SZ HTTPFilter\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c1663c2-ceea-11d5-a42d-94c3b6d861ff}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9737a90-ceeb-11d5-a445-f0bbe4014b30}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-29 11:25:01
C:\ComboFix2.txt ... 01-11-02 01:01


here's the hijack file....

Logfile of HijackThis v1.99.1
Scan saved at 11:38:06 AM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BFU\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\BFU\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Killbox & CCC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [C-Media Speaker Configuration] E:\Sound\C-Media\Xp-2K-Me\drv\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\WEATHE~1\MiniBug.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\BFU\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03CD2F3B-8555-4A76-94B4-1B1A4257A393}: NameServer = 210.23.234.33 210.23.234.65
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\BFU\AVG Anti-Spyware 7.5\guard.exe

thank you! inform me again okei?? thank u much! :whistling:
  • 0

#12
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
1. Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\Reg Cure\hokewo.dll
    C:\Program Files\Free iPod Video Converter\hokewo.dll
    C:\Program Files\Windows NT\lavuqadu.dll
    C:\Program Files\Flash MX\hokewo.dll
    C:\Program Files\Web Buying
    C:\Program Files\Flash MX\hokewo.dll
    C:\Program Files\Common Files\{8CC1C65F-031D-1033-1102-010627010001}
    C:\Program Files\Common Files\{8CC1C65F-031E-1033-1102-010627010001}
    C:\WINDOWS\system32\bund1
    C:\WINDOWS\VTTC.exe
    C:\onoes.exe
    C:\Program Files\Common Files\Yazzle1670OinAdmin.exe
    C:\WINDOWS\security.html
    C:\WINDOWS\ms077825-193345.exe
    C:\WINDOWS\system32\bund1\mac.exe
    C:\WINDOWS\system32\Update.exe
    C:\WINDOWS\system32\Winzip.exe
    C:\FS6519.dll.vbs
    C:\WINDOWS\FS6519.dll.vbs
    C:\Program Files\outlook
    C:\WINDOWS\uni_eh10.exe
    C:\WINDOWS\system32\tcpservice2.exe
    C:\WINDOWS\system32\runsrv32.exe
    C:\WINDOWS\alxtb1.dll
    C:\WINDOWS\system32\dailytoolbar.dll
    C:\Program Files\ISTsvc
    C:\WINDOWS\keyboard7.exe
    C:\WINDOWS\mousepad7.exe
    C:\WINDOWS\newname7.exe
    C:\Program Files\SurfAccuracy
    C:\WINDOWS\system32\susp.exe
    C:\WINDOWS\vpxkr.exe
    C:\Program Files\MSN\profsyfsywue.html
    C:\Program Files\ewido\profsyfsywue.html
    C:\Program Files\Windows NT\profsyfsywue.html
    C:\WINDOWS\system32\ad.html


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

2. We'll need to dig into the registry to clean your computer up a bit. :whistling:

First, let's back up your registry.
  • Go to Start > Run
  • Type: regedit
  • Click OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
    • Leave the "Save As Type" as "Registration Files".
    • Under "Filename" put backup
  • Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Next, we are going to create a .reg file that will change some settings tweaked by malware.
  • Please click on the Start menu, and click on All Programs.
  • Scroll to the folder that says Accessories and click on Notepad.
  • Copy the text in the code box below into Notepad, and save as fix.reg on your desktop.
Make sure that there is a blank line at the bottom of the copied text in Notepad!

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\Srv32 spool service]
"Adware.Srv32"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Srv32 spool service]
"Adware.Srv32"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\49MOtd]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adware.Admess]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adware.Srv32]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alexa]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO/G%)fNbC:]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bO/fNbC:]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C25FHeCc]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DailyToolbar]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transponder]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\#  L"h'9Ӝ3rWC:]

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c1663c2-ceea-11d5-a42d-94c3b6d861ff}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9737a90-ceeb-11d5-a445-f0bbe4014b30}]

Finally, we need to merge this with the registry. To do this, simply double-click fix.reg on your desktop, and when it asks you if you want to merge with the registry, click OK.

When this is completed, restart your computer.

3. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

4. Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new HijackThis log.

  • 0

#13
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Edited by handhfan, 10 April 2007 - 02:05 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP