Heres the
Smitfraudfix log, its probably not complete because I had the same problem as I explained in my first post
SmitFraudFix v2.301
Scan done at 12:00:49.34, 2008-03-13
Run from C:\Documents and Settings\Andre\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
10.18.250.4 banners.fastclick.net
10.18.250.4 ca.com
10.18.250.4 click.atdmt.com
10.18.250.4 clicks.atdmt.com
10.18.250.4 customer.symantec.com
10.18.250.4 dispatch.mcafee.com
10.18.250.4 download.mcafee.com
10.18.250.4 downloads-us1.kaspersky-labs.com
10.18.250.4 downloads-us2.kaspersky-labs.com
10.18.250.4 downloads-us3.kaspersky-labs.com
10.18.250.4 downloads1.kaspersky-labs.com
10.18.250.4 downloads2.kaspersky-labs.com
10.18.250.4 downloads3.kaspersky-labs.com
10.18.250.4 downloads4.kaspersky-labs.com
10.18.250.4 engine.awaps.net
10.18.250.4 f-secure.com
10.18.250.4 fastclick.net
10.18.250.4 ftp.avp.ch
10.18.250.4 ftp.downloads1.kaspersky-labs.com
10.18.250.4 ftp.downloads2.kaspersky-labs.com
10.18.250.4 ftp.downloads3.kaspersky-labs.com
10.18.250.4 ftp.f-secure.com
10.18.250.4 ftp.kasperskylab.ru
10.18.250.4 ftp.sophos.com
10.18.250.4 ids.kaspersky-labs.com
10.18.250.4 kaspersky-labs.com
10.18.250.4 kaspersky.com
10.18.250.4 liveupdate.symantec.com
10.18.250.4 liveupdate.symantecliveupdate.com
10.18.250.4 mast.mcafee.com
10.18.250.4 mcafee.com
10.18.250.4 media.fastclick.net
10.18.250.4 my-etrust.com
10.18.250.4 nai.com
10.18.250.4 networkassociates.com
10.18.250.4 norton.com
10.18.250.4 phx.corporate-ir.net
10.18.250.4 rads.mcafee.com
10.18.250.4 secure.nai.com
10.18.250.4 securityresponse.symantec.com
10.18.250.4 service1.symantec.com
10.18.250.4 sophos.com
10.18.250.4 spd.atdmt.com
10.18.250.4 symantec.com
10.18.250.4 trendmicro.com
10.18.250.4 update.symantec.com
10.18.250.4 updates.symantec.com
10.18.250.4 updates1.kaspersky-labs.com
10.18.250.4 updates2.kaspersky-labs.com
10.18.250.4 updates3.kaspersky-labs.com
10.18.250.4 updates4.kaspersky-labs.com
10.18.250.4 updates5.kaspersky-labs.com
10.18.250.4 us.mcafee.com
10.18.250.4 vil.nai.com
10.18.250.4 viruslist.com
10.18.250.4 viruslist.ru
10.18.250.4 virusscan.jotti.org
10.18.250.4 virustotal.com
10.18.250.4 www.avp.ch
10.18.250.4 www.avp.com
10.18.250.4 www.avp.ru
10.18.250.4 www.awaps.net
10.18.250.4 www.ca.com
10.18.250.4 www.f-secure.com
10.18.250.4 www.fastclick.net
10.18.250.4 www.grisoft.com
10.18.250.4 www.kaspersky-labs.com
10.18.250.4 www.kaspersky.com
10.18.250.4 www.kaspersky.ru
10.18.250.4 www.mcafee.com
10.18.250.4 www.my-etrust.com
10.18.250.4 www.nai.com
10.18.250.4 www.networkassociates.com
10.18.250.4 www.sophos.com
10.18.250.4 www.symantec.com
10.18.250.4 www.trendmicro.com
10.18.250.4 www.viruslist.com
10.18.250.4 www.viruslist.ru
10.18.250.4 www.virustotal.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer=202.27.158.40,202.27.156.72
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer=202.27.158.40,202.27.156.72
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer=202.27.158.40,202.27.156.72
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Heres the Vundofix logVundoFix V7.0.3
Scan started at 12:16:54 2008-03-13
Listing files found while scanning....
C:\windows\system32\awtuvvt.dll
C:\windows\system32\axjdirlt.dll
C:\WINDOWS\system32\axmvflhl.dll
C:\windows\system32\axuwnere.dll
C:\WINDOWS\system32\axwcctpw.dll
C:\windows\system32\bdsimxqy.dll
C:\windows\system32\beuykryp.dll
C:\windows\system32\bmcdlaep.dll
C:\windows\system32\bptqgmpp.dll
C:\windows\system32\bsxtalxh.dll
C:\windows\system32\cgidjykn.dll
C:\windows\system32\chlllavr.dll
C:\windows\system32\cwxikxsp.dll
C:\windows\system32\cxwyobrl.dll
C:\windows\system32\dgaoigee.ini
C:\windows\system32\dgdrnkjs.dll
C:\windows\system32\drvkujr.dll
C:\windows\system32\dwekidfx.dll
C:\windows\system32\ecnremtf.dll
C:\windows\system32\eegioagd.dll
C:\windows\system32\ekbotoom.dll
C:\windows\system32\erenwuxa.ini
C:\windows\system32\frdipfsy.dll
C:\windows\system32\ftmernce.ini
C:\windows\system32\fvldpnuu.dll
C:\windows\system32\fxsxtdnc.dll
C:\windows\system32\gclepjld.dll
C:\windows\system32\ggbnelik.dll
C:\windows\system32\gknrfphu.dll
C:\windows\system32\gmumbcpq.dll
C:\windows\system32\gsmmldul.dll
C:\windows\system32\gvouharq.dll
C:\windows\system32\gxbmgaoy.dll
C:\windows\system32\hdvbusdn.dll
C:\windows\system32\hvawsgjd.dll
C:\windows\system32\hxlatxsb.ini
C:\windows\system32\iaovkbku.dll
C:\windows\system32\ithsrusi.dll
C:\windows\system32\itrrukki.dll
C:\windows\system32\jlichrao.dll
C:\windows\system32\jrbhllla.dll
C:\windows\system32\kchnlpqt.dll
C:\windows\system32\khfgggf.dll
C:\windows\system32\kvgjntar.dll
C:\windows\system32\lerqhwry.dll
C:\windows\system32\letwcymo.dll
C:\windows\system32\lgfvbdqn.dll
C:\windows\system32\lhlfvmxa.ini
C:\windows\system32\llegonoe.dll
C:\windows\system32\lpgdeqfy.dll
C:\windows\system32\lrboywxc.ini
C:\windows\system32\mraggiva.dll
C:\windows\system32\mrhhtafv.dll
C:\windows\system32\nilpuumw.dll
C:\windows\system32\niobydqj.dll
C:\windows\system32\njoyovmj.dll
C:\windows\system32\nkyjdigc.ini
C:\windows\system32\nocqstdh.dll
C:\windows\system32\npnbnuut.dll
C:\windows\system32\nrrwhuss.dll
C:\windows\system32\nvfkdkqi.dll
C:\windows\system32\obwjeofa.dll
C:\windows\system32\oemnyack.dll
C:\windows\system32\ofbdriyl.dll
C:\windows\system32\omkjrmrv.dll
C:\windows\system32\onamprxs.dll
C:\WINDOWS\system32\opnlkhi.dll
C:\windows\system32\pealdcmb.ini
C:\windows\system32\peujenfi.dll
C:\windows\system32\ppmgqtpb.ini
C:\windows\system32\prqjjtgl.dll
C:\windows\system32\psxkixwc.ini
C:\windows\system32\ptobqbua.dll
C:\windows\system32\pvactnrt.dll
C:\windows\system32\pyanvasu.dll
C:\windows\system32\pyrkyueb.ini
C:\windows\system32\qbssujjx.dll
C:\windows\system32\qfaawrut.dll
C:\windows\system32\qffrdqnn.dll
C:\windows\system32\qihreqda.dll
C:\windows\system32\rdlwrvmw.dll
C:\windows\system32\retutsfi.dll
C:\windows\system32\rewfvsra.dll
C:\windows\system32\rroftybo.dll
C:\windows\system32\rsqvedyj.dll
C:\windows\system32\rvalllhc.ini
C:\windows\system32\rvjenrad.dll
C:\windows\system32\saehkvak.dll
C:\windows\system32\saklvadh.dll
C:\windows\system32\sentkasu.dll
C:\windows\system32\sibnkdcm.dll
C:\windows\system32\sjknrdgd.ini
C:\windows\system32\surmthlk.dll
C:\windows\system32\swaepuyy.dll
C:\windows\system32\tbjxgjpx.dll
C:\windows\system32\tcgtiwwl.dll
C:\windows\system32\tlridjxa.ini
C:\windows\system32\togkpoxv.dll
C:\windows\system32\tuvstur.dll
C:\windows\system32\tvwevoex.dll
C:\windows\system32\tyocndfy.dll
C:\windows\system32\uryvstqh.dll
C:\windows\system32\uubirbhi.dll
C:\windows\system32\vekevlms.dll
C:\windows\system32\vfoppwxj.dll
C:\windows\system32\vfyyugqg.dll
C:\windows\system32\voanvtej.dll
C:\windows\system32\vooofusq.dll
C:\windows\system32\vqacrsuv.dll
C:\windows\system32\vttlmlon.dll
C:\windows\system32\vvrlhfui.dll
C:\windows\system32\vxfowxsy.dll
C:\windows\system32\wbcchoya.dll
C:\windows\system32\wjuwkghq.dll
C:\windows\system32\wptccwxa.ini
C:\windows\system32\wpwrhkor.dll
C:\windows\system32\wvibanjn.dll
C:\windows\system32\xgoumqdg.dll
C:\windows\system32\xotrigqc.dll
C:\windows\system32\xqbysbve.dll
C:\windows\system32\xyartwbp.dll
C:\windows\system32\yaqcupld.dll
C:\windows\system32\yhehaloh.dll
C:\windows\system32\yjduubvn.dll
C:\windows\system32\ymyxkige.dll
C:\windows\system32\yqxmisdb.ini
Beginning removal...
Attempting to delete C:\windows\system32\awtuvvt.dll
C:\windows\system32\awtuvvt.dll Has been deleted!
Attempting to delete C:\windows\system32\axjdirlt.dll
C:\windows\system32\axjdirlt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\axmvflhl.dll
C:\WINDOWS\system32\axmvflhl.dll Has been deleted!
Attempting to delete C:\windows\system32\axuwnere.dll
C:\windows\system32\axuwnere.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\axwcctpw.dll
C:\WINDOWS\system32\axwcctpw.dll Has been deleted!
Attempting to delete C:\windows\system32\bdsimxqy.dll
C:\windows\system32\bdsimxqy.dll Has been deleted!
Attempting to delete C:\windows\system32\beuykryp.dll
C:\windows\system32\beuykryp.dll Has been deleted!
Attempting to delete C:\windows\system32\bmcdlaep.dll
C:\windows\system32\bmcdlaep.dll Has been deleted!
Attempting to delete C:\windows\system32\bptqgmpp.dll
C:\windows\system32\bptqgmpp.dll Has been deleted!
Attempting to delete C:\windows\system32\bsxtalxh.dll
C:\windows\system32\bsxtalxh.dll Has been deleted!
Attempting to delete C:\windows\system32\cgidjykn.dll
C:\windows\system32\cgidjykn.dll Has been deleted!
Attempting to delete C:\windows\system32\chlllavr.dll
C:\windows\system32\chlllavr.dll Has been deleted!
Attempting to delete C:\windows\system32\cwxikxsp.dll
C:\windows\system32\cwxikxsp.dll Has been deleted!
Attempting to delete C:\windows\system32\cxwyobrl.dll
C:\windows\system32\cxwyobrl.dll Has been deleted!
Attempting to delete C:\windows\system32\dgaoigee.ini
C:\windows\system32\dgaoigee.ini Has been deleted!
Attempting to delete C:\windows\system32\dgdrnkjs.dll
C:\windows\system32\dgdrnkjs.dll Has been deleted!
Attempting to delete C:\windows\system32\drvkujr.dll
C:\windows\system32\drvkujr.dll Has been deleted!
Attempting to delete C:\windows\system32\dwekidfx.dll
C:\windows\system32\dwekidfx.dll Has been deleted!
Attempting to delete C:\windows\system32\ecnremtf.dll
C:\windows\system32\ecnremtf.dll Has been deleted!
Attempting to delete C:\windows\system32\eegioagd.dll
C:\windows\system32\eegioagd.dll Has been deleted!
Attempting to delete C:\windows\system32\ekbotoom.dll
C:\windows\system32\ekbotoom.dll Has been deleted!
Attempting to delete C:\windows\system32\erenwuxa.ini
C:\windows\system32\erenwuxa.ini Has been deleted!
Attempting to delete C:\windows\system32\frdipfsy.dll
C:\windows\system32\frdipfsy.dll Has been deleted!
Attempting to delete C:\windows\system32\ftmernce.ini
C:\windows\system32\ftmernce.ini Has been deleted!
Attempting to delete C:\windows\system32\fvldpnuu.dll
C:\windows\system32\fvldpnuu.dll Has been deleted!
Attempting to delete C:\windows\system32\fxsxtdnc.dll
C:\windows\system32\fxsxtdnc.dll Has been deleted!
Attempting to delete C:\windows\system32\gclepjld.dll
C:\windows\system32\gclepjld.dll Has been deleted!
Attempting to delete C:\windows\system32\ggbnelik.dll
C:\windows\system32\ggbnelik.dll Has been deleted!
Attempting to delete C:\windows\system32\gknrfphu.dll
C:\windows\system32\gknrfphu.dll Has been deleted!
Attempting to delete C:\windows\system32\gmumbcpq.dll
C:\windows\system32\gmumbcpq.dll Has been deleted!
Attempting to delete C:\windows\system32\gsmmldul.dll
C:\windows\system32\gsmmldul.dll Has been deleted!
Attempting to delete C:\windows\system32\gvouharq.dll
C:\windows\system32\gvouharq.dll Has been deleted!
Attempting to delete C:\windows\system32\gxbmgaoy.dll
C:\windows\system32\gxbmgaoy.dll Has been deleted!
Attempting to delete C:\windows\system32\hdvbusdn.dll
C:\windows\system32\hdvbusdn.dll Has been deleted!
Attempting to delete C:\windows\system32\hvawsgjd.dll
C:\windows\system32\hvawsgjd.dll Has been deleted!
Attempting to delete C:\windows\system32\hxlatxsb.ini
C:\windows\system32\hxlatxsb.ini Has been deleted!
Attempting to delete C:\windows\system32\iaovkbku.dll
C:\windows\system32\iaovkbku.dll Has been deleted!
Attempting to delete C:\windows\system32\ithsrusi.dll
C:\windows\system32\ithsrusi.dll Has been deleted!
Attempting to delete C:\windows\system32\itrrukki.dll
C:\windows\system32\itrrukki.dll Has been deleted!
Attempting to delete C:\windows\system32\jlichrao.dll
C:\windows\system32\jlichrao.dll Has been deleted!
Attempting to delete C:\windows\system32\jrbhllla.dll
C:\windows\system32\jrbhllla.dll Has been deleted!
Attempting to delete C:\windows\system32\kchnlpqt.dll
C:\windows\system32\kchnlpqt.dll Has been deleted!
Attempting to delete C:\windows\system32\khfgggf.dll
C:\windows\system32\khfgggf.dll Has been deleted!
Attempting to delete C:\windows\system32\kvgjntar.dll
C:\windows\system32\kvgjntar.dll Has been deleted!
Attempting to delete C:\windows\system32\lerqhwry.dll
C:\windows\system32\lerqhwry.dll Has been deleted!
Attempting to delete C:\windows\system32\letwcymo.dll
C:\windows\system32\letwcymo.dll Has been deleted!
Attempting to delete C:\windows\system32\lgfvbdqn.dll
C:\windows\system32\lgfvbdqn.dll Has been deleted!
Attempting to delete C:\windows\system32\lhlfvmxa.ini
C:\windows\system32\lhlfvmxa.ini Has been deleted!
Attempting to delete C:\windows\system32\llegonoe.dll
C:\windows\system32\llegonoe.dll Has been deleted!
Attempting to delete C:\windows\system32\lpgdeqfy.dll
C:\windows\system32\lpgdeqfy.dll Has been deleted!
Attempting to delete C:\windows\system32\lrboywxc.ini
C:\windows\system32\lrboywxc.ini Has been deleted!
Attempting to delete C:\windows\system32\mraggiva.dll
C:\windows\system32\mraggiva.dll Has been deleted!
Attempting to delete C:\windows\system32\mrhhtafv.dll
C:\windows\system32\mrhhtafv.dll Has been deleted!
Attempting to delete C:\windows\system32\nilpuumw.dll
C:\windows\system32\nilpuumw.dll Has been deleted!
Attempting to delete C:\windows\system32\niobydqj.dll
C:\windows\system32\niobydqj.dll Has been deleted!
Attempting to delete C:\windows\system32\njoyovmj.dll
C:\windows\system32\njoyovmj.dll Has been deleted!
Attempting to delete C:\windows\system32\nkyjdigc.ini
C:\windows\system32\nkyjdigc.ini Has been deleted!
Attempting to delete C:\windows\system32\nocqstdh.dll
C:\windows\system32\nocqstdh.dll Has been deleted!
Attempting to delete C:\windows\system32\npnbnuut.dll
C:\windows\system32\npnbnuut.dll Has been deleted!
Attempting to delete C:\windows\system32\nrrwhuss.dll
C:\windows\system32\nrrwhuss.dll Has been deleted!
Attempting to delete C:\windows\system32\nvfkdkqi.dll
C:\windows\system32\nvfkdkqi.dll Has been deleted!
Attempting to delete C:\windows\system32\obwjeofa.dll
C:\windows\system32\obwjeofa.dll Has been deleted!
Attempting to delete C:\windows\system32\oemnyack.dll
C:\windows\system32\oemnyack.dll Has been deleted!
Attempting to delete C:\windows\system32\ofbdriyl.dll
C:\windows\system32\ofbdriyl.dll Has been deleted!
