Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TrojanDownloader.xs got me [RESOLVED]

Started by OscarNJ , Feb 17 2008 08:31 AM

  • This topic is locked This topic is locked

#1
OscarNJ
Posted 17 February 2008 - 08:31 AM

OscarNJ

    New Member

  • Member
  • Pip
  • 8 posts
I've scanned through a few posts, and it seems I have the TrojanDownloader that a few people have described. I get the warning message and funky icons, taskmgr is disabled, etc. I did see that you had most folks run combofix.exe, so I did that already. I'll attach the results below. Please let me know what the next step would be. I have McAfee and Ad-Aware available to use, as well as Windows Defender.

Thanks for whatever you can do.

ComboFix 08-02-17.2 - Paul 2008-02-17 9:11:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367 [GMT -5:00]
Running from: C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\J3W9JPCA\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\helptip.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\powerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\timerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning2.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\bar.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\circledoor.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hexfield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\trifield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetletatoo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\dirt.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpost.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpostovr.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\tritop.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkdown.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkup.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknob.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknobover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderrail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\bast\look\bl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\crackedstopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\cursor.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\doorlights.txt
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\lithos.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\greybomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\arrowkeys.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\helptip.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\levels\levels.dat
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\disk.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\equilateraltriangle.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\flattri.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\pyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\quad.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\rotatingpyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\scarabpanel.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\p1icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-0.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-1.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-0-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-1-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scorecloud.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\setup.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\areashockwave.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_starter.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_tail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\flash.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\rubble.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\mask01_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\stopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\timer.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\timerglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\timericon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\tm.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabombrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\boardfill.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bricktip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wild.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wildrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image2.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image3.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\bluebucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\buckettriangle.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chainlink.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chaintip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\genericbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\greenbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\redbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallblue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallgreen.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallred.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallyellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnplatform.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\yellowbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\warning.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\error.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\game.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\gameover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscore.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\instructions.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\leveldesign.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\levelover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainarcade.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\maincontinue.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\maingames.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainpuzzle.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\maphelptip.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\options.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\pause.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\quitconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\start.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\storyplayer.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\style.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\upsell.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\strings.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\TriJinx.exe
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\setup.exe
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\pfxzmtaim.dll
C:\WINDOWS\system32\pfxzmtforum.dll
C:\WINDOWS\system32\pfxzmtgtal.dll
C:\WINDOWS\system32\pfxzmticq.dll
C:\WINDOWS\system32\pfxzmtsmt.dll
C:\WINDOWS\system32\pfxzmtsmtspm.dll
C:\WINDOWS\system32\pfxzmtwbmail.dll
C:\WINDOWS\system32\pfxzmtymsg.dll
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\sfxzmtforum.dll
C:\WINDOWS\system32\sfxzmtsmt.dll
C:\WINDOWS\system32\sfxzmtsmtspm.dll
C:\WINDOWS\system32\sfxzmtwbmail.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll.cla
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 09:15 . 2008-02-17 09:15 <DIR> d-------- C:\WINDOWS\system32\acespy
2008-02-17 09:15 . 2008-02-17 09:15 <DIR> d-------- C:\Program Files\p2pnetworks
2008-02-17 09:15 . 2008-02-17 09:15 <DIR> d-------- C:\Program Files\e-zshopper
2008-02-17 09:15 . 2008-02-17 09:15 <DIR> d-------- C:\Program Files\amsys
2008-02-17 09:15 . 2008-02-17 09:15 <DIR> d-------- C:\Program Files\akl
2008-02-17 09:15 . 2008-02-17 09:15 <DIR> d-------- C:\Program Files\Accoona
2008-02-17 09:15 . 2008-02-17 09:15 <DIR> d-------- C:\Program Files\3721
2008-02-16 21:51 . 2008-02-16 21:53 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-16 21:38 . 2008-02-16 21:38 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-16 21:38 . 2008-02-16 21:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 21:38 . 2008-02-16 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 21:29 . 2008-02-16 21:29 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-16 15:42 . 2008-02-16 15:42 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-16 15:21 . 2008-02-16 15:21 <DIR> d-------- C:\Documents and Settings\Other\Application Data\ATI
2008-02-16 05:56 . 2008-02-16 05:56 94,225 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-02-16 05:56 . 2008-02-16 08:57 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-15 20:38 . 2008-02-17 08:56 <DIR> d-------- C:\Program Files\Steam
2008-02-15 15:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-15 15:31 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-14 20:02 . 2008-02-14 20:02 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\ATI
2008-02-14 20:02 . 2008-02-14 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-14 19:10 . 2008-02-14 19:10 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-22 15:04 . 2008-01-22 15:04 46,080 --a------ C:\WINDOWS\system32\amdpcom32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 20:40 --------- d-----w C:\Program Files\RGB
2008-02-15 00:58 --------- d-----w C:\Program Files\ATI Technologies
2008-01-23 04:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 04:15 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-23 04:13 --------- d-----w C:\Program Files\TurboTax
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:58 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-01-22 19:42 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-01-18 22:29 --------- d-----w C:\Program Files\McAfee
2008-01-13 14:54 --------- d-----w C:\Documents and Settings\Paul\Application Data\SolidWorks
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-02 05:08 --------- d-----w C:\Program Files\Rhapsody
2008-01-02 04:38 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2008-01-01 18:47 --------- d-----w C:\Program Files\SanDisk
2007-12-31 18:22 --------- d-----w C:\Program Files\Google
2007-12-26 23:56 --------- d-----w C:\Program Files\directx
2007-12-26 23:52 --------- d-----w C:\Program Files\Nival Interactive
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-25 18:26 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-04 19:47 57,072 ----a-w C:\Documents and Settings\Paul\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 16:40 24576 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2005-10-19 13:39 135168]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-15 20:38 1266936]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 17:04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 06:42 1159168]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 12:52 75584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"MBMon"="CTMBHA.DLL" [2005-05-19 07:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15 271672]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-07 23:55 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-07 23:55 491520]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-07 23:55 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 02:12 98304]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 08:47 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

S3 Remote Solver for COSMOSFloWorks 2005;Remote Solver for COSMOSFloWorks 2005;C:\Program Files\COSMOS Applications\FloWorks\bin\StandAloneSlv.exe [2004-11-22 18:17]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-16 23:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-15 06:00:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:00:09 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-17 13:57:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 09:15:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 9:16:29
ComboFix-quarantined-files.txt 2008-02-17 14:16:21
.
2008-02-13 05:16:21 --- E O F ---
  • 0

Advertisements

#2
Essexboy
Posted 17 February 2008 - 08:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi as you have combofix I will continue to use that for the moment

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\winfrun32.bin

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

THEN

Download the attached Zip file and etract the .reg file to your desk top.
Double cliick the reg file and accept the warnings
  • 0

#3
OscarNJ
Posted 17 February 2008 - 08:51 AM

OscarNJ

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the latest combofix report, followed by a Hijackthis log:

ComboFix 08-02-17.2 - Paul 2008-02-17 9:42:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.384 [GMT -5:00]
Running from: C:\Documents and Settings\Paul\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\winfrun32.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-16 21:51 . 2008-02-16 21:53 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-16 21:38 . 2008-02-16 21:38 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-16 21:38 . 2008-02-16 21:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 21:38 . 2008-02-16 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 21:29 . 2008-02-16 21:29 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-16 15:42 . 2008-02-16 15:42 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-16 15:21 . 2008-02-16 15:21 <DIR> d-------- C:\Documents and Settings\Other\Application Data\ATI
2008-02-15 20:38 . 2008-02-17 09:36 <DIR> d-------- C:\Program Files\Steam
2008-02-15 15:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-15 15:31 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-14 20:02 . 2008-02-14 20:02 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\ATI
2008-02-14 20:02 . 2008-02-14 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-14 19:10 . 2008-02-14 19:10 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-22 15:04 . 2008-01-22 15:04 46,080 --a------ C:\WINDOWS\system32\amdpcom32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 20:40 --------- d-----w C:\Program Files\RGB
2008-02-15 00:58 --------- d-----w C:\Program Files\ATI Technologies
2008-01-23 04:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 04:15 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-23 04:13 --------- d-----w C:\Program Files\TurboTax
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:58 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-01-22 19:42 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-01-18 22:29 --------- d-----w C:\Program Files\McAfee
2008-01-13 14:54 --------- d-----w C:\Documents and Settings\Paul\Application Data\SolidWorks
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-02 05:08 --------- d-----w C:\Program Files\Rhapsody
2008-01-02 04:38 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2008-01-01 18:47 --------- d-----w C:\Program Files\SanDisk
2007-12-31 18:22 --------- d-----w C:\Program Files\Google
2007-12-26 23:56 --------- d-----w C:\Program Files\directx
2007-12-26 23:52 --------- d-----w C:\Program Files\Nival Interactive
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-25 18:26 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-04 19:47 57,072 ----a-w C:\Documents and Settings\Paul\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 16:40 24576 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2005-10-19 13:39 135168]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-15 20:38 1266936]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 17:04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 06:42 1159168]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 12:52 75584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"MBMon"="CTMBHA.DLL" [2005-05-19 07:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15 271672]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-07 23:55 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-07 23:55 491520]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-07 23:55 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 02:12 98304]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 08:47 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

S3 Remote Solver for COSMOSFloWorks 2005;Remote Solver for COSMOSFloWorks 2005;C:\Program Files\COSMOS Applications\FloWorks\bin\StandAloneSlv.exe [2004-11-22 18:17]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-16 23:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-15 06:00:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:00:09 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-17 14:39:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 09:46:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 9:46:34
ComboFix-quarantined-files.txt 2008-02-17 14:46:32
ComboFix2.txt 2008-02-17 14:16:30
.
2008-02-13 05:16:21 --- E O F ---


And the Hijackthis log ...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:21 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\DOCUME~1\Paul\LOCALS~1\Temp\clclean.0001
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://www.xpeeps.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203028652281
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...231/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2005 - Unknown owner - C:\Program Files\COSMOS Applications\FloWorks\bin\StandAloneSlv.exe

--
End of file - 12975 bytes
  • 0

#4
Essexboy
Posted 17 February 2008 - 09:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking better - now lets do a deep sweep

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35u.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#5
OscarNJ
Posted 17 February 2008 - 01:13 PM

OscarNJ

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Good to hear we're making prgoress. Okay ... done with that. The WinPFind output is attached.