Attempting to delete C:\windows\system32\omkjrmrv.dll
C:\windows\system32\omkjrmrv.dll Has been deleted!
Attempting to delete C:\windows\system32\onamprxs.dll
C:\windows\system32\onamprxs.dll Has been deleted!
Attempting to delete C:\windows\system32\pealdcmb.ini
C:\windows\system32\pealdcmb.ini Has been deleted!
Attempting to delete C:\windows\system32\peujenfi.dll
C:\windows\system32\peujenfi.dll Has been deleted!
Attempting to delete C:\windows\system32\ppmgqtpb.ini
C:\windows\system32\ppmgqtpb.ini Has been deleted!
Attempting to delete C:\windows\system32\prqjjtgl.dll
C:\windows\system32\prqjjtgl.dll Has been deleted!
Attempting to delete C:\windows\system32\psxkixwc.ini
C:\windows\system32\psxkixwc.ini Has been deleted!
Attempting to delete C:\windows\system32\ptobqbua.dll
C:\windows\system32\ptobqbua.dll Has been deleted!
Attempting to delete C:\windows\system32\pvactnrt.dll
C:\windows\system32\pvactnrt.dll Has been deleted!
Attempting to delete C:\windows\system32\pyanvasu.dll
C:\windows\system32\pyanvasu.dll Has been deleted!
Attempting to delete C:\windows\system32\pyrkyueb.ini
C:\windows\system32\pyrkyueb.ini Has been deleted!
Attempting to delete C:\windows\system32\qbssujjx.dll
C:\windows\system32\qbssujjx.dll Has been deleted!
Attempting to delete C:\windows\system32\qfaawrut.dll
C:\windows\system32\qfaawrut.dll Has been deleted!
Attempting to delete C:\windows\system32\qffrdqnn.dll
C:\windows\system32\qffrdqnn.dll Has been deleted!
Attempting to delete C:\windows\system32\qihreqda.dll
C:\windows\system32\qihreqda.dll Has been deleted!
Attempting to delete C:\windows\system32\rdlwrvmw.dll
C:\windows\system32\rdlwrvmw.dll Has been deleted!
Attempting to delete C:\windows\system32\retutsfi.dll
C:\windows\system32\retutsfi.dll Has been deleted!
Attempting to delete C:\windows\system32\rewfvsra.dll
C:\windows\system32\rewfvsra.dll Has been deleted!
Attempting to delete C:\windows\system32\rroftybo.dll
C:\windows\system32\rroftybo.dll Has been deleted!
Attempting to delete C:\windows\system32\rsqvedyj.dll
C:\windows\system32\rsqvedyj.dll Has been deleted!
Attempting to delete C:\windows\system32\rvalllhc.ini
C:\windows\system32\rvalllhc.ini Has been deleted!
Attempting to delete C:\windows\system32\rvjenrad.dll
C:\windows\system32\rvjenrad.dll Has been deleted!
Attempting to delete C:\windows\system32\saehkvak.dll
C:\windows\system32\saehkvak.dll Has been deleted!
Attempting to delete C:\windows\system32\saklvadh.dll
C:\windows\system32\saklvadh.dll Has been deleted!
Attempting to delete C:\windows\system32\sentkasu.dll
C:\windows\system32\sentkasu.dll Has been deleted!
Attempting to delete C:\windows\system32\sibnkdcm.dll
C:\windows\system32\sibnkdcm.dll Has been deleted!
Attempting to delete C:\windows\system32\sjknrdgd.ini
C:\windows\system32\sjknrdgd.ini Has been deleted!
Attempting to delete C:\windows\system32\surmthlk.dll
C:\windows\system32\surmthlk.dll Has been deleted!
Attempting to delete C:\windows\system32\swaepuyy.dll
C:\windows\system32\swaepuyy.dll Has been deleted!
Attempting to delete C:\windows\system32\tbjxgjpx.dll
C:\windows\system32\tbjxgjpx.dll Has been deleted!
Attempting to delete C:\windows\system32\tcgtiwwl.dll
C:\windows\system32\tcgtiwwl.dll Has been deleted!
Attempting to delete C:\windows\system32\tlridjxa.ini
C:\windows\system32\tlridjxa.ini Has been deleted!
Attempting to delete C:\windows\system32\togkpoxv.dll
C:\windows\system32\togkpoxv.dll Has been deleted!
Attempting to delete C:\windows\system32\tuvstur.dll
C:\windows\system32\tuvstur.dll Has been deleted!
Attempting to delete C:\windows\system32\tvwevoex.dll
C:\windows\system32\tvwevoex.dll Has been deleted!
Attempting to delete C:\windows\system32\tyocndfy.dll
C:\windows\system32\tyocndfy.dll Has been deleted!
Attempting to delete C:\windows\system32\uryvstqh.dll
C:\windows\system32\uryvstqh.dll Has been deleted!
Attempting to delete C:\windows\system32\uubirbhi.dll
C:\windows\system32\uubirbhi.dll Has been deleted!
Attempting to delete C:\windows\system32\vekevlms.dll
C:\windows\system32\vekevlms.dll Has been deleted!
Attempting to delete C:\windows\system32\vfoppwxj.dll
C:\windows\system32\vfoppwxj.dll Has been deleted!
Attempting to delete C:\windows\system32\vfyyugqg.dll
C:\windows\system32\vfyyugqg.dll Has been deleted!
Attempting to delete C:\windows\system32\voanvtej.dll
C:\windows\system32\voanvtej.dll Has been deleted!
Attempting to delete C:\windows\system32\vooofusq.dll
C:\windows\system32\vooofusq.dll Has been deleted!
Attempting to delete C:\windows\system32\vqacrsuv.dll
C:\windows\system32\vqacrsuv.dll Has been deleted!
Attempting to delete C:\windows\system32\vttlmlon.dll
C:\windows\system32\vttlmlon.dll Has been deleted!
Attempting to delete C:\windows\system32\vvrlhfui.dll
C:\windows\system32\vvrlhfui.dll Has been deleted!
Attempting to delete C:\windows\system32\vxfowxsy.dll
C:\windows\system32\vxfowxsy.dll Has been deleted!
Attempting to delete C:\windows\system32\wbcchoya.dll
C:\windows\system32\wbcchoya.dll Has been deleted!
Attempting to delete C:\windows\system32\wjuwkghq.dll
C:\windows\system32\wjuwkghq.dll Has been deleted!
Attempting to delete C:\windows\system32\wptccwxa.ini
C:\windows\system32\wptccwxa.ini Has been deleted!
Attempting to delete C:\windows\system32\wpwrhkor.dll
C:\windows\system32\wpwrhkor.dll Has been deleted!
Attempting to delete C:\windows\system32\wvibanjn.dll
C:\windows\system32\wvibanjn.dll Has been deleted!
Attempting to delete C:\windows\system32\xgoumqdg.dll
C:\windows\system32\xgoumqdg.dll Has been deleted!
Attempting to delete C:\windows\system32\xotrigqc.dll
C:\windows\system32\xotrigqc.dll Has been deleted!
Attempting to delete C:\windows\system32\xqbysbve.dll
C:\windows\system32\xqbysbve.dll Has been deleted!
Attempting to delete C:\windows\system32\xyartwbp.dll
C:\windows\system32\xyartwbp.dll Has been deleted!
Attempting to delete C:\windows\system32\yaqcupld.dll
C:\windows\system32\yaqcupld.dll Has been deleted!
Attempting to delete C:\windows\system32\yhehaloh.dll
C:\windows\system32\yhehaloh.dll Has been deleted!
Attempting to delete C:\windows\system32\yjduubvn.dll
C:\windows\system32\yjduubvn.dll Has been deleted!
Attempting to delete C:\windows\system32\ymyxkige.dll
C:\windows\system32\ymyxkige.dll Has been deleted!
Attempting to delete C:\windows\system32\yqxmisdb.ini
C:\windows\system32\yqxmisdb.ini Has been deleted!
Performing Repairs to the registry.
Done!
Heres the HijackThis logLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30, on 2008-03-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.xtramsn.co....S01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.xtramsn.co....S01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.nz/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.xtramsn.co....S01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85DA32C2-9D9B-4DCB-9FBB-35882FC4D2F8} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Search Assistant - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file)
O2 - BHO: {4b8473a5-03cb-6c88-bfe4-c1ea2f57835b} - {b53875f2-ae1c-4efb-88c6-bc305a3748b4} - C:\WINDOWS\system32\fnluqwgk.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1205149217.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [cc9fb054] rundll32.exe "C:\WINDOWS\system32\rfnbkkci.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BMcfac83c8] Rundll32.exe "C:\WINDOWS\system32\esalcwdd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} -
http://update.videoe...ggPublisher.exeO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer = 202.27.158.40,202.27.156.72
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: acfffaeddbcec - C:\WINDOWS\system32\acfffaeddbcec.dll
O20 - Winlogon Notify: bdebafab - C:\WINDOWS\system32\bdebafab.dll
O20 - Winlogon Notify: opnlkhi - opnlkhi.dll (file missing)
O20 - Winlogon Notify: tuvww - C:\WINDOWS\system32\tuvww.dll (file missing)
O20 - Winlogon Notify: winvfe32 - winvfe32.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll (file missing)
O21 - SSODL: ServiceSetup - {07f7210c-30b3-4e00-81ee-487aeb2523d9} - C:\WINDOWS\Installer\{07f7210c-30b3-4e00-81ee-487aeb2523d9}\ServiceSetup.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
--
End of file - 8574 bytes
Heres the dss logDeckard's System Scanner v20071014.68
Run by Andre on 2008-03-13 13:31:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Percentage of Memory in Use: 87% (more than 75%).Total Physical Memory: 256 MiB (512 MiB recommended).-- HijackThis (run as Andre.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31, on 2008-03-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Andre\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andre.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.xtramsn.co....S01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.xtramsn.co....S01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.nz/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.xtramsn.co....S01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85DA32C2-9D9B-4DCB-9FBB-35882FC4D2F8} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Search Assistant - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file)
O2 - BHO: {4b8473a5-03cb-6c88-bfe4-c1ea2f57835b} - {b53875f2-ae1c-4efb-88c6-bc305a3748b4} - C:\WINDOWS\system32\fnluqwgk.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1205149217.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [cc9fb054] rundll32.exe "C:\WINDOWS\system32\rfnbkkci.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BMcfac83c8] Rundll32.exe "C:\WINDOWS\system32\esalcwdd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} -
http://update.videoe...ggPublisher.exeO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer = 202.27.158.40,202.27.156.72
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: acfffaeddbcec - C:\WINDOWS\system32\acfffaeddbcec.dll
O20 - Winlogon Notify: bdebafab - C:\WINDOWS\system32\bdebafab.dll
O20 - Winlogon Notify: opnlkhi - opnlkhi.dll (file missing)
O20 - Winlogon Notify: tuvww - C:\WINDOWS\system32\tuvww.dll (file missing)
O20 - Winlogon Notify: winvfe32 - winvfe32.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll (file missing)
O21 - SSODL: ServiceSetup - {07f7210c-30b3-4e00-81ee-487aeb2523d9} - C:\WINDOWS\Installer\{07f7210c-30b3-4e00-81ee-487aeb2523d9}\ServiceSetup.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
--
End of file - 8608 bytes
-- Files created between 2008-02-13 and 2008-03-13 -----------------------------
2008-03-13 12:16:54 0 d-------- C:\VundoFix Backups
2008-03-12 16:41:46 0 d-------- C:\Program Files\Opera
2008-03-11 20:04:33 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-11 20:04:33 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-11 20:04:33 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-11 20:04:33 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-11 20:04:16 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-11 16:12:20 0 d-------- C:\Program Files\Trend Micro
2008-03-11 01:34:59 0 d-------- C:\Documents and Settings\Andre\Application Data\Grisoft
2008-03-11 01:05:03 2572 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-11 01:03:34 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-11 01:03:34 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-11 01:03:34 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-11 01:03:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-11 01:03:34 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-03-11 01:03:34 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-11 01:03:34 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-11 00:53:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 18:53:53 89664 --a------ C:\WINDOWS\system32\esalcwdd.dll
2008-03-10 18:52:54 166689 --ahs---- C:\WINDOWS\system32\mopoq.ini2
2008-03-10 17:56:52 211909 ---hs---- C:\WINDOWS\system32\wwvut.ini2
2008-03-10 16:13:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-10 16:09:51 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 16:09:49 0 d-------- C:\Documents and Settings\Andre\Application Data\SUPERAntiSpyware.com
2008-03-10 12:38:52 91200 -----n--- C:\WINDOWS\system32\albinkab.dll
2008-03-10 12:37:14 89664 --a------ C:\WINDOWS\system32\grdspycw.dll
2008-03-10 01:55:00 91200 --a------ C:\WINDOWS\system32\tobofkeh.dll
2008-03-10 01:52:31 89664 --a------ C:\WINDOWS\system32\jjvarbag.dll
2008-03-10 01:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-10 01:07:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 00:54:34 0 d-------- C:\WINDOWS\FLEOK
2008-03-10 00:51:58 24320 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-10 00:51:57 16384 --a------ C:\WINDOWS\msapasrc.dll
2008-03-10 00:51:57 11264 --a------ C:\WINDOWS\msa64chk.dll
2008-03-10 00:51:32 11008 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-10 00:51:28 15360 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-10 00:51:28 11776 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-03-10 00:51:27 14848 --a------ C:\WINDOWS\shdocpl.dll
2008-03-10 00:51:27 29184 --a------ C:\WINDOWS\ntnut.exe
2008-03-10 00:51:26 20224 --a------ C:\WINDOWS\shdocpe.dll
2008-03-10 00:51:10 24832 --a------ C:\WINDOWS\winsb.dll
2008-03-10 00:51:05 26624 --a------ C:\WINDOWS\browserad.dll
2008-03-10 00:51:04 29184 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-10 00:51:03 21248 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-10 00:51:03 15872 --a------ C:\WINDOWS\avifile32.dll
2008-03-10 00:51:03 31744 --a------ C:\WINDOWS\autodisc32.dll
2008-03-10 00:51:02 30208 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-10 00:51:01 13824 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-10 00:51:01 20480 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-10 00:51:00 12288 --a------ C:\WINDOWS\athprxy32.dll
2008-03-10 00:51:00 15872 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-10 00:51:00 16384 --a------ C:\WINDOWS\asferror32.dll
2008-03-10 00:50:59 20480 --a------ C:\WINDOWS\apphelp32.dll
2008-03-10 00:50:54 21504 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-09 21:59:51 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 21:49:52 18944 --a------ C:\WINDOWS\system32\wowfx.dll
2008-03-09 21:26:13 92224 --a------ C:\WINDOWS\system32\psrautoc.dll
2008-03-09 21:25:49 39936 --a------ C:\WINDOWS\system32\vtuvvwx.dll
2008-03-09 21:20:16 88640 --a------ C:\WINDOWS\system32\qjajusck.dll
2008-03-06 12:55:27 96832 --a------ C:\WINDOWS\system32\pjsmllpb.dll
2008-03-06 12:49:29 91712 --a------ C:\WINDOWS\system32\dmvvxpnp.dll
2008-03-06 12:40:49 96832 --a------ C:\WINDOWS\system32\lwdnoiwl.dll
2008-03-06 12:37:49 91712 --a------ C:\WINDOWS\system32\jglughgb.dll
2008-03-05 14:48:29 96832 --a------ C:\WINDOWS\system32\vexahhaa.dll
2008-03-05 14:45:29 89664 --a------ C:\WINDOWS\system32\uxvjmeeb.dll
2008-03-05 14:42:30 91712 --a------ C:\WINDOWS\system32\aakbgmdi.dll
2008-03-05 12:07:50 89664 --a------ C:\WINDOWS\system32\bdobqtqk.dll
2008-03-05 12:05:03 96832 --a------ C:\WINDOWS\system32\eamfsdfd.dll
2008-03-05 12:04:49 91712 --a------ C:\WINDOWS\system32\vwyhjkxh.dll
2008-03-04 19:22:18 95296 --a------ C:\WINDOWS\system32\knhfypop.dll
2008-03-04 19:16:19 91712 --a------ C:\WINDOWS\system32\vdapvbcw.dll
2008-03-04 18:41:43 0 d-------- C:\Program Files\SmartFTP Client
2008-03-04 18:39:15 0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-03-04 12:54:51 95296 --a------ C:\WINDOWS\system32\wiybjvwe.dll
2008-03-04 12:51:52 91712 --a------ C:\WINDOWS\system32\msanlmqk.dll
2008-03-04 12:17:17 95296 --a------ C:\WINDOWS\system32\mjnirgsr.dll
2008-03-04 12:17:06 91712 --a------ C:\WINDOWS\system32\blhdevry.dll
2008-03-03 12:34:41 89664 --a------ C:\WINDOWS\system32\lolchhbw.dll
2008-03-03 12:31:41 84544 --a------ C:\WINDOWS\system32\spycibrv.dll
2008-03-03 12:29:52 91712 --a------ C:\WINDOWS\system32\pjlabpkb.dll
2008-03-03 00:35:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 00:32:21 0 d-------- C:\Program Files\Windows Live
2008-03-03 00:30:10 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-02 15:11:52 89664 --a------ C:\WINDOWS\system32\ohgdflff.dll
2008-03-02 15:05:58 91712 --a------ C:\WINDOWS\system32\pwbaalor.dll
2008-03-01 16:15:21 88640 --a------ C:\WINDOWS\system32\uitskogr.dll
2008-03-01 16:12:19 91712 --a------ C:\WINDOWS\system32\aldtvvtr.dll
2008-03-01 13:53:38 28435 --a------ C:\WINDOWS\system32\qjchfvwe.dll
2008-03-01 13:50:45 64 --a------ C:\WINDOWS\system32\cxdlkxio.dll
2008-03-01 13:50:39 64 --a------ C:\WINDOWS\system32\cibpunoy.dll
2008-02-29 19:02:29 0 dr-h----- C:\Documents and Settings\Chloe\Recent
2008-02-29 18:42:18 89664 --a------ C:\WINDOWS\system32\rnwexqew.