Attached Files


  • 0

#6
Essexboy
Posted 17 February 2008 - 03:35 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm a lot of old dialler software and some possible keyloggers

One or more of the identified infections is a backdoor Trojan and a key logger.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.


Start WinPFind35. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> clclean.0001 -> %SystemDrive%\DOCUME~1\Paul\LOCALS~1\Temp\clclean.000
[Registry - Non-Microsoft Only]
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YY -> C:\WINDOWS\system32\rxjddnvj.exe -> %SystemRoot%\system32\rxjddnvj.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YY -> C:\WINDOWS\system32\rxjddnvj.exe -> %SystemRoot%\system32\rxjddnvj.exe
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YY -> C:\WINDOWS\system32\rxjddnvj.exe -> %SystemRoot%\system32\rxjddnvj.exe
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YY -> C:\WINDOWS\system32\rxjddnvj.exe -> %SystemRoot%\system32\rxjddnvj.exe
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YY -> C:\WINDOWS\system32\rxjddnvj.exe -> %SystemRoot%\system32\rxjddnvj.exe
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YY -> C:\WINDOWS\system32\rxjddnvj.exe -> %SystemRoot%\system32\rxjddnvj.exe
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKEY_USERS\S-1-5-21-2363555927-2604744790-1362174894-1005] > -> HKEY_USERS\S-1-5-21-2363555927-2604744790-1362174894-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YY -> C:\WINDOWS\system32\rxjddnvj.exe -> %SystemRoot%\system32\rxjddnvj.exe
< Winlogon settings [HKEY_USERS\S-1-5-21-2363555927-2604744790-1362174894-1005] > -> HKEY_USERS\S-1-5-21-2363555927-2604744790-1362174894-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {00000012-890e-4aac-afd9-eff6954a34dd} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {029e02f0-a0e5-4b19-b958-7bf2db29fb13} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {06dfedaa-6196-11d5-bfc8-00508b4a487d} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {12F02779-6D88-4958-8AD3-83C12D86ADC7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {1adbcce8-cf84-441e-9b38-afc7a19c06a4} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {51641ef3-8a7a-4d84-8659-b0911e947cc8} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {54645654-2225-4455-44A1-9F4543D34546} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {669695bc-a811-4a9d-8cdf-ba8c795f261e} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {944864a5-3916-46e2-96a9-a2e84f3f1208} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {a4a435cf-3583-11d4-91bd-0048546a1450} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {bb936323-19fa-4521-ba29-eca6a121bc78} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {c2680e10-1655-4a0e-87f8-4259325a84b7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {c4ca6559-2cf1-48b6-96b2-8340a06fd129} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {c5af2622-8c75-4dfb-9693-23ab7686a456} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {ca1d1b05-9c66-11d5-a009-000103c1e50b} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {d8efadf1-9009-11d6-8c73-608c5dc19089} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {e9147a0a-a866-4214-b47c-da821891240f} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {e9306072-417e-43e3-81d5-369490beef7c} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
YN -> {F47C1DB5-ED21-4dc1-853E-D1495792D4C5}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Bodog Poker]
[Files/Folders - Created Within 90 days]
YY -> ace16win.dll -> %SystemRoot%\System32\ace16win.dll
NY -> acespy -> %SystemRoot%\System32\acespy
YY -> ESHOPEE.exe -> %SystemRoot%\System32\ESHOPEE.exe
YY -> sed.exe -> %SystemRoot%\System32\sed.exe
YY -> vxddsk.exe -> %SystemRoot%\System32\vxddsk.exe
YY -> winfrun32.bin -> %SystemRoot%\System32\winfrun32.bin
YY -> wml.exe -> %SystemRoot%\System32\wml.exe
YY -> 764.exe -> %SystemRoot%\764.exe
YY -> 7search.dll -> %SystemRoot%\7search.dll
YY -> absolute key logger.lnk -> %SystemRoot%\absolute key logger.lnk
YY -> aconti.exe -> %SystemRoot%\aconti.exe
YY -> aconti.ini -> %SystemRoot%\aconti.ini
YY -> aconti.sdb -> %SystemRoot%\aconti.sdb
YY -> adbar.dll -> %SystemRoot%\adbar.dll
YY -> atiogl.xml -> %SystemRoot%\atiogl.xml
YY -> ativpsrm.bin -> %SystemRoot%\ativpsrm.bin
YY -> cbinst$.exe -> %SystemRoot%\cbinst$.exe
YY -> daxtime.dll -> %SystemRoot%\daxtime.dll
YY -> dp0.dll -> %SystemRoot%\dp0.dll
YY -> eventlowg.dll -> %SystemRoot%\eventlowg.dll
YY -> fhfmm-Uninstaller.exe -> %SystemRoot%\fhfmm-Uninstaller.exe
YY -> flt.dll -> %SystemRoot%\flt.dll
YY -> hcwprn.exe -> %SystemRoot%\hcwprn.exe
YY -> hotporn.exe -> %SystemRoot%\hotporn.exe
YY -> iexplorr23.dll -> %SystemRoot%\iexplorr23.dll
YY -> ie_32.exe -> %SystemRoot%\ie_32.exe
YY -> kkcomp$.exe -> %SystemRoot%\kkcomp$.exe
YY -> kkcomp.dll -> %SystemRoot%\kkcomp.dll
YY -> kkcomp.exe -> %SystemRoot%\kkcomp.exe
YY -> kvnab$.exe -> %SystemRoot%\kvnab$.exe
YY -> kvnab.dll -> %SystemRoot%\kvnab.dll
YY -> kvnab.exe -> %SystemRoot%\kvnab.exe
YY -> liqad$.exe -> %SystemRoot%\liqad$.exe
YY -> liqad.dll -> %SystemRoot%\liqad.dll
YY -> liqad.exe -> %SystemRoot%\liqad.exe
YY -> liqui-Uninstaller.exe -> %SystemRoot%\liqui-Uninstaller.exe
YY -> liqui.dll -> %SystemRoot%\liqui.dll
YY -> liqui.exe -> %SystemRoot%\liqui.exe
YY -> ngd.dll -> %SystemRoot%\ngd.dll
YY -> pbar.dll -> %SystemRoot%\pbar.dll
YY -> pbsysie.dll -> %SystemRoot%\pbsysie.dll
YY -> popcinfot.dat -> %SystemRoot%\popcinfot.dat
YY -> settn.dll -> %SystemRoot%\settn.dll
NY -> spredirect.dll -> %SystemRoot%\spredirect.dll
YY -> vxddsk.exe -> %SystemRoot%\vxddsk.exe
YY -> wbeCheck.exe -> %SystemRoot%\wbeCheck.exe
YY -> wbeInst$.exe -> %SystemRoot%\wbeInst$.exe
YY -> wml.exe -> %SystemRoot%\wml.exe
YY -> xadbrk.dll -> %SystemRoot%\xadbrk.dll
YY -> xadbrk.exe -> %SystemRoot%\xadbrk.exe
YY -> xadbrk_.exe -> %SystemRoot%\xadbrk_.exe
YY -> xxxvideo.exe -> %SystemRoot%\xxxvideo.exe
[Files/Folders - Modified Within 90 days]
YY -> 28934D028F.sys -> %SystemRoot%\System32\28934D028F.sys
YY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
YY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
YY -> data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat
YY -> 3 C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\*.tmp files -> C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\*.tmp
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind35 scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#7
OscarNJ
Posted 17 February 2008 - 04:11 PM

OscarNJ

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The first time I ran the fix I got the message "The application or DLL ##### is not a valid windows image. Please chack this against your installation diskette", where ##### was a .DLL filename. I got 18 of these. Also, it asked me to reboot after. When the system came back up, I reran the fix just to be sure, and I got no messages. This also asked for a reboot. The only log file I see is in a subdirectory called "Moved Files". I cannot send them as attachments, so I will paste them below. I also have the latest WinPFind output.

I still get the screen message about being infected, but I don't get the pop up screens anymore. Taskmanager is working okay again as well.

Thanks for the banking and identity advice. I'll open up the laptop and get to checking on that.

LOG #1
[Processes - Non-Microsoft Only]
Process clclean.0001 killed successfully.
File C:\DOCUME~1\Paul\LOCALS~1\Temp\clclean.000 not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe deleted successfully.
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe deleted successfully.
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Unable to delete registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Unable to delete registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Unable to delete registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Unable to delete registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Unable to delete registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000012-890e-4aac-afd9-eff6954a34dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06dfedaa-6196-11d5-bfc8-00508b4a487d}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12F02779-6D88-4958-8AD3-83C12D86ADC7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51641ef3-8a7a-4d84-8659-b0911e947cc8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54645654-2225-4455-44A1-9F4543D34546}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669695bc-a811-4a9d-8cdf-ba8c795f261e}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{944864a5-3916-46e2-96a9-a2e84f3f1208}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4a435cf-3583-11d4-91bd-0048546a1450}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb936323-19fa-4521-ba29-eca6a121bc78}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2680e10-1655-4a0e-87f8-4259325a84b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca1d1b05-9c66-11d5-a009-000103c1e50b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8efadf1-9009-11d6-8c73-608c5dc19089}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9147a0a-a866-4214-b47c-da821891240f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9306072-417e-43e3-81d5-369490beef7c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
[Files/Folders - Created Within 90 days]
LoadLibrary failed for C:\WINDOWS\System32\ace16win.dll
C:\WINDOWS\System32\ace16win.dll NOT unregistered.
C:\WINDOWS\System32\ace16win.dll moved successfully.
C:\WINDOWS\System32\acespy folder moved successfully.
C:\WINDOWS\System32\ESHOPEE.exe moved successfully.
C:\WINDOWS\System32\sed.exe moved successfully.
C:\WINDOWS\System32\vxddsk.exe moved successfully.
C:\WINDOWS\System32\winfrun32.bin moved successfully.
C:\WINDOWS\System32\wml.exe moved successfully.
C:\WINDOWS\764.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\7search.dll
C:\WINDOWS\7search.dll NOT unregistered.
C:\WINDOWS\7search.dll moved successfully.
C:\WINDOWS\absolute key logger.lnk moved successfully.
C:\WINDOWS\aconti.exe moved successfully.
C:\WINDOWS\aconti.ini moved successfully.
C:\WINDOWS\aconti.sdb moved successfully.
LoadLibrary failed for C:\WINDOWS\adbar.dll
C:\WINDOWS\adbar.dll NOT unregistered.
C:\WINDOWS\adbar.dll moved successfully.
C:\WINDOWS\atiogl.xml moved successfully.
C:\WINDOWS\ativpsrm.bin moved successfully.
C:\WINDOWS\cbinst$.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\daxtime.dll
C:\WINDOWS\daxtime.dll NOT unregistered.
C:\WINDOWS\daxtime.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\dp0.dll
C:\WINDOWS\dp0.dll NOT unregistered.
C:\WINDOWS\dp0.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\eventlowg.dll
C:\WINDOWS\eventlowg.dll NOT unregistered.
C:\WINDOWS\eventlowg.dll moved successfully.
C:\WINDOWS\fhfmm-Uninstaller.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\flt.dll
C:\WINDOWS\flt.dll NOT unregistered.
C:\WINDOWS\flt.dll moved successfully.
C:\WINDOWS\hcwprn.exe moved successfully.
C:\WINDOWS\hotporn.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\iexplorr23.dll NOT unregistered.
C:\WINDOWS\iexplorr23.dll moved successfully.
C:\WINDOWS\ie_32.exe moved successfully.
C:\WINDOWS\kkcomp$.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.dll NOT unregistered.
C:\WINDOWS\kkcomp.dll moved successfully.
C:\WINDOWS\kkcomp.exe moved successfully.
C:\WINDOWS\kvnab$.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.dll NOT unregistered.
C:\WINDOWS\kvnab.dll moved successfully.
C:\WINDOWS\kvnab.exe moved successfully.
C:\WINDOWS\liqad$.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.dll NOT unregistered.
C:\WINDOWS\liqad.dll moved successfully.
C:\WINDOWS\liqad.exe moved successfully.
C:\WINDOWS\liqui-Uninstaller.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.dll NOT unregistered.
C:\WINDOWS\liqui.dll moved successfully.
C:\WINDOWS\liqui.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\ngd.dll
C:\WINDOWS\ngd.dll NOT unregistered.
C:\WINDOWS\ngd.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\pbar.dll
C:\WINDOWS\pbar.dll NOT unregistered.
C:\WINDOWS\pbar.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\pbsysie.dll
C:\WINDOWS\pbsysie.dll NOT unregistered.
C:\WINDOWS\pbsysie.dll moved successfully.
C:\WINDOWS\popcinfot.dat moved successfully.
LoadLibrary failed for C:\WINDOWS\settn.dll
C:\WINDOWS\settn.dll NOT unregistered.
C:\WINDOWS\settn.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\spredirect.dll
C:\WINDOWS\spredirect.dll NOT unregistered.
C:\WINDOWS\spredirect.dll moved successfully.
C:\WINDOWS\vxddsk.exe moved successfully.
C:\WINDOWS\wbeCheck.exe moved successfully.
C:\WINDOWS\wbeInst$.exe moved successfully.
C:\WINDOWS\wml.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.dll NOT unregistered.
C:\WINDOWS\xadbrk.dll moved successfully.
C:\WINDOWS\xadbrk.exe moved successfully.
C:\WINDOWS\xadbrk_.exe moved successfully.
C:\WINDOWS\xxxvideo.exe moved successfully.
[Files/Folders - Modified Within 90 days]
C:\WINDOWS\System32\28934D028F.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat moved successfully.
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp scheduled to be deleted on reboot.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\ mon001.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\2704 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_bRTvjG42E7pJmjM scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_7GftH3fzZvbKyhC scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_dFU2FXpUCKzaMg3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_oxUd9iWCzUrnJDj scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_v8HVo2BUFhOliRO scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
WinPFind35U Version Beta52 fix logfile created on 02172008_164417

LOG #2
[Processes - Non-Microsoft Only]
Process clclean.0001 killed successfully.
File C:\DOCUME~1\Paul\LOCALS~1\Temp\clclean.000 not found.
[Registry - Non-Microsoft Only]
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Unable to delete registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Unable to delete registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Unable to delete registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Unable to delete registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Unable to delete registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Unable to delete registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\rxjddnvj.exe .
File C:\WINDOWS\system32\rxjddnvj.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000012-890e-4aac-afd9-eff6954a34dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06dfedaa-6196-11d5-bfc8-00508b4a487d}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12F02779-6D88-4958-8AD3-83C12D86ADC7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51641ef3-8a7a-4d84-8659-b0911e947cc8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54645654-2225-4455-44A1-9F4543D34546}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669695bc-a811-4a9d-8cdf-ba8c795f261e}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{944864a5-3916-46e2-96a9-a2e84f3f1208}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4a435cf-3583-11d4-91bd-0048546a1450}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb936323-19fa-4521-ba29-eca6a121bc78}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2680e10-1655-4a0e-87f8-4259325a84b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca1d1b05-9c66-11d5-a009-000103c1e50b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8efadf1-9009-11d6-8c73-608c5dc19089}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9147a0a-a866-4214-b47c-da821891240f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9306072-417e-43e3-81d5-369490beef7c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
[Files/Folders - Created Within 90 days]
File C:\WINDOWS\System32\ace16win.dll not found!
File C:\WINDOWS\System32\acespy not found!
File C:\WINDOWS\System32\ESHOPEE.exe not found!
File C:\WINDOWS\System32\sed.exe not found!
File C:\WINDOWS\System32\vxddsk.exe not found!
File C:\WINDOWS\System32\winfrun32.bin not found!
File C:\WINDOWS\System32\wml.exe not found!
File C:\WINDOWS\764.exe not found!
File C:\WINDOWS\7search.dll not found!
File C:\WINDOWS\absolute key logger.lnk not found!
File C:\WINDOWS\aconti.exe not found!
File C:\WINDOWS\aconti.ini not found!
File C:\WINDOWS\aconti.sdb not found!
File C:\WINDOWS\adbar.dll not found!
File C:\WINDOWS\atiogl.xml not found!
C:\WINDOWS\ativpsrm.bin moved successfully.
File C:\WINDOWS\cbinst$.exe not found!
File C:\WINDOWS\daxtime.dll not found!
File C:\WINDOWS\dp0.dll not found!
File C:\WINDOWS\eventlowg.dll not found!
File C:\WINDOWS\fhfmm-Uninstaller.exe not found!
File C:\WINDOWS\flt.dll not found!
File C:\WINDOWS\hcwprn.exe not found!
File C:\WINDOWS\hotporn.exe not found!
File C:\WINDOWS\iexplorr23.dll not found!
File C:\WINDOWS\ie_32.exe not found!
File C:\WINDOWS\kkcomp$.exe not found!
File C:\WINDOWS\kkcomp.dll not found!
File C:\WINDOWS\kkcomp.exe not found!
File C:\WINDOWS\kvnab$.exe not found!
File C:\WINDOWS\kvnab.dll not found!
File C:\WINDOWS\kvnab.exe not found!
File C:\WINDOWS\liqad$.exe not found!
File C:\WINDOWS\liqad.dll not found!
File C:\WINDOWS\liqad.exe not found!
File C:\WINDOWS\liqui-Uninstaller.exe not found!
File C:\WINDOWS\liqui.dll not found!
File C:\WINDOWS\liqui.exe not found!
File C:\WINDOWS\ngd.dll not found!
File C:\WINDOWS\pbar.dll not found!
File C:\WINDOWS\pbsysie.dll not found!
File C:\WINDOWS\popcinfot.dat not found!
File C:\WINDOWS\settn.dll not found!
File C:\WINDOWS\spredirect.dll not found!
File C:\WINDOWS\vxddsk.exe not found!
File C:\WINDOWS\wbeCheck.exe not found!
File C:\WINDOWS\wbeInst$.exe not found!
File C:\WINDOWS\wml.exe not found!
File C:\WINDOWS\xadbrk.dll not found!
File C:\WINDOWS\xadbrk.exe not found!
File C:\WINDOWS\xadbrk_.exe not found!
File C:\WINDOWS\xxxvideo.exe not found!
[Files/Folders - Modified Within 90 days]
File C:\WINDOWS\System32\28934D028F.sys not found!
File C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
File C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
File C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0001\~efe2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\ mon000.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\2640 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_h8R6hCicZxecafq scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_r3qAw5npKAeheb3 scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
WinPFind35U Version Beta52 fix logfile created on 02172008_165435

Attached Files


  • 0

#8
Essexboy
Posted 17 February 2008 - 04:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep winpfind worked and took them out - I missed a couple on the first run so we'll get them now

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Files/Folders - Created Within 90 days]
YY -> msole32.exe -> %SystemRoot%\System32\msole32.exe
YY -> fhfmm.exe -> %SystemRoot%\fhfmm.exe
YY -> jd2002.dll -> %SystemRoot%\jd2002.dll
[Files/Folders - Modified Within 90 days]
YY -> 27 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> msole32.exe -> %SystemRoot%\System32\msole32.exe
YY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
YY -> fhfmm.exe -> %SystemRoot%\fhfmm.exe
YY -> jd2002.dll -> %SystemRoot%\jd2002.dll
YY -> popcinfo.dat -> %SystemRoot%\popcinfo.dat
YY -> 3 C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\*.tmp files -> C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\*.tmp
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

NEXT

To clear any registry entries not evident, this may take up to one hour to run, but you can work whilst it is running

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply

Logs required : Winpfind Actions Report, Superantispyware and a new Hijackthis log
  • 0

#9
OscarNJ
Posted 17 February 2008 - 07:08 PM

OscarNJ

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay. All three functions complete. I'm sending this before I reboot.

Sorry. It won't let me attach the files. I have to put them in here.

Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:44 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Paul\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://www.xpeeps.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203028652281
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...231/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2005 - Unknown owner - C:\Program Files\COSMOS Applications\FloWorks\bin\StandAloneSlv.exe

--
End of file - 12308 bytes

WinPFind:

[Files/Folders - Created Within 90 days]
C:\WINDOWS\System32\msole32.exe moved successfully.
C:\WINDOWS\fhfmm.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\jd2002.dll
C:\WINDOWS\jd2002.dll NOT unregistered.
C:\WINDOWS\jd2002.dll moved successfully.
[Files/Folders - Modified Within 90 days]
File C:\WINDOWS\System32\msole32.exe not found!
C:\WINDOWS\msdownld.tmp folder deleted successfully.
File C:\WINDOWS\fhfmm.exe not found!
File C:\WINDOWS\jd2002.dll not found!
C:\WINDOWS\popcinfo.dat moved successfully.
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp scheduled to be deleted on reboot.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\ mon000.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paul\Local Settings\Temp\clclean.0001 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\2644 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_8sIknQBMGaSAlMR scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_u6qhPNi18KqQvnU scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_uExOm0pWXm5krSw scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_uu4L1J2i0R0MGoQ scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
WinPFind35U Version Beta52 fix logfile created on 02172008_185809

SuperAnti :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/17/2008 at 07:57 PM

Application Version : 3.9.1008

Core Rules Database Version : 3404
Trace Rules Database Version: 1396

Scan type : Complete Scan
Total Scan Time : 00:50:26

Memory items scanned : 792
Memory threats detected : 0
Registry items scanned : 7471
Registry threats detected : 0
File items scanned : 46766
File threats detected : 201

Adware.Tracking Cookie
C:\Documents and Settings\Eileen\Cookies\eileen@2o7[1].txt
C:\Documents and Settings\Eileen\Cookies\eileen@adinterax[2].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\eileen@advertising[2].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\eileen@atdmt[2].txt
C:\Documents and Settings\Eileen\Cookies\eileen@atwola[1].txt
C:\Documents and Settings\Eileen\Cookies\eileen@bluestreak[1].txt
C:\Documents and Settings\Eileen\Cookies\eileen@centralmediaserver[2].txt
C:\Documents and Settings\Eileen\Cookies\eileen@collective-media[1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\eileen@hitbox[2].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\eileen@interclick[2].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\eileen@overture[2].txt
C:\Documents and Settings\Eileen\Cookies\eileen@questionmarket[2].txt
C:\Documents and Settings\Eileen\Cookies\eileen@revsci[2].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][2].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][3].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][2].txt
C:\Documents and Settings\Eileen\Cookies\eileen@specificclick[1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][2].txt
C:\Documents and Settings\Eileen\Cookies\eileen@tacoda[1].txt
C:\Documents and Settings\Eileen\Cookies\[email protected][1].txt
C:\Documents and Settings\Eileen\Cookies\eileen@zedo[1].txt
C:\Documents and Settings\Other\Cookies\[email protected][2].txt
C:\Documents and Settings\Other\Cookies\other@adrevolver[1].txt
C:\Documents and Settings\Other\Cookies\[email protected][1].txt
C:\Documents and Settings\Other\Cookies\[email protected][2].txt
C:\Documents and Settings\Other\Cookies\[email protected][1].txt
C:\Documents and Settings\Other\Cookies\[email protected][1].txt
C:\Documents and Settings\Other\Cookies\[email protected][1].txt
C:\Documents and Settings\Other\Cookies\[email protected][1].txt
C:\Documents and Settings\Other\Cookies\[email protected][1].txt
C:\Documents and Settings\Other\Cookies\other@burstnet[2].txt
C:\Documents and Settings\Other\Cookies\other@casalemedia[1].txt
C:\Documents and Settings\Other\Cookies\[email protected][2].txt
C:\Documents and Settings\Other\Cookies\other@doubleclick[1].txt
C:\Documents and Settings\Other\Cookies\other@fastclick[1].txt
C:\Documents and Settings\Other\Cookies\other@hotbar[2].txt
C:\Documents and Settings\Other\Cookies\other@indexstats[1].txt
C:\Documents and Settings\Other\Cookies\other@keywordmax[1].txt
C:\Documents and Settings\Other\Cookies\other@linksynergy[1].txt
C:\Documents and Settings\Other\Cookies\other@maxserving[2].txt
C:\Documents and Settings\Other\Cookies\other@mediaplex[2].txt
C:\Documents and Settings\Other\Cookies\other@pro-market[1].txt
C:\Documents and Settings\Other\Cookies\[email protected][1].txt
C:\Documents and Settings\Other\Cookies\other@qnsr[1].txt
C:\Documents and Settings\Other\Cookies\other@questionmarket[1].txt
C:\Documents and Settings\Other\Cookies\other@revsci[1].txt
C:\Documents and Settings\Other\Cookies\[email protected][2].txt
C:\Documents and Settings\Other\Cookies\[email protected][3].txt
C:\Documents and Settings\Other\Cookies\other@serving-sys[2].txt
C:\Documents and Settings\Other\Cookies\other@specificclick[1].txt
C:\Documents and Settings\Other\Cookies\[email protected][2].txt
C:\Documents and Settings\Other\Cookies\[email protected][1].txt
C:\Documents and Settings\Other\Cookies\other@tacoda[2].txt
C:\Documents and Settings\Other\Cookies\[email protected][1].txt
C:\Documents and Settings\Other\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\paul@2o7[1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\paul@adbrite[1].txt
C:\Documents and Settings\Paul\Cookies\paul@adinterax[1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@adtech[1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@advertising[2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\paul@atdmt[2].txt
C:\Documents and Settings\Paul\Cookies\paul@atwola[1].txt
C:\Documents and Settings\Paul\Cookies\paul@bizrate[1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@directtrack[2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\paul@eyewonder[1].txt
C:\Documents and Settings\Paul\Cookies\paul@fastclick[2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@homeclick[2].txt
C:\Documents and Settings\Paul\Cookies\paul@interclick[1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@linksynergy[2].txt
C:\Documents and Settings\Paul\Cookies\paul@malwarecrush[1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@mediaplex[2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@pornotube[2].txt
C:\Documents and Settings\Paul\Cookies\paul@precisionclick[1].txt
C:\Documents and Settings\Paul\Cookies\paul@questionmarket[2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\paul@revenue[2].txt
C:\Documents and Settings\Paul\Cookies\paul@revsci[2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][3].txt
C:\Documents and Settings\Paul\Cookies\[email protected][4].txt
C:\Documents and Settings\Paul\Cookies\[email protected][6].txt
C:\Documents and Settings\Paul\Cookies\[email protected][7].txt
C:\Documents and Settings\Paul\Cookies\[email protected][8].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][3].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][4].txt
C:\Documents and Settings\Paul\Cookies\paul@sexsearchcom[1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\paul@statcounter[1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@tacoda[2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@tribalfusion[2].txt
C:\Documents and Settings\Paul\Cookies\paul@valueclick[1].txt
C:\Documents and Settings\Paul\Cookies\paul@winantispyware[2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][10].txt
C:\Documents and Settings\Paul\Cookies\[email protected][11].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][3].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@xiti[1].txt
C:\Documents and Settings\Paul\Cookies\paul@zedo[1].txt

Adware.AdBreak
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\FHFMM-UNINSTALLER.EXE
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\HCWPRN.EXE
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\KKCOMP.DLL
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\KKCOMP.EXE
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\KVNAB.DLL
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\KVNAB.EXE
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\LIQAD.DLL
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\LIQAD.EXE
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\LIQUI-UNINSTALLER.EXE
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\LIQUI.DLL
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\LIQUI.EXE
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\PBSYSIE.DLL
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\SETTN.DLL
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\WBECHECK.EXE
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\XADBRK.DLL
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\XADBRK.EXE
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\XADBRK_.EXE
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_185809\WINDOWS\FHFMM.EXE

Unclassified.Unknown Origin/System
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_164417\WINDOWS\SYSTEM32\ESHOPEE.EXE

Trojan.Fakespy-B
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\WINPFIND35U\MOVEDFILES\02172008_185809\WINDOWS\SYSTEM32\MSOLE32.EXE

Rogue.Unclassified/Loader
C:\QOOBOX\QUARANTINE\C\WINDOWS\SETUP.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RXJDDNVJ.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP6\A0000176.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP7\A0000377.EXE
  • 0

#10
Essexboy
Posted 18 February 2008 - 04:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that looked good quarantined files and cookies - How is your system running now ?
  • 0

#11
OscarNJ
Posted 18 February 2008 - 07:13 AM

OscarNJ

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I realized that the screen message was tied to my wallpaper theme, so I changed that in the display settings and rebooted. Everything looks great now. No messages, no pop ups, task manager is back to form.

I really appreciate the help on this one. I sent off a note to McAfee asking them to review their software. I'm surprised this one slipped by the firewall. I don't generally open strange email or click on links I don't recognize. This one must have snuck in under the radar.

Once I'm sure that all of my identity and account information is good I'll hit your PayPal with a donation.

Thanks again for all your work on this.
  • 0

#12
Essexboy
Posted 18 February 2008 - 11:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

Double click Winpfind35 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#13
OscarNJ
Posted 18 February 2008 - 07:31 PM

OscarNJ

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
All done. Thanks again. If I ever find myself wandering through Cornwall the first pint is on me!
  • 0

#14
Essexboy
Posted 19 February 2008 - 03:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP