Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Application Error 0xc000005 [CLOSED]

Started by kingviper , Mar 16 2008 04:51 PM

This topic is locked

#16
kingviper

Posted 23 March 2008 - 08:00 AM

Member

Topic Starter
Member
37 posts

EssexBoy,

The MOVEIT program removed everything we told it to. We I copied and pasted I accidentally left the "could Not remove" in front of everything and had to redo it 3 times. Then the log report was off but it said everything was removed. Here is the combofix.

ComboFix 08-03-22.1 - Bryan 2008-03-23 9:34:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.196 [GMT -4:00]
Running from: C:\Documents and Settings\Bryan\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\Common Files\cpush\
C:\Program Files\Common Files\drivecleaner free\
C:\Program Files\Common Files\KeenValue\
C:\Program Files\Common Files\sogou pxp\
C:\Program Files\Common Files\WinSoftware\
C:\Program Files\CSBB\
C:\Program Files\dialers\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\starware\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\WINDOWS\mc\
C:\WINDOWS\mslagent\
C:\WINDOWS\wincomp\
C:\WINDOWS\winmgts\
C:\WINDOWS\wintrim\

.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 09:27 . 2008-03-23 09:27 <DIR> d-------- C:\_OTMoveIt
2008-03-23 08:35 . 2008-03-23 08:35 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-23 08:32 . 2008-03-23 08:54 <DIR> d-------- C:\SDFix
2008-03-22 21:49 . 2008-03-22 21:49 <DIR> d-------- C:\Program Files\Empire Interactive
2008-03-22 21:49 . 2003-03-24 09:50 974,848 -ra------ C:\WINDOWS\system32\vorbis.dll
2008-03-22 21:49 . 2003-03-24 09:50 49,152 -ra------ C:\WINDOWS\system32\ogg.dll
2008-03-22 21:49 . 2003-03-24 09:50 28,672 -ra------ C:\WINDOWS\system32\vorbisfile.dll
2008-03-22 21:11 . 2008-03-22 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-22 19:46 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-03-17 18:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-17 18:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-17 18:51 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-17 18:51 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-17 18:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-17 18:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 18:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 18:37 . 2008-03-17 18:37 <DIR> dr-hs---- C:\winssystem.exe
2008-03-17 18:37 . 2008-03-17 18:37 274 -r-h----- C:\Program Files\adwareremovergold.com
2008-03-17 17:47 . 2004-03-08 12:00 224,016 --------- C:\WINDOWS\system32\tabctl32.ocx
2008-03-16 21:21 . 2002-01-01 00:01 <DIR> d-------- C:\Program Files\Spyware Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 13:00 --------- d-----w C:\Program Files\TrueAssistant
2008-03-23 01:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 22:37 284 ---h--r C:\Program Files\fix my registry
2008-03-17 21:42 --------- d-----w C:\Program Files\The Cleaner Free
2008-03-17 21:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-06 21:23 442,368 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-02-27 18:49 3,840 ----a-w C:\WINDOWS\system32\drivers\BANTExt.sys
2005-10-25 15:53 491,520 ----a-w C:\Documents and Settings\Bryan\pbclsnew.dll
2005-10-25 15:52 491,520 ----a-w C:\Documents and Settings\Bryan\pbclnew.dll
2005-10-25 15:51 290,816 ----a-w C:\Documents and Settings\Bryan\pbsvnew.dll
2005-10-25 15:49 4 ----a-w C:\Documents and Settings\Bryan\pbweb.dat
2004-03-06 11:50 75,776 -c-ha-w C:\Documents and Settings\Bryan\Application Data\rbqt450.DLL
2001-08-23 17:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 -csh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2007-12-04 18:38 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot_2008-03-22_20.21.34.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-23 11:24:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-23 12:35:17 5,804,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-03-23 12:35:17 225,280 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-23 11:24:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-23 12:35:15 5,804,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-03-23 12:35:15 225,280 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 1998-10-29 21:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
+ 1998-10-29 20:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
- 2003-01-07 20:22:34 139,264 -c--a-w C:\WINDOWS\system32\eax.dll
+ 2003-01-07 19:22:34 139,264 ----a-w C:\WINDOWS\system32\eax.dll
+ 2007-12-05 06:41:00 5,773,568 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nv4_disp.dll
+ 2007-12-05 05:41:00 7,435,392 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nv4_mini.sys
+ 2007-12-05 06:41:00 385,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvapi.dll
+ 2007-12-05 05:41:00 35,328 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvcod.dll
+ 2007-12-05 05:41:00 8,523,776 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvcpl.dll
+ 2007-12-05 05:41:00 1,089,536 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvcuda.dll
+ 2007-12-05 05:41:00 6,549,504 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvdisps.dll
+ 2007-12-05 05:41:00 3,420,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvgames.dll
+ 2007-12-05 05:41:00 229,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvmccs.dll
+ 2007-12-05 05:41:00 188,416 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvmccss.dll
+ 2007-12-05 06:41:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvmctray.dll
+ 2007-12-05 05:41:00 1,228,800 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvmobls.dll
+ 2007-12-05 05:41:00 286,720 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvnt4cpl.dll
+ 2007-12-05 05:41:00 6,901,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvoglnt.dll
+ 2007-12-05 05:41:00 155,716 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvsvc32.exe
+ 2007-12-05 05:41:00 3,710,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvvitvs.dll
+ 2007-12-05 05:41:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvwddi.dll
+ 2007-12-05 05:41:00 2,498,560 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvwss.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-21 20:04 163840]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43 407032]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2001-08-23 13:00 77891]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-01 11:11 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 06:50 155648]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"LiveNote"="livenote.exe" [2002-07-11 09:31 40960 C:\WINDOWS\livenote.exe]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52 122880]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52 380928]
"HPIJetSend"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe" [2000-08-22 13:24 585728]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 09:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2004-02-02 04:41 495616]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 08:44 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54 241664]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2000-08-22 13:20 32768]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-06-02 22:58 185456]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-06-02 22:58 230512]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"anvshell"="anvshell.exe" [2003-05-29 03:53 348160 C:\WINDOWS\anvshell.exe]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-05-10 12:38 7615984]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\
OCRAWARE.lnk - C:\OPLIMIT\OCRAWARE.EXE [2007-01-13 18:45:15 51360]
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2006-01-23 14:30:56 468992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 09:18:22 10872]
Instant Update Reminder.lnk - C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe [2003-11-20 21:56:49 529920]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38 614531]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2004-06-11 12:13:29 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_JetSend.exe"=
"C:\\WINDOWS\\kdx\\khost.exe"=
"C:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Yahoo!\\YPSR\\Quarantine\\ppq1D.tmp\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\UnrealTournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 18:11]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2003-09-22 14:46]
R1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2003-05-19 04:12]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-05 23:08]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-03 16:22]
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 09:28]

.
Contents of the 'Scheduled Tasks' folder
"2002-01-01 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-06-08 02:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2002-01-01 08:30:01 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\errorkiller\ErrorKiller.ex
- C:\Program Files\errorkiller
"2008-03-23 03:03:02 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2008-03-23 12:59:50 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 09:53:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-23 9:56:08
ComboFix-quarantined-files.txt 2008-03-23 13:55:29
ComboFix2.txt 2008-03-23 00:22:49
ComboFix3.txt 2008-03-22 23:25:30
.
2008-03-17 03:00:57 --- E O F ---

HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:48 AM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [HPIJetSend] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10497 bytes

#17
Essexboy

Posted 23 March 2008 - 08:12 AM

GeekU Moderator

Retired Staff
69,964 posts

My apologies that was my error I thought I had removed that part . Duh !

So we are now making progress - yet another scan to find the deeply hidden files. This will be a long report so it will need to be attached

After this we will look at the application error problem

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Close ALL OTHER PROGRAMS.
Open the OTScanit folder and double-click on OTScanit.exe to start the program.
Check the box that says Scan All User Accounts
Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
Under Additional Scans check the following:
- Reg - BotCheck
- Reg - ControlSets
- File - Additional Folder Scans
- File - Purity Scan
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

#18
kingviper

Posted 23 March 2008 - 08:34 AM

Member

Topic Starter
Member
37 posts

The log was so big that I had to create two files. Part 2 is really part 1 and part 3 is really part 2. Sorry EssexBoy teehee.

Attached Files

OTSCANITPART2.Txt 330.41KB 183 downloads

#19
kingviper

Posted 23 March 2008 - 08:35 AM

Member

Topic Starter
Member
37 posts

And the second part.

Attached Files

OTSCANITPART3.Txt 387.2KB 126 downloads

#20
Essexboy

Posted 23 March 2008 - 09:27 AM

GeekU Moderator

Retired Staff
69,964 posts

Well I do not know what you did on 17 March but on that day you gained the following

Beagle
Haxdoor
Rustock
Gabot
Smitfraud
Vundo
Plus several assorted Mailing worms and Password stealers

One or more of the identified infections is a backdoor Trojan and a key logger.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

This fix will kill explorer and reboot your syatem so you will probably loose the desktop for a short period. On completion I would like a new OTScanit scan with the same search options

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[code=auto:0][Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YY -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> C:\WINDOWS\system32\0.exe [0]
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YY -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> C:\WINDOWS\system32\0.exe [0]
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YY -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> C:\WINDOWS\system32\0.exe [0]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
YY -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> C:\WINDOWS\system32\0.exe [0]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> C:\WINDOWS\system32\0.exe [0]
[Files/Folders - Created Within 90 days]
NY -> bde -> %SystemDrive%\bde
NY -> e2g -> %SystemDrive%\e2g
NY -> hellmsn.exe -> %SystemDrive%\hellmsn.exe
NY -> spedia -> %SystemDrive%\spedia
NY -> Start_.cmd -> %SystemDrive%\Start_.cmd
NY -> temp_kl -> %SystemDrive%\temp_kl
NY -> windowsupdate -> %SystemRoot%update
NY -> winssystem.exe -> %SystemDrive%\winssystem.exe
NY -> 0.exe -> %SystemRoot%\System32\0.exe
NY -> 007guard.exe -> %SystemRoot%\System32\007guard.exe
NY -> 1.00.07.dll -> %SystemRoot%\System32\1.00.07.dll
NY -> 1hellbot.exe -> %SystemRoot%\System32\1hellbot.exe
NY -> 2020search.dll -> %SystemRoot%\System32\2020search.dll
NY -> 2020search2.dll -> %SystemRoot%\System32\2020search2.dll
NY -> 2ndsrch.dll -> %SystemRoot%\System32\2ndsrch.dll
NY -> 2searchinstaller.exe -> %SystemRoot%\System32\2searchinstaller.exe
NY -> 2_0_1browserhelper2.dll -> %SystemRoot%\System32\2_0_1browserhelper2.dll
NY -> 3_0_1browserhelper3.dll -> %SystemRoot%\System32\3_0_1browserhelper3.dll
NY -> 4ccc3cea.exe -> %SystemRoot%\System32\4ccc3cea.exe
NY -> 5_0_1browserhelper5.dll -> %SystemRoot%\System32\5_0_1browserhelper5.dll
NY -> 666.exe -> %SystemRoot%\System32\666.exe
NY -> 7search.dll -> %SystemRoot%\System32\7search.dll
NY -> a.exe -> %SystemRoot%\System32\a.exe
NY -> abeb.dll -> %SystemRoot%\System32\abeb.dll
NY -> abs.exe -> %SystemRoot%\System32\abs.exe
NY -> absnro.dll -> %SystemRoot%\System32\absnro.dll
NY -> acd.dll -> %SystemRoot%\System32\acd.dll
NY -> actidmoc.exe -> %SystemRoot%\System32\actidmoc.exe
NY -> adcache -> %SystemRoot%\System32\adcache
NY -> adchkr.exe -> %SystemRoot%\System32\adchkr.exe
NY -> adddx.dll -> %SystemRoot%\System32\adddx.dll
NY -> addgp32.exe -> %SystemRoot%\System32\addgp32.exe
NY -> addwh32.exe -> %SystemRoot%\System32\addwh32.exe
NY -> adimage.dll -> %SystemRoot%\System32\adimage.dll
NY -> admeiolo.dll -> %SystemRoot%\System32\admeiolo.dll
NY -> adv.dll -> %SystemRoot%\System32\adv.dll
NY -> advert.dll -> %SystemRoot%\System32\advert.dll
NY -> advertcontrolxcontrol.ocx -> %SystemRoot%\System32\advertcontrolxcontrol.ocx
NY -> aess2.dll -> %SystemRoot%\System32\aess2.dll
NY -> amcis.dll -> %SystemRoot%\System32\amcis.dll
NY -> amcis2.dll -> %SystemRoot%\System32\amcis2.dll
NY -> amcis3.dll -> %SystemRoot%\System32\amcis3.dll
NY -> anaamon.dll -> %SystemRoot%\System32\anaamon.dll
NY -> anadsc.ocx -> %SystemRoot%\System32\anadsc.ocx
NY -> anadscb.ocx -> %SystemRoot%\System32\anadscb.ocx
NY -> angelex.exe -> %SystemRoot%\System32\angelex.exe
NY -> anti_troj.exe -> %SystemRoot%\System32\anti_troj.exe
NY -> apica.exe -> %SystemRoot%\System32\apica.exe
NY -> apioe.exe -> %SystemRoot%\System32\apioe.exe
NY -> apivy.exe -> %SystemRoot%\System32\apivy.exe
NY -> aplsp.dll -> %SystemRoot%\System32\aplsp.dll
NY -> appio.exe -> %SystemRoot%\System32\appio.exe
NY -> appis32.exe -> %SystemRoot%\System32\appis32.exe
NY -> appjc32.exe -> %SystemRoot%\System32\appjc32.exe
NY -> appoe32.exe -> %SystemRoot%\System32\appoe32.exe
NY -> arb1tal.dll -> %SystemRoot%\System32\arb1tal.dll
NY -> askearth17.exe -> %SystemRoot%\System32\askearth17.exe
NY -> ast.exe -> %SystemRoot%\System32\ast.exe
NY -> astctl32.dll -> %SystemRoot%\System32\astctl32.dll
NY -> astctl32.ocx -> %SystemRoot%\System32\astctl32.ocx
NY -> atlhy.exe -> %SystemRoot%\System32\atlhy.exe
NY -> atlkt32.exe -> %SystemRoot%\System32\atlkt32.exe
NY -> atlpv32.exe -> %SystemRoot%\System32\atlpv32.exe
NY -> atpartners.dll -> %SystemRoot%\System32\atpartners.dll
NY -> auole4.dll -> %SystemRoot%\System32\auole4.dll
NY -> aupdate.exe -> %SystemRoot%\System32\aupdate.exe
NY -> aupdate_uninstall.exe -> %SystemRoot%\System32\aupdate_uninstall.exe
NY -> autosearch.dll -> %SystemRoot%\System32\autosearch.dll
NY -> avifipxr.dll -> %SystemRoot%\System32\avifipxr.dll
NY -> avpcc.dll -> %SystemRoot%\System32\avpcc.dll
NY -> avpi32.dll -> %SystemRoot%\System32\avpi32.dll
NY -> avpp32.dll -> %SystemRoot%\System32\avpp32.dll
NY -> avpr.exe -> %SystemRoot%\System32\avpr.exe
NY -> avpx32.dll -> %SystemRoot%\System32\avpx32.dll
NY -> avpx32.sys -> %SystemRoot%\System32\avpx32.sys
NY -> avpx64.sys -> %SystemRoot%\System32\avpx64.sys
NY -> axconfig.dll -> %SystemRoot%\System32\axconfig.dll
NY -> axxt32.dll -> %SystemRoot%\System32\axxt32.dll
NY -> barbho.dll -> %SystemRoot%\System32\barbho.dll
NY -> bawindo.exe -> %SystemRoot%\System32\bawindo.exe
NY -> bawindo.exeopen -> %SystemRoot%\System32\bawindo.exeopen
NY -> bawindo.exeopenopen -> %SystemRoot%\System32\bawindo.exeopenopen
NY -> bbchk.exe -> %SystemRoot%\System32\bbchk.exe
NY -> bdedata2.dll -> %SystemRoot%\System32\bdedata2.dll
NY -> bdedownloader.dll -> %SystemRoot%\System32\bdedownloader.dll
NY -> bdefdi.dll -> %SystemRoot%\System32\bdefdi.dll
NY -> bdeinsta2.dll -> %SystemRoot%\System32\bdeinsta2.dll
NY -> bdeinstall.exe -> %SystemRoot%\System32\bdeinstall.exe
NY -> bdesecureinstall.cab -> %SystemRoot%\System32\bdesecureinstall.cab
NY -> bdesecureinstall.exe -> %SystemRoot%\System32\bdesecureinstall.exe
NY -> bdeverify.dll -> %SystemRoot%\System32\bdeverify.dll
NY -> bdle4012.exe -> %SystemRoot%\System32\bdle4012.exe
NY -> belop.dll -> %SystemRoot%\System32\belop.dll
NY -> bho001.dll -> %SystemRoot%\System32\bho001.dll
NY -> bik.exe -> %SystemRoot%\System32\bik.exe
NY -> bkmsf32.dat -> %SystemRoot%\System32\bkmsf32.dat
NY -> bmeb.dll -> %SystemRoot%\System32\bmeb.dll
NY -> bmtdhh.dll -> %SystemRoot%\System32\bmtdhh.dll
NY -> boot32.sys -> %SystemRoot%\System32\boot32.sys
NY -> botzor.exe -> %SystemRoot%\System32\botzor.exe
NY -> bpln.dll -> %SystemRoot%\System32\bpln.dll
NY -> bpv1a.dll -> %SystemRoot%\System32\bpv1a.dll
NY -> bpv2s.dll -> %SystemRoot%\System32\bpv2s.dll
NY -> bpv2t.dll -> %SystemRoot%\System32\bpv2t.dll
NY -> bridge.dll -> %SystemRoot%\System32\bridge.dll
NY -> broweraidtoolbar.dll -> %SystemRoot%\System32\broweraidtoolbar.dll
NY -> brwconf.exe -> %SystemRoot%\System32\brwconf.exe
NY -> brwmgr32.dll -> %SystemRoot%\System32\brwmgr32.dll
NY -> brwperf.exe -> %SystemRoot%\System32\brwperf.exe
NY -> brwprf32.dll -> %SystemRoot%\System32\brwprf32.dll
NY -> brwstat.dll -> %SystemRoot%\System32\brwstat.dll
NY -> bs2.dll -> %SystemRoot%\System32\bs2.dll
NY -> bs3.dll -> %SystemRoot%\System32\bs3.dll
NY -> bsx5.dll -> %SystemRoot%\System32\bsx5.dll
NY -> btiein.dll -> %SystemRoot%\System32\btiein.dll
NY -> bundler_mpb_sb.exe -> %SystemRoot%\System32\bundler_mpb_sb.exe
NY -> bxsx5.dll -> %SystemRoot%\System32\bxsx5.dll
NY -> bxxs5.dll -> %SystemRoot%\System32\bxxs5.dll
NY -> c3.dll -> %SystemRoot%\System32\c3.dll
NY -> c3.sys -> %SystemRoot%\System32\c3.sys
NY -> c4.sys -> %SystemRoot%\System32\c4.sys
NY -> calsp.dll -> %SystemRoot%\System32\calsp.dll
NY -> camodpnm.exe -> %SystemRoot%\System32\camodpnm.exe
NY -> casldr.dll -> %SystemRoot%\System32\casldr.dll
NY -> ccsrs.exe -> %SystemRoot%\System32\ccsrs.exe
NY -> cdlsp.dll -> %SystemRoot%\System32\cdlsp.dll
NY -> cdsync.dll -> %SystemRoot%\System32\cdsync.dll
NY -> cd_clint.exe -> %SystemRoot%\System32\cd_clint.exe
NY -> cd_gif.dll -> %SystemRoot%\System32\cd_gif.dll
NY -> cd_htm.dll -> %SystemRoot%\System32\cd_htm.dll
NY -> cd_load.exe -> %SystemRoot%\System32\cd_load.exe
NY -> cd_swf.dll -> %SystemRoot%\System32\cd_swf.dll
NY -> cert32.dll -> %SystemRoot%\System32\cert32.dll
NY -> chgrgs.dll -> %SystemRoot%\System32\chgrgs.dll
NY -> chkmfdep.exe -> %SystemRoot%\System32\chkmfdep.exe
NY -> cidrules.dll -> %SystemRoot%\System32\cidrules.dll
NY -> cm.dll -> %SystemRoot%\System32\cm.dll
NY -> comload.dll -> %SystemRoot%\System32\comload.dll
NY -> comploader.dll -> %SystemRoot%\System32\comploader.dll
NY -> comrkbdd.exe -> %SystemRoot%\System32\comrkbdd.exe
NY -> confbrw.dll -> %SystemRoot%\System32\confbrw.dll
NY -> coolbot.exe -> %SystemRoot%\System32\coolbot.exe
NY -> coolwebsearch-info.dll -> %SystemRoot%\System32\coolwebsearch-info.dll
NY -> crby32.exe -> %SystemRoot%\System32\crby32.exe
NY -> crcz.exe -> %SystemRoot%\System32\crcz.exe
NY -> criticalupdater.exe -> %SystemRoot%\System32\criticalupdater.exe
NY -> crko.exe -> %SystemRoot%\System32\crko.exe
NY -> crocopop32.exe -> %SystemRoot%\System32\crocopop32.exe
NY -> crsw32.exe -> %SystemRoot%\System32\crsw32.exe
NY -> crxa.exe -> %SystemRoot%\System32\crxa.exe
NY -> csie.dll -> %SystemRoot%\System32\csie.dll
NY -> csm.exe -> %SystemRoot%\System32\csm.exe
NY -> ctbhooks.dll -> %SystemRoot%\System32\ctbhooks.dll
NY -> ctf -> %SystemRoot%\System32\ctf
NY -> ctfmon32.exe -> %SystemRoot%\System32\ctfmon32.exe
NY -> ctrlpan.dll -> %SystemRoot%\System32\ctrlpan.dll
NY -> customtoolbar.dll -> %SystemRoot%\System32\customtoolbar.dll
NY -> cz.dll -> %SystemRoot%\System32\cz.dll
NY -> d3fm.exe -> %SystemRoot%\System32\d3fm.exe
NY -> d3gj.exe -> %SystemRoot%\System32\d3gj.exe
NY -> d3ul32.exe -> %SystemRoot%\System32\d3ul32.exe
NY -> dad.bat -> %SystemRoot%\System32\dad.bat
NY -> davctool.dll -> %SystemRoot%\System32\davctool.dll
NY -> davctool.exe -> %SystemRoot%\System32\davctool.exe
NY -> dcomcfg.exe -> %SystemRoot%\System32\dcomcfg.exe
NY -> dcomuser.exe -> %SystemRoot%\System32\dcomuser.exe
NY -> ddemdmco.dll -> %SystemRoot%\System32\ddemdmco.dll
NY -> debugg.dll -> %SystemRoot%\System32\debugg.dll
NY -> delj.dll -> %SystemRoot%\System32\delj.dll
NY -> deltaclick.dll -> %SystemRoot%\System32\deltaclick.dll
NY -> deskmcd3.dll -> %SystemRoot%\System32\deskmcd3.dll
NY -> dfe1.exe -> %SystemRoot%\System32\dfe1.exe
NY -> dfrgsrv.exe -> %SystemRoot%\System32\dfrgsrv.exe
NY -> df_kme.exe -> %SystemRoot%\System32\df_kme.exe
NY -> dhcp32 -> %SystemRoot%\System32\dhcp32
NY -> dhtmlaccess.dll -> %SystemRoot%\System32\dhtmlaccess.dll
NY -> diabolo.exe -> %SystemRoot%\System32\diabolo.exe
NY -> dialeroffline.dll -> %SystemRoot%\System32\dialeroffline.dll
NY -> disable.dll -> %SystemRoot%\System32\disable.dll
NY -> disable1.dll -> %SystemRoot%\System32\disable1.dll
NY -> dlgli.exe -> %SystemRoot%\System32\dlgli.exe
NY -> dlh0st.dll -> %SystemRoot%\System32\dlh0st.dll
NY -> dnse.dll -> %SystemRoot%\System32\dnse.dll
NY -> dnserr.dll -> %SystemRoot%\System32\dnserr.dll
NY -> dnsrelay.dll -> %SystemRoot%\System32\dnsrelay.dll
NY -> dnsrxpob.exe -> %SystemRoot%\System32\dnsrxpob.exe
NY -> dolsp.dll -> %SystemRoot%\System32\dolsp.dll
NY -> doriot.exe -> %SystemRoot%\System32\doriot.exe
NY -> dpugmswe.dll -> %SystemRoot%\System32\dpugmswe.dll
NY -> draw32.dll -> %SystemRoot%\System32\draw32.dll
NY -> drbr.dll -> %SystemRoot%\System32\drbr.dll
NY -> drct16.dll -> %SystemRoot%\System32\drct16.dll
NY -> dreampopper.dll -> %SystemRoot%\System32\dreampopper.dll
NY -> dreplace.dll -> %SystemRoot%\System32\dreplace.dll
NY -> drpmon.dll -> %SystemRoot%\System32\drpmon.dll
NY -> drvddll.exe -> %SystemRoot%\System32\drvddll.exe
NY -> drvddll.exeopen -> %SystemRoot%\System32\drvddll.exeopen
NY -> drvddll.exeopenopen -> %SystemRoot%\System32\drvddll.exeopenopen
NY -> ds.exe -> %SystemRoot%\System32\ds.exe
NY -> dsseds32.dll -> %SystemRoot%\System32\dsseds32.dll
NY -> dsseds32.exe -> %SystemRoot%\System32\dsseds32.exe
NY -> duel.exe -> %SystemRoot%\System32\duel.exe
NY -> dumphive.exe -> %SystemRoot%\System32\dumphive.exe
NY -> dvb03a.dll -> %SystemRoot%\System32\dvb03a.dll
NY -> dvb03a.sys -> %SystemRoot%\System32\dvb03a.sys
NY -> dvb06a.sys -> %SystemRoot%\System32\dvb06a.sys
NY -> dxm8vb.dll -> %SystemRoot%\System32\dxm8vb.dll
NY -> dxmpp.dll -> %SystemRoot%\System32\dxmpp.dll
NY -> dxtpdx.dll -> %SystemRoot%\System32\dxtpdx.dll
NY -> easywww.exe -> %SystemRoot%\System32\easywww.exe
NY -> easywww2.exe -> %SystemRoot%\System32\easywww2.exe
NY -> easywww3.exe -> %SystemRoot%\System32\easywww3.exe
NY -> eetvpn.dll -> %SystemRoot%\System32\eetvpn.dll
NY -> eetvpn.sys -> %SystemRoot%\System32\eetvpn.sys
NY -> eexvpn.sys -> %SystemRoot%\System32\eexvpn.sys
NY -> egdhtml_1023.dll -> %SystemRoot%\System32\egdhtml_1023.dll
NY -> egdhtml_1024.dll -> %SystemRoot%\System32\egdhtml_1024.dll
NY -> egdhtml_1025.dll -> %SystemRoot%\System32\egdhtml_1025.dll
NY -> egdhtml_1026.dll -> %SystemRoot%\System32\egdhtml_1026.dll
NY -> egdhtml_1027.dll -> %SystemRoot%\System32\egdhtml_1027.dll
NY -> egdial.dll -> %SystemRoot%\System32\egdial.dll
NY -> eghtmldialer.dll -> %SystemRoot%\System32\eghtmldialer.dll
NY -> ei.exe -> %SystemRoot%\System32\ei.exe
NY -> emesx.dll -> %SystemRoot%\System32\emesx.dll
NY -> eros.exe -> %SystemRoot%\System32\eros.exe
NY -> estartlinkrotater.exe -> %SystemRoot%\System32\estartlinkrotater.exe
NY -> evil.exe -> %SystemRoot%\System32\evil.exe
NY -> excel10.dll -> %SystemRoot%\System32\excel10.dll
NY -> exclean.exe -> %SystemRoot%\System32\exclean.exe
NY -> exdl.exe -> %SystemRoot%\System32\exdl.exe
NY -> exdl0.exe -> %SystemRoot%\System32\exdl0.exe
NY -> exdl1.exe -> %SystemRoot%\System32\exdl1.exe
NY -> exdl2.exe -> %SystemRoot%\System32\exdl2.exe
NY -> exdl3.exe -> %SystemRoot%\System32\exdl3.exe
NY -> exefld -> %SystemRoot%\System32\exefld
NY -> expext.dll -> %SystemRoot%\System32\expext.dll
NY -> expup.exe -> %SystemRoot%\System32\expup.exe
NY -> exul.exe -> %SystemRoot%\System32\exul.exe
NY -> exul1.exe -> %SystemRoot%\System32\exul1.exe
NY -> exul3.exe -> %SystemRoot%\System32\exul3.exe
NY -> ezpopstub.exe -> %SystemRoot%\System32\ezpopstub.exe
NY -> ezxiiyv.exe -> %SystemRoot%\System32\ezxiiyv.exe
NY -> f0r0r -> %SystemRoot%\System32\f0r0r
NY -> f1.dll -> %SystemRoot%\System32\f1.dll
NY -> famcff.dll -> %SystemRoot%\System32\famcff.dll
NY -> farmmext.exe -> %SystemRoot%\System32\farmmext.exe
NY -> fastseekertoolbar.dll -> %SystemRoot%\System32\fastseekertoolbar.dll
NY -> favboot.dll -> %SystemRoot%\System32\favboot.dll
NY -> favman.dll -> %SystemRoot%\System32\favman.dll
NY -> favorite.dll -> %SystemRoot%\System32\favorite.dll
NY -> fcyberalert -> %SystemRoot%\System32\fcyberalert
NY -> fdsv.exe -> %SystemRoot%\System32\fdsv.exe
NY -> feeds -> %SystemRoot%\System32\feeds
NY -> filekiller.dll -> %SystemRoot%\System32\filekiller.dll
NY -> fileserv.dll -> %SystemRoot%\System32\fileserv.dll
NY -> filgmo.exe -> %SystemRoot%\System32\filgmo.exe
NY -> fixupdattr.exe -> %SystemRoot%\System32\fixupdattr.exe
NY -> fk.dll -> %SystemRoot%\System32\fk.dll
NY -> flcp.dll -> %SystemRoot%\System32\flcp.dll
NY -> flt.dll -> %SystemRoot%\System32\flt.dll
NY -> fltlauto.exe -> %SystemRoot%\System32\fltlauto.exe
NY -> fone.dll -> %SystemRoot%\System32\fone.dll
NY -> ftapp.dll -> %SystemRoot%\System32\ftapp.dll
NY -> [bleep].exe -> %SystemRoot%\System32\[bleep].exe
NY -> fuxx32.dll -> %SystemRoot%\System32\fuxx32.dll
NY -> fwntoolbar.dll -> %SystemRoot%\System32\fwntoolbar.dll
NY -> game1.exe -> %SystemRoot%\System32\game1.exe
NY -> game2.exe -> %SystemRoot%\System32\game2.exe
NY -> game3.exe -> %SystemRoot%\System32\game3.exe
NY -> gcasctrl.exe -> %SystemRoot%\System32\gcasctrl.exe
NY -> gdu.dll -> %SystemRoot%\System32\gdu.dll
NY -> gegnba.dll -> %SystemRoot%\System32\gegnba.dll
NY -> gejafa.dll -> %SystemRoot%\System32\gejafa.dll
NY -> ginuerep.dll -> %SystemRoot%\System32\ginuerep.dll
NY -> gln.dll -> %SystemRoot%\System32\gln.dll
NY -> gold2.dll -> %SystemRoot%\System32\gold2.dll
NY -> google.png.exe -> %SystemRoot%\System32\google.png.exe
NY -> googlems.dll -> %SystemRoot%\System32\googlems.dll
NY -> gothica.exe -> %SystemRoot%\System32\gothica.exe
NY -> goupdate.exe -> %SystemRoot%\System32\goupdate.exe
NY -> gr02.dll -> %SystemRoot%\System32\gr02.dll
NY -> gsim.dll -> %SystemRoot%\System32\gsim.dll
NY -> gws.dll -> %SystemRoot%\System32\gws.dll
NY -> hbmail.exe -> %SystemRoot%\System32\hbmail.exe
NY -> hhselz32.dll -> %SystemRoot%\System32\hhselz32.dll
NY -> higehsg.dll -> %SystemRoot%\System32\higehsg.dll
NY -> highlighthelper.dll -> %SystemRoot%\System32\highlighthelper.dll
NY -> hldrrr.exe -> %SystemRoot%\System32\hldrrr.exe
NY -> hlmk.dll -> %SystemRoot%\System32\hlmk.dll
NY -> hm.sys -> %SystemRoot%\System32\hm.sys
NY -> hmepge.dll -> %SystemRoot%\System32\hmepge.dll
NY -> homepage.dll -> %SystemRoot%\System32\homepage.dll
NY -> hook1.dll -> %SystemRoot%\System32\hook1.dll
NY -> hook2.dll -> %SystemRoot%\System32\hook2.dll
NY -> hookpopup.dll -> %SystemRoot%\System32\hookpopup.dll
NY -> host.dll -> %SystemRoot%\System32\host.dll
NY -> hostdrvxp.exe -> %SystemRoot%\System32\hostdrvxp.exe
NY -> hotlink.dll -> %SystemRoot%\System32\hotlink.dll
NY -> htmdeng.exe -> %SystemRoot%\System32\htmdeng.exe
NY -> httper.dll -> %SystemRoot%\System32\httper.dll
NY -> hz.dll -> %SystemRoot%\System32\hz.dll
NY -> i4n27vl.exe -> %SystemRoot%\System32\i4n27vl.exe
NY -> ia.dll -> %SystemRoot%\System32\ia.dll
NY -> iaspdpus.dll -> %SystemRoot%\System32\iaspdpus.dll
NY -> icmpdx3j.dll -> %SystemRoot%\System32\icmpdx3j.dll
NY -> ide -> %SystemRoot%\System32\ide
NY -> idleui.dll -> %SystemRoot%\System32\idleui.dll
NY -> ie.dll -> %SystemRoot%\System32\ie.dll
NY -> ieaccess2.dll -> %SystemRoot%\System32\ieaccess2.dll
NY -> iebhos.dll -> %SystemRoot%\System32\iebhos.dll
NY -> iebrw.dll -> %SystemRoot%\System32\iebrw.dll
NY -> IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe
NY -> iedriver -> %SystemRoot%\System32\iedriver
NY -> iefeatsl.dll -> %SystemRoot%\System32\iefeatsl.dll
NY -> iefeatures.exe -> %SystemRoot%\System32\iefeatures.exe
NY -> iefeaturesversion.exe -> %SystemRoot%\System32\iefeaturesversion.exe
NY -> iefi.exe -> %SystemRoot%\System32\iefi.exe
NY -> iefy.exe -> %SystemRoot%\System32\iefy.exe
NY -> iehook.dll -> %SystemRoot%\System32\iehook.dll
NY -> iehost.exe -> %SystemRoot%\System32\iehost.exe
NY -> iehost34.exe -> %SystemRoot%\System32\iehost34.exe
NY -> iemonit.dll -> %SystemRoot%\System32\iemonit.dll
NY -> iemsg.dll -> %SystemRoot%\System32\iemsg.dll
NY -> iesearchbar.dll -> %SystemRoot%\System32\iesearchbar.dll
NY -> ietie.dll -> %SystemRoot%\System32\ietie.dll
NY -> ietoolbar.dll -> %SystemRoot%\System32\ietoolbar.dll
NY -> ieug32.exe -> %SystemRoot%\System32\ieug32.exe
NY -> iewe32.exe -> %SystemRoot%\System32\iewe32.exe
NY -> iexplorr11.dll -> %SystemRoot%\System32\iexplorr11.dll
NY -> iexplorr22.dll -> %SystemRoot%\System32\iexplorr22.dll
NY -> iexplorr23.dll -> %SystemRoot%\System32\iexplorr23.dll
NY -> iexplorr24.dll -> %SystemRoot%\System32\iexplorr24.dll
NY -> iexplorr25.dll -> %SystemRoot%\System32\iexplorr25.dll
NY -> iexplorr26.dll -> %SystemRoot%\System32\iexplorr26.dll
NY -> iexplorr27.dll -> %SystemRoot%\System32\iexplorr27.dll
NY -> ie_clrsch.dll -> %SystemRoot%\System32\ie_clrsch.dll
NY -> ifhelper.dll -> %SystemRoot%\System32\ifhelper.dll
NY -> ifsomatic.dll -> %SystemRoot%\System32\ifsomatic.dll
NY -> im64.dll -> %SystemRoot%\System32\im64.dll
NY -> imesrdch.exe -> %SystemRoot%\System32\imesrdch.exe
NY -> imgiant.dll -> %SystemRoot%\System32\imgiant.dll
NY -> in10b6s.dll -> %SystemRoot%\System32\in10b6s.dll
NY -> ineb.dll -> %SystemRoot%\System32\ineb.dll
NY -> inetp60.dll -> %SystemRoot%\System32\inetp60.dll
NY -> iniwin32.dll -> %SystemRoot%\System32\iniwin32.dll
NY -> install_all.dll -> %SystemRoot%\System32\install_all.dll
NY -> instsrv.exe -> %SystemRoot%\System32\instsrv.exe
NY -> internetfeatures.exe -> %SystemRoot%\System32\internetfeatures.exe
NY -> intfaxui.exe -> %SystemRoot%\System32\intfaxui.exe
NY -> intmon.exe -> %SystemRoot%\System32\intmon.exe
NY -> ipcclient.dll -> %SystemRoot%\System32\ipcclient.dll
NY -> ipclient.dll -> %SystemRoot%\System32\ipclient.dll
NY -> ipgs.exe -> %SystemRoot%\System32\ipgs.exe
NY -> iphj32.exe -> %SystemRoot%\System32\iphj32.exe
NY -> ippy.exe -> %SystemRoot%\System32\ippy.exe
NY -> ipst32.exe -> %SystemRoot%\System32\ipst32.exe
NY -> ipxrmfc4.dll -> %SystemRoot%\System32\ipxrmfc4.dll
NY -> ipxwshel.exe -> %SystemRoot%\System32\ipxwshel.exe
NY -> ir32racp.exe -> %SystemRoot%\System32\ir32racp.exe
NY -> ishost.exe -> %SystemRoot%\System32\ishost.exe
NY -> ismon.exe -> %SystemRoot%\System32\ismon.exe
NY -> isnotify.exe -> %SystemRoot%\System32\isnotify.exe
NY -> issearch.exe -> %SystemRoot%\System32\issearch.exe
NY -> itunegui.exe -> %SystemRoot%\System32\itunegui.exe
NY -> iuennwcf.dll -> %SystemRoot%\System32\iuennwcf.dll
NY -> javex80.vxd -> %SystemRoot%\System32\javex80.vxd
NY -> javexulm.vxd -> %SystemRoot%\System32\javexulm.vxd
NY -> jehmbyxrubdb.dll -> %SystemRoot%\System32\jehmbyxrubdb.dll
NY -> jeired.dll -> %SystemRoot%\System32\jeired.dll
NY -> jgdwadsn.dll -> %SystemRoot%\System32\jgdwadsn.dll
NY -> jgdwadsn.exe -> %SystemRoot%\System32\jgdwadsn.exe
NY -> jgsdrpcn.dll -> %SystemRoot%\System32\jgsdrpcn.dll
NY -> jgsdrpcn.exe -> %SystemRoot%\System32\jgsdrpcn.exe
NY -> jsdapi.exe -> %SystemRoot%\System32\jsdapi.exe
NY -> kbdfwshe.exe -> %SystemRoot%\System32\kbdfwshe.exe
NY -> kbdpkbdr.exe -> %SystemRoot%\System32\kbdpkbdr.exe
NY -> keyactivex.ocx -> %SystemRoot%\System32\keyactivex.ocx
NY -> keyhost.exe -> %SystemRoot%\System32\keyhost.exe
NY -> keymap.dll -> %SystemRoot%\System32\keymap.dll
NY -> kha.dll -> %SystemRoot%\System32\kha.dll
NY -> klo5.sys -> %SystemRoot%\System32\klo5.sys
NY -> kncjmlb.dll -> %SystemRoot%\System32\kncjmlb.dll
NY -> ladchkr.exe -> %SystemRoot%\System32\ladchkr.exe
NY -> lanh32.dll -> %SystemRoot%\System32\lanh32.dll
NY -> lanmui.dll -> %SystemRoot%\System32\lanmui.dll
NY -> laziqn.exe -> %SystemRoot%\System32\laziqn.exe
NY -> lcch.dat -> %SystemRoot%\System32\lcch.dat
NY -> lcd32.exe -> %SystemRoot%\System32\lcd32.exe
NY -> lien van de kelder.exe -> %SystemRoot%\System32\lien van de kelder.exe
NY -> lien Van de kelderrr.exe -> %SystemRoot%\System32\lien Van de kelderrr.exe
NY -> lien vande kelder.exe -> %SystemRoot%\System32\lien vande kelder.exe
NY -> lien vd kelder.exe -> %SystemRoot%\System32\lien vd kelder.exe
NY -> lientjeuh.exe -> %SystemRoot%\System32\lientjeuh.exe
NY -> lienvandekelder.exe -> %SystemRoot%\System32\lienvandekelder.exe
NY -> lienvdk.exe -> %SystemRoot%\System32\lienvdk.exe
NY -> links.dll -> %SystemRoot%\System32\links.dll
NY -> ljjhh.dll -> %SystemRoot%\System32\ljjhh.dll
NY -> lmrtatkc.dll -> %SystemRoot%\System32\lmrtatkc.dll
NY -> ln_reco.exe -> %SystemRoot%\System32\ln_reco.exe
NY -> loader_name.exe -> %SystemRoot%\System32\loader_name.exe
NY -> loader_name.exeopen -> %SystemRoot%\System32\loader_name.exeopen
NY -> loader_name.exeopenopen -> %SystemRoot%\System32\loader_name.exeopenopen
NY -> localnrd.dll -> %SystemRoot%\System32\localnrd.dll
NY -> logic.exe -> %SystemRoot%\System32\logic.exe
NY -> logitechwls.exe -> %SystemRoot%\System32\logitechwls.exe
NY -> lp.dll -> %SystemRoot%\System32\lp.dll
NY -> lp.exe -> %SystemRoot%\System32\lp.exe
NY -> lspak.dll -> %SystemRoot%\System32\lspak.dll
NY -> lstb4drc.dll -> %SystemRoot%\System32\lstb4drc.dll
NY -> lstb4drc.exe -> %SystemRoot%\System32\lstb4drc.exe
NY -> lut.dat -> %SystemRoot%\System32\lut.dat
NY -> lwz.dll -> %SystemRoot%\System32\lwz.dll
NY -> madise.dll -> %SystemRoot%\System32\madise.dll
NY -> mailinfo.exe -> %SystemRoot%\System32\mailinfo.exe
NY -> mapisvc32.exe -> %SystemRoot%\System32\mapisvc32.exe
NY -> mbr32.dll -> %SystemRoot%\System32\mbr32.dll
NY -> mcd3mscm.dll -> %SystemRoot%\System32\mcd3mscm.dll
NY -> mcscn.exe -> %SystemRoot%\System32\mcscn.exe
NY -> memloader.exe -> %SystemRoot%\System32\memloader.exe
NY -> memlow.sys -> %SystemRoot%\System32\memlow.sys
NY -> messenger.lib.exe -> %SystemRoot%\System32\messenger.lib.exe
NY -> mfcgt32.exe -> %SystemRoot%\System32\mfcgt32.exe
NY -> mfcqc32.exe -> %SystemRoot%\System32\mfcqc32.exe
NY -> mfcuo.exe -> %SystemRoot%\System32\mfcuo.exe
NY -> mgeekremove.exe -> %SystemRoot%\System32\mgeekremove.exe
NY -> mgmtmtxc.exe -> %SystemRoot%\System32\mgmtmtxc.exe
NY -> mgs_32.dll -> %SystemRoot%\System32\mgs_32.dll
NY -> microsystem.exe -> %SystemRoot%\System32\microsystem.exe
NY -> microupdate.exe -> %SystemRoot%\System32\microupdate.exe
NY -> mid.dll -> %SystemRoot%\System32\mid.dll
NY -> mmview_101.dll -> %SystemRoot%\System32\mmview_101.dll
NY -> mmx17g.dll -> %SystemRoot%\System32\mmx17g.dll
NY -> mmx432.dll -> %SystemRoot%\System32\mmx432.dll
NY -> mmx4xt.dll -> %SystemRoot%\System32\mmx4xt.dll
NY -> mmxf32.dll -> %SystemRoot%\System32\mmxf32.dll
NY -> mmxf64.sys -> %SystemRoot%\System32\mmxf64.sys
NY -> mouse.exe -> %SystemRoot%\System32\mouse.exe
NY -> mpz300.dll -> %SystemRoot%\System32\mpz300.dll
NY -> mqadscp3.exe -> %SystemRoot%\System32\mqadscp3.exe
NY -> mqexdlm.srg -> %SystemRoot%\System32\mqexdlm.srg
NY -> mqoacdmo.dll -> %SystemRoot%\System32\mqoacdmo.dll
NY -> mrkscr.exe -> %SystemRoot%\System32\mrkscr.exe
NY -> MRT.INI -> %SystemRoot%\System32\MRT.INI
NY -> msa64chk.dll -> %SystemRoot%\System32\msa64chk.dll
NY -> msafiasn.dll -> %SystemRoot%\System32\msafiasn.dll
NY -> msapasrc.dll -> %SystemRoot%\System32\msapasrc.dll
NY -> msbe.dll -> %SystemRoot%\System32\msbe.dll
NY -> mscache.dll -> %SystemRoot%\System32\mscache.dll
NY -> mscb.dll -> %SystemRoot%\System32\mscb.dll
NY -> msccof.exe -> %SystemRoot%\System32\msccof.exe
NY -> mscdka.dll -> %SystemRoot%\System32\mscdka.dll
NY -> msconfd.dll -> %SystemRoot%\System32\msconfd.dll
NY -> mscornet.exe -> %SystemRoot%\System32\mscornet.exe
NY -> mscpbo.exe -> %SystemRoot%\System32\mscpbo.exe
NY -> msdaim.dll -> %SystemRoot%\System32\msdaim.dll
NY -> msdev32.exe -> %SystemRoot%\System32\msdev32.exe
NY -> msdlgk.dll -> %SystemRoot%\System32\msdlgk.dll
NY -> mseclk.dll -> %SystemRoot%\System32\mseclk.dll
NY -> msedah.dll -> %SystemRoot%\System32\msedah.dll
NY -> mseffm.dll -> %SystemRoot%\System32\mseffm.dll
NY -> msegcompid.dll -> %SystemRoot%\System32\msegcompid.dll
NY -> mseggrpid.dll -> %SystemRoot%\System32\mseggrpid.dll
NY -> msenfh.dll -> %SystemRoot%\System32\msenfh.dll
NY -> msexcred.exe -> %SystemRoot%\System32\msexcred.exe
NY -> msexreg.exe -> %SystemRoot%\System32\msexreg.exe
NY -> msfaol.dll -> %SystemRoot%\System32\msfaol.dll
NY -> msgdmf.exe -> %SystemRoot%\System32\msgdmf.exe
NY -> msgmr.exe -> %SystemRoot%\System32\msgmr.exe
NY -> mshelper.dll -> %SystemRoot%\System32\mshelper.dll
NY -> msibkd.dll -> %SystemRoot%\System32\msibkd.dll
NY -> msiebho.dll -> %SystemRoot%\System32\msiebho.dll
NY -> msiefr40.dll -> %SystemRoot%\System32\msiefr40.dll
NY -> msiein.dll -> %SystemRoot%\System32\msiein.dll
NY -> msielink.dll -> %SystemRoot%\System32\msielink.dll
NY -> msiesh.dll -> %SystemRoot%\System32\msiesh.dll
NY -> msietk1020.dll -> %SystemRoot%\System32\msietk1020.dll
NY -> msinfosys.dll -> %SystemRoot%\System32\msinfosys.dll
NY -> msipcsv.exe -> %SystemRoot%\System32\msipcsv.exe
NY -> msjfbl.dll -> %SystemRoot%\System32\msjfbl.dll
NY -> mskceo.dll -> %SystemRoot%\System32\mskceo.dll
NY -> mskehb.dll -> %SystemRoot%\System32\mskehb.dll
NY -> mskhhe.dll -> %SystemRoot%\System32\mskhhe.dll
NY -> msklive.dll -> %SystemRoot%\System32\msklive.dll
NY -> mskpkc.dll -> %SystemRoot%\System32\mskpkc.dll
NY -> mslefh.dll -> %SystemRoot%\System32\mslefh.dll
NY -> mslsicwd.dll -> %SystemRoot%\System32\mslsicwd.dll
NY -> mslspcg.exe -> %SystemRoot%\System32\mslspcg.exe
NY -> msmc.exe -> %SystemRoot%\System32\msmc.exe
NY -> msmdld.DLL -> %SystemRoot%\System32\msmdld.DLL
NY -> msmgrxp.exe -> %SystemRoot%\System32\msmgrxp.exe
NY -> msmm.exe -> %SystemRoot%\System32\msmm.exe
NY -> msnavc32.exe -> %SystemRoot%\System32\msnavc32.exe
NY -> msncjk.dll -> %SystemRoot%\System32\msncjk.dll
NY -> msnkmi.dll -> %SystemRoot%\System32\msnkmi.dll
NY -> msnl.exe -> %SystemRoot%\System32\msnl.exe
NY -> msnsxole.dll -> %SystemRoot%\System32\msnsxole.dll
NY -> msnsxole.exe -> %SystemRoot%\System32\msnsxole.exe
NY -> msobfl.dll -> %SystemRoot%\System32\msobfl.dll
NY -> msongn.exe -> %SystemRoot%\System32\msongn.exe
NY -> msph32.exe -> %SystemRoot%\System32\msph32.exe
NY -> msplus.dll -> %SystemRoot%\System32\msplus.dll
NY -> msplus1.dll -> %SystemRoot%\System32\msplus1.dll
NY -> msplus2.dll -> %SystemRoot%\System32\msplus2.dll
NY -> msplus3.dll -> %SystemRoot%\System32\msplus3.dll
NY -> msplus32.exe -> %SystemRoot%\System32\msplus32.exe
NY -> msplus4.dll -> %SystemRoot%\System32\msplus4.dll
NY -> msqsb.dll -> %SystemRoot%\System32\msqsb.dll
NY -> mssck.exe -> %SystemRoot%\System32\mssck.exe
NY -> mssearch.dll -> %SystemRoot%\System32\mssearch.dll
NY -> mssearchnet.exe -> %SystemRoot%\System32\mssearchnet.exe
NY -> msspi.dll -> %SystemRoot%\System32\msspi.dll
NY -> msstersv.dll -> %SystemRoot%\System32\msstersv.dll
NY -> mssz32.dll -> %SystemRoot%\System32\mssz32.dll
NY -> msview.dll -> %SystemRoot%\System32\msview.dll
NY -> msxct.exe -> %SystemRoot%\System32\msxct.exe
NY -> msxml4r.exe -> %SystemRoot%\System32\msxml4r.exe
NY -> msxmlpp.dll -> %SystemRoot%\System32\msxmlpp.dll
NY -> msxver64.sqr -> %SystemRoot%\System32\msxver64.sqr
NY -> mtc.dll -> %SystemRoot%\System32\mtc.dll
NY -> mtrnqs.exe -> %SystemRoot%\System32\mtrnqs.exe
NY -> mtwirl32.dll -> %SystemRoot%\System32\mtwirl32.dll
NY -> mupdate.exe -> %SystemRoot%\System32\mupdate.exe
NY -> myaccess.dll -> %SystemRoot%\System32\myaccess.dll
NY -> myad.dll -> %SystemRoot%\System32\myad.dll
NY -> mygeek.dll -> %SystemRoot%\System32\mygeek.dll
NY -> n3tpa1p.dll -> %SystemRoot%\System32\n3tpa1p.dll
NY -> nas.dll -> %SystemRoot%\System32\nas.dll
NY -> navext.dll -> %SystemRoot%\System32\navext.dll
NY -> ndrv.dll -> %SystemRoot%\System32\ndrv.dll
NY -> ndrv.exe -> %SystemRoot%\System32\ndrv.exe
NY -> netcog.exe -> %SystemRoot%\System32\netcog.exe
NY -> netjh32.exe -> %SystemRoot%\System32\netjh32.exe
NY -> netut80ex.vxd -> %SystemRoot%\System32\netut80ex.vxd
NY -> newmsrdk2.zip -> %SystemRoot%\System32\newmsrdk2.zip
NY -> nkgfs.sys -> %SystemRoot%\System32\nkgfs.sys
NY -> nnmzoq.exe -> %SystemRoot%\System32\nnmzoq.exe
NY -> nn_bar.dll -> %SystemRoot%\System32\nn_bar.dll
NY -> nn_bar21.dll -> %SystemRoot%\System32\nn_bar21.dll
NY -> nn_bar22.dll -> %SystemRoot%\System32\nn_bar22.dll
NY -> nn_bar31.dll -> %SystemRoot%\System32\nn_bar31.dll
NY -> norton update.exe -> %SystemRoot%\System32\norton update.exe
NY -> ntdx.exe -> %SystemRoot%\System32\ntdx.exe
NY -> nvapps.nvb -> %SystemRoot%\System32\nvapps.nvb
NY -> nvctrl.exe -> %SystemRoot%\System32\nvctrl.exe
NY -> nvms.dll -> %SystemRoot%\System32\nvms.dll
NY -> nvrcr32.dll -> %SystemRoot%\System32\nvrcr32.dll
NY -> oebdfc.dll -> %SystemRoot%\System32\oebdfc.dll
NY -> ofrg.dll -> %SystemRoot%\System32\ofrg.dll
NY -> ogg.dll -> %SystemRoot%\System32\ogg.dll
NY -> oifhhio.dll -> %SystemRoot%\System32\oifhhio.dll
NY -> oipa.dll -> %SystemRoot%\System32\oipa.dll
NY -> oo4.dll -> %SystemRoot%\System32\oo4.dll
NY -> opc.dll -> %SystemRoot%\System32\opc.dll
NY -> optserve.dll -> %SystemRoot%\System32\optserve.dll
NY -> optserve.exe -> %SystemRoot%\System32\optserve.exe
NY -> osalogbe.exe -> %SystemRoot%\System32\osalogbe.exe
NY -> otw0i.dll -> %SystemRoot%\System32\otw0i.dll
NY -> patch31345.exe -> %SystemRoot%\System32\patch31345.exe
NY -> pavb1u2.exe -> %SystemRoot%\System32\pavb1u2.exe
NY -> pdfzzy.dll -> %SystemRoot%\System32\pdfzzy.dll
NY -> pdx.dll -> %SystemRoot%\System32\pdx.dll
NY -> per.exe -> %SystemRoot%\System32\per.exe
NY -> phantom.exe -> %SystemRoot%\System32\phantom.exe
NY -> picx.exe -> %SystemRoot%\System32\picx.exe
NY -> plugnplay32.exe -> %SystemRoot%\System32\plugnplay32.exe
NY -> pnkeb.dll -> %SystemRoot%\System32\pnkeb.dll
NY -> pnp.exe -> %SystemRoot%\System32\pnp.exe
NY -> poller.exe -> %SystemRoot%\System32\poller.exe
NY -> pptp16.dll -> %SystemRoot%\System32\pptp16.dll
NY -> pptp24.sys -> %SystemRoot%\System32\pptp24.sys
NY -> pptp32.dll -> %SystemRoot%\System32\pptp32.dll
NY -> ppts16.dll -> %SystemRoot%\System32\ppts16.dll
NY -> pqhelper.dll -> %SystemRoot%\System32\pqhelper.dll
NY -> preload.ocx -> %SystemRoot%\System32\preload.ocx
NY -> protection.exe -> %SystemRoot%\System32\protection.exe
NY -> prutpct.exe -> %SystemRoot%\System32\prutpct.exe
NY -> prutsct.exe -> %SystemRoot%\System32\prutsct.exe
NY -> pruttct.exe -> %SystemRoot%\System32\pruttct.exe
NY -> ptech.exe -> %SystemRoot%\System32\ptech.exe
NY -> pup.exe -> %SystemRoot%\System32\pup.exe
NY -> qdvtscf.dll -> %SystemRoot%\System32\qdvtscf.dll
NY -> qo.dll -> %SystemRoot%\System32\qo.dll
NY -> qo.sys -> %SystemRoot%\System32\qo.sys
NY -> quicklaunchie.dll -> %SystemRoot%\System32\quicklaunchie.dll
NY -> qy.sys -> %SystemRoot%\System32\qy.sys
NY -> qz.dll -> %SystemRoot%\System32\qz.dll
NY -> qz.sys -> %SystemRoot%\System32\qz.sys
NY -> randreco.exe -> %SystemRoot%\System32\randreco.exe
NY -> rcbdwmpd.dll -> %SystemRoot%\System32\rcbdwmpd.dll
NY -> rdpwmsjt.exe -> %SystemRoot%\System32\rdpwmsjt.exe
NY -> reg2.exe -> %SystemRoot%\System32\reg2.exe
NY -> regp32.dll -> %SystemRoot%\System32\regp32.dll
NY -> regperf.exe -> %SystemRoot%\System32\regperf.exe
NY -> regsvc32.exe -> %SystemRoot%\System32\regsvc32.exe
NY -> rem00001.dll -> %SystemRoot%\System32\rem00001.dll
NY -> replmap.dll -> %SystemRoot%\System32\replmap.dll
NY -> re_file.exe -> %SystemRoot%\System32\re_file.exe
NY -> rkinstaller.exe -> %SystemRoot%\System32\rkinstaller.exe
NY -> rlvknlg.exe -> %SystemRoot%\System32\rlvknlg.exe
NY -> rmashlex.dll -> %SystemRoot%\System32\rmashlex.dll
NY -> rsp.dll -> %SystemRoot%\System32\rsp.dll
NY -> rsp001.dll -> %SystemRoot%\System32\rsp001.dll
NY -> rsstoolbar.dll -> %SystemRoot%\System32\rsstoolbar.dll
NY -> rulesak.dll -> %SystemRoot%\System32\rulesak.dll
NY -> rundll.exe -> %SystemRoot%\System32\rundll.exe
NY -> rundll16.dll -> %SystemRoot%\System32\rundll16.dll
NY -> rundnm.exe -> %SystemRoot%\System32\rundnm.exe
NY -> rvreg.exe -> %SystemRoot%\System32\rvreg.exe
NY -> s4helper.dll -> %SystemRoot%\System32\s4helper.dll
NY -> sbus.dll -> %SystemRoot%\System32\sbus.dll
NY -> scalpe91.exe -> %SystemRoot%\System32\scalpe91.exe
NY -> scp3jgaw.dll -> %SystemRoot%\System32\scp3jgaw.dll
NY -> scrigz.exe -> %SystemRoot%\System32\scrigz.exe
NY -> sd.exe -> %SystemRoot%\System32\sd.exe
NY -> sd16win.dll -> %SystemRoot%\System32\sd16win.dll
NY -> sdkdh.exe -> %SystemRoot%\System32\sdkdh.exe
NY -> sdkhb32.exe -> %SystemRoot%\System32\sdkhb32.exe
NY -> sdkly.exe -> %SystemRoot%\System32\sdkly.exe
NY -> sdmapi.sys -> %SystemRoot%\System32\sdmapi.sys
NY -> seantb.dll -> %SystemRoot%\System32\seantb.dll
NY -> searchaddon.dll -> %SystemRoot%\System32\searchaddon.dll
NY -> searchsquire.dll -> %SystemRoot%\System32\searchsquire.dll
NY -> searchsquire2.dll -> %SystemRoot%\System32\searchsquire2.dll
NY -> searchsquire3.dll -> %SystemRoot%\System32\searchsquire3.dll
NY -> searchsquire33.dll -> %SystemRoot%\System32\searchsquire33.dll
NY -> searchupdate31.exe -> %SystemRoot%\System32\searchupdate31.exe
NY -> searchupdate33.exe -> %SystemRoot%\System32\searchupdate33.exe
NY -> secumsje.exe -> %SystemRoot%\System32\secumsje.exe
NY -> sed.exe -> %SystemRoot%\System32\sed.exe
NY -> semd32.dll -> %SystemRoot%\System32\semd32.dll
NY -> seqsb.dll -> %SystemRoot%\System32\seqsb.dll
NY -> sertgs.dll -> %SystemRoot%\System32\sertgs.dll
NY -> servehost.exe -> %SystemRoot%\System32\servehost.exe
NY -> service5.exe -> %SystemRoot%\System32\service5.exe
NY -> services -> %SystemRoot%\System32\services
NY -> servises.exe -> %SystemRoot%\System32\servises.exe
NY -> shell.exe -> %SystemRoot%\System32\shell.exe
NY -> shfoxpob.exe -> %SystemRoot%\System32\shfoxpob.exe
NY -> shnlog.exe -> %SystemRoot%\System32\shnlog.exe
NY -> sksdrvr2.sys -> %SystemRoot%\System32\sksdrvr2.sys
NY -> skybot.exe -> %SystemRoot%\System32\skybot.exe
NY -> skytown.exe -> %SystemRoot%\System32\skytown.exe
NY -> skyx16.dll -> %SystemRoot%\System32\skyx16.dll
NY -> slbipsch.dll -> %SystemRoot%\System32\slbipsch.dll
NY -> slbipsch.exe -> %SystemRoot%\System32\slbipsch.exe
NY -> slbrmqtr.exe -> %SystemRoot%\System32\slbrmqtr.exe
NY -> slpube03.dll -> %SystemRoot%\System32\slpube03.dll
NY -> smdnn05.dll -> %SystemRoot%\System32\smdnn05.dll
NY -> smtapi.sys -> %SystemRoot%\System32\smtapi.sys
NY -> snda32.dll -> %SystemRoot%\System32\snda32.dll
NY -> sndu32.dll -> %SystemRoot%\System32\sndu32.dll
NY -> snmpmssw.exe -> %SystemRoot%\System32\snmpmssw.exe
NY -> socul.dll -> %SystemRoot%\System32\socul.dll
NY -> sodahk.dll -> %SystemRoot%\System32\sodahk.dll
NY -> somatic.dll -> %SystemRoot%\System32\somatic.dll
NY -> sp2fx.exe -> %SystemRoot%\System32\sp2fx.exe
NY -> sp2winfix.exe -> %SystemRoot%\System32\sp2winfix.exe
NY -> speeder.exe -> %SystemRoot%\System32\speeder.exe
NY -> spwgoc.exe -> %SystemRoot%\System32\spwgoc.exe
NY -> sqlbgb.dll -> %SystemRoot%\System32\sqlbgb.dll
NY -> ss.dll -> %SystemRoot%\System32\ss.dll
NY -> ss32.dll -> %SystemRoot%\System32\ss32.dll
NY -> stagmr.exe -> %SystemRoot%\System32\stagmr.exe
NY -> stcloader.exe -> %SystemRoot%\System32\stcloader.exe
NY -> stlbad123.dll -> %SystemRoot%\System32\stlbad123.dll
NY -> stlbdist.dll -> %SystemRoot%\System32\stlbdist.dll
NY -> stlbupdt.dll -> %SystemRoot%\System32\stlbupdt.dll
NY -> stmtreco.exe -> %SystemRoot%\System32\stmtreco.exe
NY -> submithook.dll -> %SystemRoot%\System32\submithook.dll
NY -> support.exe -> %SystemRoot%\System32\support.exe
NY -> susp_reco.exe -> %SystemRoot%\System32\susp_reco.exe
NY -> svjvpn.sys -> %SystemRoot%\System32\svjvpn.sys
NY -> svkvpn.dll -> %SystemRoot%\System32\svkvpn.dll
NY -> svkvpn.sys -> %SystemRoot%\System32\svkvpn.sys
NY -> sword.exe -> %SystemRoot%\System32\sword.exe
NY -> sysconf.exe -> %SystemRoot%\System32\sysconf.exe
NY -> sysdll32.dll -> %SystemRoot%\System32\sysdll32.dll
NY -> sysldr.dll -> %SystemRoot%\System32\sysldr.dll
NY -> sysmonnt.exe -> %SystemRoot%\System32\sysmonnt.exe
NY -> systemout.exe -> %SystemRoot%\System32\systemout.exe
NY -> sys_ext.dll -> %SystemRoot%\System32\sys_ext.dll
NY -> sys_xp.exe -> %SystemRoot%\System32\sys_xp.exe
NY -> sys_xp.exeopen -> %SystemRoot%\System32\sys_xp.exeopen
NY -> s

#21
kingviper

Posted 23 March 2008 - 10:10 AM

Member

Topic Starter
Member
37 posts

Here is the kill log: I will reboot and run OTSSCAN again and post that log in a few.

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
File C:\WINDOWS\system32\0.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial deleted successfully.
File C:\WINDOWS\system32\0.exe not found.
[Files/Folders - Created Within 90 days]
C:\bde moved successfully.
C:\e2g moved successfully.
C:\hellmsn.exe folder moved successfully.
C:\spedia moved successfully.
C:\Start_.cmd moved successfully.
C:\temp_kl moved successfully.
C:\WINDOWSupdate moved successfully.
C:\winssystem.exe folder moved successfully.
C:\WINDOWS\System32\0.exe folder moved successfully.
C:\WINDOWS\System32\007guard.exe folder moved successfully.
C:\WINDOWS\System32\1.00.07.dll folder moved successfully.
C:\WINDOWS\System32\1hellbot.exe folder moved successfully.
C:\WINDOWS\System32\2020search.dll folder moved successfully.
C:\WINDOWS\System32\2020search2.dll folder moved successfully.
C:\WINDOWS\System32\2ndsrch.dll folder moved successfully.
C:\WINDOWS\System32\2searchinstaller.exe folder moved successfully.
C:\WINDOWS\System32\2_0_1browserhelper2.dll folder moved successfully.
C:\WINDOWS\System32\3_0_1browserhelper3.dll folder moved successfully.
C:\WINDOWS\System32\4ccc3cea.exe folder moved successfully.
C:\WINDOWS\System32\5_0_1browserhelper5.dll folder moved successfully.
C:\WINDOWS\System32\666.exe folder moved successfully.
C:\WINDOWS\System32\7search.dll folder moved successfully.
C:\WINDOWS\System32\a.exe folder moved successfully.
C:\WINDOWS\System32\abeb.dll folder moved successfully.
C:\WINDOWS\System32\abs.exe folder moved successfully.
C:\WINDOWS\System32\absnro.dll folder moved successfully.
C:\WINDOWS\System32\acd.dll folder moved successfully.
C:\WINDOWS\System32\actidmoc.exe folder moved successfully.
C:\WINDOWS\System32\adcache moved successfully.
C:\WINDOWS\System32\adchkr.exe folder moved successfully.
C:\WINDOWS\System32\adddx.dll folder moved successfully.
C:\WINDOWS\System32\addgp32.exe folder moved successfully.
C:\WINDOWS\System32\addwh32.exe folder moved successfully.
C:\WINDOWS\System32\adimage.dll folder moved successfully.
C:\WINDOWS\System32\admeiolo.dll folder moved successfully.
C:\WINDOWS\System32\adv.dll folder moved successfully.
C:\WINDOWS\System32\advert.dll folder moved successfully.
C:\WINDOWS\System32\advertcontrolxcontrol.ocx folder moved successfully.
C:\WINDOWS\System32\aess2.dll folder moved successfully.
C:\WINDOWS\System32\amcis.dll folder moved successfully.
C:\WINDOWS\System32\amcis2.dll folder moved successfully.
C:\WINDOWS\System32\amcis3.dll folder moved successfully.
C:\WINDOWS\System32\anaamon.dll folder moved successfully.
C:\WINDOWS\System32\anadsc.ocx folder moved successfully.
C:\WINDOWS\System32\anadscb.ocx folder moved successfully.
C:\WINDOWS\System32\angelex.exe folder moved successfully.
C:\WINDOWS\System32\anti_troj.exe folder moved successfully.
C:\WINDOWS\System32\apica.exe folder moved successfully.
C:\WINDOWS\System32\apioe.exe folder moved successfully.
C:\WINDOWS\System32\apivy.exe folder moved successfully.
C:\WINDOWS\System32\aplsp.dll folder moved successfully.
C:\WINDOWS\System32\appio.exe folder moved successfully.
C:\WINDOWS\System32\appis32.exe folder moved successfully.
C:\WINDOWS\System32\appjc32.exe folder moved successfully.
C:\WINDOWS\System32\appoe32.exe folder moved successfully.
C:\WINDOWS\System32\arb1tal.dll folder moved successfully.
C:\WINDOWS\System32\askearth17.exe folder moved successfully.
C:\WINDOWS\System32\ast.exe folder moved successfully.
C:\WINDOWS\System32\astctl32.dll folder moved successfully.
C:\WINDOWS\System32\astctl32.ocx folder moved successfully.
C:\WINDOWS\System32\atlhy.exe folder moved successfully.
C:\WINDOWS\System32\atlkt32.exe folder moved successfully.
C:\WINDOWS\System32\atlpv32.exe folder moved successfully.
C:\WINDOWS\System32\atpartners.dll folder moved successfully.
C:\WINDOWS\System32\auole4.dll folder moved successfully.
C:\WINDOWS\System32\aupdate.exe folder moved successfully.
C:\WINDOWS\System32\aupdate_uninstall.exe folder moved successfully.
C:\WINDOWS\System32\autosearch.dll folder moved successfully.
C:\WINDOWS\System32\avifipxr.dll folder moved successfully.
C:\WINDOWS\System32\avpcc.dll folder moved successfully.
C:\WINDOWS\System32\avpi32.dll folder moved successfully.
C:\WINDOWS\System32\avpp32.dll folder moved successfully.
C:\WINDOWS\System32\avpr.exe folder moved successfully.
C:\WINDOWS\System32\avpx32.dll folder moved successfully.
C:\WINDOWS\System32\avpx32.sys folder moved successfully.
C:\WINDOWS\System32\avpx64.sys folder moved successfully.
C:\WINDOWS\System32\axconfig.dll folder moved successfully.
C:\WINDOWS\System32\axxt32.dll folder moved successfully.
C:\WINDOWS\System32\barbho.dll folder moved successfully.
C:\WINDOWS\System32\bawindo.exe folder moved successfully.
C:\WINDOWS\System32\bawindo.exeopen folder moved successfully.
C:\WINDOWS\System32\bawindo.exeopenopen folder moved successfully.
C:\WINDOWS\System32\bbchk.exe folder moved successfully.
C:\WINDOWS\System32\bdedata2.dll folder moved successfully.
C:\WINDOWS\System32\bdedownloader.dll folder moved successfully.
C:\WINDOWS\System32\bdefdi.dll folder moved successfully.
C:\WINDOWS\System32\bdeinsta2.dll folder moved successfully.
C:\WINDOWS\System32\bdeinstall.exe folder moved successfully.
C:\WINDOWS\System32\bdesecureinstall.cab folder moved successfully.
C:\WINDOWS\System32\bdesecureinstall.exe folder moved successfully.
C:\WINDOWS\System32\bdeverify.dll folder moved successfully.
C:\WINDOWS\System32\bdle4012.exe folder moved successfully.
C:\WINDOWS\System32\belop.dll folder moved successfully.
C:\WINDOWS\System32\bho001.dll folder moved successfully.
C:\WINDOWS\System32\bik.exe folder moved successfully.
C:\WINDOWS\System32\bkmsf32.dat folder moved successfully.
C:\WINDOWS\System32\bmeb.dll folder moved successfully.
C:\WINDOWS\System32\bmtdhh.dll folder moved successfully.
C:\WINDOWS\System32\boot32.sys folder moved successfully.
C:\WINDOWS\System32\botzor.exe folder moved successfully.
C:\WINDOWS\System32\bpln.dll folder moved successfully.
C:\WINDOWS\System32\bpv1a.dll folder moved successfully.
C:\WINDOWS\System32\bpv2s.dll folder moved successfully.
C:\WINDOWS\System32\bpv2t.dll folder moved successfully.
C:\WINDOWS\System32\bridge.dll folder moved successfully.
C:\WINDOWS\System32\broweraidtoolbar.dll folder moved successfully.
C:\WINDOWS\System32\brwconf.exe folder moved successfully.
C:\WINDOWS\System32\brwmgr32.dll folder moved successfully.
C:\WINDOWS\System32\brwperf.exe folder moved successfully.
C:\WINDOWS\System32\brwprf32.dll folder moved successfully.
C:\WINDOWS\System32\brwstat.dll folder moved successfully.
C:\WINDOWS\System32\bs2.dll folder moved successfully.
C:\WINDOWS\System32\bs3.dll folder moved successfully.
C:\WINDOWS\System32\bsx5.dll folder moved successfully.
C:\WINDOWS\System32\btiein.dll folder moved successfully.
C:\WINDOWS\System32\bundler_mpb_sb.exe folder moved successfully.
C:\WINDOWS\System32\bxsx5.dll folder moved successfully.
C:\WINDOWS\System32\bxxs5.dll folder moved successfully.
C:\WINDOWS\System32\c3.dll folder moved successfully.
C:\WINDOWS\System32\c3.sys folder moved successfully.
C:\WINDOWS\System32\c4.sys folder moved successfully.
C:\WINDOWS\System32\calsp.dll folder moved successfully.
C:\WINDOWS\System32\camodpnm.exe folder moved successfully.
C:\WINDOWS\System32\casldr.dll folder moved successfully.
C:\WINDOWS\System32\ccsrs.exe folder moved successfully.
C:\WINDOWS\System32\cdlsp.dll folder moved successfully.
C:\WINDOWS\System32\cdsync.dll folder moved successfully.
C:\WINDOWS\System32\cd_clint.exe folder moved successfully.
C:\WINDOWS\System32\cd_gif.dll folder moved successfully.
C:\WINDOWS\System32\cd_htm.dll folder moved successfully.
C:\WINDOWS\System32\cd_load.exe folder moved successfully.
C:\WINDOWS\System32\cd_swf.dll folder moved successfully.
C:\WINDOWS\System32\cert32.dll folder moved successfully.
C:\WINDOWS\System32\chgrgs.dll folder moved successfully.
C:\WINDOWS\System32\chkmfdep.exe folder moved successfully.
C:\WINDOWS\System32\cidrules.dll folder moved successfully.
C:\WINDOWS\System32\cm.dll folder moved successfully.
C:\WINDOWS\System32\comload.dll folder moved successfully.
C:\WINDOWS\System32\comploader.dll folder moved successfully.
C:\WINDOWS\System32\comrkbdd.exe folder moved successfully.
C:\WINDOWS\System32\confbrw.dll folder moved successfully.
C:\WINDOWS\System32\coolbot.exe folder moved successfully.
C:\WINDOWS\System32\coolwebsearch-info.dll folder moved successfully.
C:\WINDOWS\System32\crby32.exe folder moved successfully.
C:\WINDOWS\System32\crcz.exe folder moved successfully.
C:\WINDOWS\System32\criticalupdater.exe folder moved successfully.
C:\WINDOWS\System32\crko.exe folder moved successfully.
C:\WINDOWS\System32\crocopop32.exe folder moved successfully.
C:\WINDOWS\System32\crsw32.exe folder moved successfully.
C:\WINDOWS\System32\crxa.exe folder moved successfully.
C:\WINDOWS\System32\csie.dll folder moved successfully.
C:\WINDOWS\System32\csm.exe folder moved successfully.
C:\WINDOWS\System32\ctbhooks.dll folder moved successfully.
C:\WINDOWS\System32\ctf moved successfully.
C:\WINDOWS\System32\ctfmon32.exe folder moved successfully.
C:\WINDOWS\System32\ctrlpan.dll folder moved successfully.
C:\WINDOWS\System32\customtoolbar.dll folder moved successfully.
C:\WINDOWS\System32\cz.dll folder moved successfully.
C:\WINDOWS\System32\d3fm.exe folder moved successfully.
C:\WINDOWS\System32\d3gj.exe folder moved successfully.
C:\WINDOWS\System32\d3ul32.exe folder moved successfully.
C:\WINDOWS\System32\dad.bat folder moved successfully.
C:\WINDOWS\System32\davctool.dll folder moved successfully.
C:\WINDOWS\System32\davctool.exe folder moved successfully.
C:\WINDOWS\System32\dcomcfg.exe folder moved successfully.
C:\WINDOWS\System32\dcomuser.exe folder moved successfully.
C:\WINDOWS\System32\ddemdmco.dll folder moved successfully.
C:\WINDOWS\System32\debugg.dll folder moved successfully.
C:\WINDOWS\System32\delj.dll folder moved successfully.
C:\WINDOWS\System32\deltaclick.dll folder moved successfully.
C:\WINDOWS\System32\deskmcd3.dll folder moved successfully.
C:\WINDOWS\System32\dfe1.exe folder moved successfully.
C:\WINDOWS\System32\dfrgsrv.exe folder moved successfully.
C:\WINDOWS\System32\df_kme.exe folder moved successfully.
C:\WINDOWS\System32\dhcp32 moved successfully.
C:\WINDOWS\System32\dhtmlaccess.dll folder moved successfully.
C:\WINDOWS\System32\diabolo.exe folder moved successfully.
C:\WINDOWS\System32\dialeroffline.dll folder moved successfully.
C:\WINDOWS\System32\disable.dll folder moved successfully.
C:\WINDOWS\System32\disable1.dll folder moved successfully.
C:\WINDOWS\System32\dlgli.exe folder moved successfully.
C:\WINDOWS\System32\dlh0st.dll folder moved successfully.
C:\WINDOWS\System32\dnse.dll folder moved successfully.
C:\WINDOWS\System32\dnserr.dll folder moved successfully.
C:\WINDOWS\System32\dnsrelay.dll folder moved successfully.
C:\WINDOWS\System32\dnsrxpob.exe folder moved successfully.
C:\WINDOWS\System32\dolsp.dll folder moved successfully.
C:\WINDOWS\System32\doriot.exe folder moved successfully.
C:\WINDOWS\System32\dpugmswe.dll folder moved successfully.
C:\WINDOWS\System32\draw32.dll folder moved successfully.
C:\WINDOWS\System32\drbr.dll folder moved successfully.
C:\WINDOWS\System32\drct16.dll folder moved successfully.
C:\WINDOWS\System32\dreampopper.dll folder moved successfully.
C:\WINDOWS\System32\dreplace.dll folder moved successfully.
C:\WINDOWS\System32\drpmon.dll folder moved successfully.
C:\WINDOWS\System32\drvddll.exe folder moved successfully.
C:\WINDOWS\System32\drvddll.exeopen folder moved successfully.
C:\WINDOWS\System32\drvddll.exeopenopen folder moved successfully.
C:\WINDOWS\System32\ds.exe folder moved successfully.
C:\WINDOWS\System32\dsseds32.dll folder moved successfully.
C:\WINDOWS\System32\dsseds32.exe folder moved successfully.
C:\WINDOWS\System32\duel.exe folder moved successfully.
C:\WINDOWS\System32\dumphive.exe moved successfully.
C:\WINDOWS\System32\dvb03a.dll folder moved successfully.
C:\WINDOWS\System32\dvb03a.sys folder moved successfully.
C:\WINDOWS\System32\dvb06a.sys folder moved successfully.
C:\WINDOWS\System32\dxm8vb.dll folder moved successfully.
C:\WINDOWS\System32\dxmpp.dll folder moved successfully.
C:\WINDOWS\System32\dxtpdx.dll folder moved successfully.
C:\WINDOWS\System32\easywww.exe folder moved successfully.
C:\WINDOWS\System32\easywww2.exe folder moved successfully.
C:\WINDOWS\System32\easywww3.exe folder moved successfully.
C:\WINDOWS\System32\eetvpn.dll folder moved successfully.
C:\WINDOWS\System32\eetvpn.sys folder moved successfully.
C:\WINDOWS\System32\eexvpn.sys folder moved successfully.
C:\WINDOWS\System32\egdhtml_1023.dll folder moved successfully.
C:\WINDOWS\System32\egdhtml_1024.dll folder moved successfully.
C:\WINDOWS\System32\egdhtml_1025.dll folder moved successfully.
C:\WINDOWS\System32\egdhtml_1026.dll folder moved successfully.
C:\WINDOWS\System32\egdhtml_1027.dll folder moved successfully.
C:\WINDOWS\System32\egdial.dll folder moved successfully.
C:\WINDOWS\System32\eghtmldialer.dll folder moved successfully.
C:\WINDOWS\System32\ei.exe folder moved successfully.
C:\WINDOWS\System32\emesx.dll folder moved successfully.
C:\WINDOWS\System32\eros.exe folder moved successfully.
C:\WINDOWS\System32\estartlinkrotater.exe folder moved successfully.
C:\WINDOWS\System32\evil.exe folder moved successfully.
C:\WINDOWS\System32\excel10.dll folder moved successfully.
C:\WINDOWS\System32\exclean.exe folder moved successfully.
C:\WINDOWS\System32\exdl.exe folder moved successfully.
C:\WINDOWS\System32\exdl0.exe folder moved successfully.
C:\WINDOWS\System32\exdl1.exe folder moved successfully.
C:\WINDOWS\System32\exdl2.exe folder moved successfully.
C:\WINDOWS\System32\exdl3.exe folder moved successfully.
C:\WINDOWS\System32\exefld moved successfully.
C:\WINDOWS\System32\expext.dll folder moved successfully.
C:\WINDOWS\System32\expup.exe folder moved successfully.
C:\WINDOWS\System32\exul.exe folder moved successfully.
C:\WINDOWS\System32\exul1.exe folder moved successfully.
C:\WINDOWS\System32\exul3.exe folder moved successfully.
C:\WINDOWS\System32\ezpopstub.exe folder moved successfully.
C:\WINDOWS\System32\ezxiiyv.exe folder moved successfully.
C:\WINDOWS\System32\f0r0r moved successfully.
C:\WINDOWS\System32\f1.dll folder moved successfully.
C:\WINDOWS\System32\famcff.dll folder moved successfully.
C:\WINDOWS\System32\farmmext.exe folder moved successfully.
C:\WINDOWS\System32\fastseekertoolbar.dll folder moved successfully.
C:\WINDOWS\System32\favboot.dll folder moved successfully.
C:\WINDOWS\System32\favman.dll folder moved successfully.
C:\WINDOWS\System32\favorite.dll folder moved successfully.
C:\WINDOWS\System32\fcyberalert moved successfully.
C:\WINDOWS\System32\fdsv.exe moved successfully.
C:\WINDOWS\System32\feeds moved successfully.
C:\WINDOWS\System32\filekiller.dll folder moved successfully.
C:\WINDOWS\System32\fileserv.dll folder moved successfully.
C:\WINDOWS\System32\filgmo.exe folder moved successfully.
C:\WINDOWS\System32\fixupdattr.exe folder moved successfully.
C:\WINDOWS\System32\fk.dll folder moved successfully.
C:\WINDOWS\System32\flcp.dll folder moved successfully.
C:\WINDOWS\System32\flt.dll folder moved successfully.
C:\WINDOWS\System32\fltlauto.exe folder moved successfully.
C:\WINDOWS\System32\fone.dll folder moved successfully.
C:\WINDOWS\System32\ftapp.dll folder moved successfully.
C:\WINDOWS\System32\[bleep].exe folder moved successfully.
C:\WINDOWS\System32\fuxx32.dll folder moved successfully.
C:\WINDOWS\System32\fwntoolbar.dll folder moved successfully.
C:\WINDOWS\System32\game1.exe folder moved successfully.
C:\WINDOWS\System32\game2.exe folder moved successfully.
C:\WINDOWS\System32\game3.exe folder moved successfully.
C:\WINDOWS\System32\gcasctrl.exe folder moved successfully.
C:\WINDOWS\System32\gdu.dll folder moved successfully.
C:\WINDOWS\System32\gegnba.dll folder moved successfully.
C:\WINDOWS\System32\gejafa.dll folder moved successfully.
C:\WINDOWS\System32\ginuerep.dll folder moved successfully.
C:\WINDOWS\System32\gln.dll folder moved successfully.
C:\WINDOWS\System32\gold2.dll folder moved successfully.
C:\WINDOWS\System32\google.png.exe folder moved successfully.
C:\WINDOWS\System32\googlems.dll folder moved successfully.
C:\WINDOWS\System32\gothica.exe folder moved successfully.
C:\WINDOWS\System32\goupdate.exe folder moved successfully.
C:\WINDOWS\System32\gr02.dll folder moved successfully.
C:\WINDOWS\System32\gsim.dll folder moved successfully.
C:\WINDOWS\System32\gws.dll folder moved successfully.
C:\WINDOWS\System32\hbmail.exe folder moved successfully.
C:\WINDOWS\System32\hhselz32.dll folder moved successfully.
C:\WINDOWS\System32\higehsg.dll folder moved successfully.
C:\WINDOWS\System32\highlighthelper.dll folder moved successfully.
C:\WINDOWS\System32\hldrrr.exe folder moved successfully.
C:\WINDOWS\System32\hlmk.dll folder moved successfully.
C:\WINDOWS\System32\hm.sys folder moved successfully.
C:\WINDOWS\System32\hmepge.dll folder moved successfully.
C:\WINDOWS\System32\homepage.dll folder moved successfully.
C:\WINDOWS\System32\hook1.dll folder moved successfully.
C:\WINDOWS\System32\hook2.dll folder moved successfully.
C:\WINDOWS\System32\hookpopup.dll folder moved successfully.
C:\WINDOWS\System32\host.dll folder moved successfully.
C:\WINDOWS\System32\hostdrvxp.exe folder moved successfully.
C:\WINDOWS\System32\hotlink.dll folder moved successfully.
C:\WINDOWS\System32\htmdeng.exe folder moved successfully.
C:\WINDOWS\System32\httper.dll folder moved successfully.
C:\WINDOWS\System32\hz.dll folder moved successfully.
C:\WINDOWS\System32\i4n27vl.exe folder moved successfully.
C:\WINDOWS\System32\ia.dll folder moved successfully.
C:\WINDOWS\System32\iaspdpus.dll folder moved successfully.
C:\WINDOWS\System32\icmpdx3j.dll folder moved successfully.
C:\WINDOWS\System32\ide moved successfully.
C:\WINDOWS\System32\idleui.dll folder moved successfully.
C:\WINDOWS\System32\ie.dll folder moved successfully.
C:\WINDOWS\System32\ieaccess2.dll folder moved successfully.
C:\WINDOWS\System32\iebhos.dll folder moved successfully.
C:\WINDOWS\System32\iebrw.dll folder moved successfully.
C:\WINDOWS\System32\IEDFix.exe moved successfully.
C:\WINDOWS\System32\iedriver moved successfully.
C:\WINDOWS\System32\iefeatsl.dll folder moved successfully.
C:\WINDOWS\System32\iefeatures.exe folder moved successfully.
C:\WINDOWS\System32\iefeaturesversion.exe folder moved successfully.
C:\WINDOWS\System32\iefi.exe folder moved successfully.
C:\WINDOWS\System32\iefy.exe folder moved successfully.
C:\WINDOWS\System32\iehook.dll folder moved successfully.
C:\WINDOWS\System32\iehost.exe folder moved successfully.
C:\WINDOWS\System32\iehost34.exe folder moved successfully.
C:\WINDOWS\System32\iemonit.dll folder moved successfully.
C:\WINDOWS\System32\iemsg.dll folder moved successfully.
C:\WINDOWS\System32\iesearchbar.dll folder moved successfully.
C:\WINDOWS\System32\ietie.dll folder moved successfully.
C:\WINDOWS\System32\ietoolbar.dll folder moved successfully.
C:\WINDOWS\System32\ieug32.exe folder moved successfully.
C:\WINDOWS\System32\iewe32.exe folder moved successfully.
C:\WINDOWS\System32\iexplorr11.dll folder moved successfully.
C:\WINDOWS\System32\iexplorr22.dll folder moved successfully.
C:\WINDOWS\System32\iexplorr23.dll folder moved successfully.
C:\WINDOWS\System32\iexplorr24.dll folder moved successfully.
C:\WINDOWS\System32\iexplorr25.dll folder moved successfully.
C:\WINDOWS\System32\iexplorr26.dll folder moved successfully.
C:\WINDOWS\System32\iexplorr27.dll folder moved successfully.
C:\WINDOWS\System32\ie_clrsch.dll folder moved successfully.
C:\WINDOWS\System32\ifhelper.dll folder moved successfully.
C:\WINDOWS\System32\ifsomatic.dll folder moved successfully.
C:\WINDOWS\System32\im64.dll folder moved successfully.
C:\WINDOWS\System32\imesrdch.exe folder moved successfully.
C:\WINDOWS\System32\imgiant.dll folder moved successfully.
C:\WINDOWS\System32\in10b6s.dll folder moved successfully.
C:\WINDOWS\System32\ineb.dll folder moved successfully.
C:\WINDOWS\System32\inetp60.dll folder moved successfully.
C:\WINDOWS\System32\iniwin32.dll folder moved successfully.
C:\WINDOWS\System32\install_all.dll folder moved successfully.
C:\WINDOWS\System32\instsrv.exe folder moved successfully.
C:\WINDOWS\System32\internetfeatures.exe folder moved successfully.
C:\WINDOWS\System32\intfaxui.exe folder moved successfully.
C:\WINDOWS\System32\intmon.exe folder moved successfully.
C:\WINDOWS\System32\ipcclient.dll folder moved successfully.
C:\WINDOWS\System32\ipclient.dll folder moved successfully.
C:\WINDOWS\System32\ipgs.exe folder moved successfully.
C:\WINDOWS\System32\iphj32.exe folder moved successfully.
C:\WINDOWS\System32\ippy.exe folder moved successfully.
C:\WINDOWS\System32\ipst32.exe folder moved successfully.
C:\WINDOWS\System32\ipxrmfc4.dll folder moved successfully.
C:\WINDOWS\System32\ipxwshel.exe folder moved successfully.
C:\WINDOWS\System32\ir32racp.exe folder moved successfully.
C:\WINDOWS\System32\ishost.exe folder moved successfully.
C:\WINDOWS\System32\ismon.exe folder moved successfully.
C:\WINDOWS\System32\isnotify.exe folder moved successfully.
C:\WINDOWS\System32\issearch.exe folder moved successfully.
C:\WINDOWS\System32\itunegui.exe folder moved successfully.
C:\WINDOWS\System32\iuennwcf.dll folder moved successfully.
C:\WINDOWS\System32\javex80.vxd folder moved successfully.
C:\WINDOWS\System32\javexulm.vxd folder moved successfully.
C:\WINDOWS\System32\jehmbyxrubdb.dll folder moved successfully.
C:\WINDOWS\System32\jeired.dll folder moved successfully.
C:\WINDOWS\System32\jgdwadsn.dll folder moved successfully.
C:\WINDOWS\System32\jgdwadsn.exe folder moved successfully.
C:\WINDOWS\System32\jgsdrpcn.dll folder moved successfully.
C:\WINDOWS\System32\jgsdrpcn.exe folder moved successfully.
C:\WINDOWS\System32\jsdapi.exe folder moved successfully.
C:\WINDOWS\System32\kbdfwshe.exe folder moved successfully.
C:\WINDOWS\System32\kbdpkbdr.exe folder moved successfully.
C:\WINDOWS\System32\keyactivex.ocx folder moved successfully.
C:\WINDOWS\System32\keyhost.exe folder moved successfully.
C:\WINDOWS\System32\keymap.dll folder moved successfully.
C:\WINDOWS\System32\kha.dll folder moved successfully.
C:\WINDOWS\System32\klo5.sys folder moved successfully.
C:\WINDOWS\System32\kncjmlb.dll folder moved successfully.
C:\WINDOWS\System32\ladchkr.exe folder moved successfully.
C:\WINDOWS\System32\lanh32.dll folder moved successfully.
C:\WINDOWS\System32\lanmui.dll folder moved successfully.
C:\WINDOWS\System32\laziqn.exe folder moved successfully.
C:\WINDOWS\System32\lcch.dat folder moved successfully.
C:\WINDOWS\System32\lcd32.exe folder moved successfully.
C:\WINDOWS\System32\lien van de kelder.exe folder moved successfully.
C:\WINDOWS\System32\lien Van de kelderrr.exe folder moved successfully.
C:\WINDOWS\System32\lien vande kelder.exe folder moved successfully.
C:\WINDOWS\System32\lien vd kelder.exe folder moved successfully.
C:\WINDOWS\System32\lientjeuh.exe folder moved successfully.
C:\WINDOWS\System32\lienvandekelder.exe folder moved successfully.
C:\WINDOWS\System32\lienvdk.exe folder moved successfully.
C:\WINDOWS\System32\links.dll folder moved successfully.
C:\WINDOWS\System32\ljjhh.dll folder moved successfully.
C:\WINDOWS\System32\lmrtatkc.dll folder moved successfully.
C:\WINDOWS\System32\ln_reco.exe folder moved successfully.
C:\WINDOWS\System32\loader_name.exe folder moved successfully.
C:\WINDOWS\System32\loader_name.exeopen folder moved successfully.
C:\WINDOWS\System32\loader_name.exeopenopen folder moved successfully.
C:\WINDOWS\System32\localnrd.dll folder moved successfully.
C:\WINDOWS\System32\logic.exe folder moved successfully.
C:\WINDOWS\System32\logitechwls.exe folder moved successfully.
C:\WINDOWS\System32\lp.dll folder moved successfully.
C:\WINDOWS\System32\lp.exe folder moved successfully.
C:\WINDOWS\System32\lspak.dll folder moved successfully.
C:\WINDOWS\System32\lstb4drc.dll folder moved successfully.
C:\WINDOWS\System32\lstb4drc.exe folder moved successfully.
C:\WINDOWS\System32\lut.dat folder moved successfully.
C:\WINDOWS\System32\lwz.dll folder moved successfully.
C:\WINDOWS\System32\madise.dll folder moved successfully.
C:\WINDOWS\System32\mailinfo.exe folder moved successfully.
C:\WINDOWS\System32\mapisvc32.exe folder moved successfully.
C:\WINDOWS\System32\mbr32.dll folder moved successfully.
C:\WINDOWS\System32\mcd3mscm.dll folder moved successfully.
C:\WINDOWS\System32\mcscn.exe folder moved successfully.
C:\WINDOWS\System32\memloader.exe folder moved successfully.
C:\WINDOWS\System32\memlow.sys folder moved successfully.
C:\WINDOWS\System32\messenger.lib.exe folder moved successfully.
C:\WINDOWS\System32\mfcgt32.exe folder moved successfully.
C:\WINDOWS\System32\mfcqc32.exe folder moved successfully.
C:\WINDOWS\System32\mfcuo.exe folder moved successfully.
C:\WINDOWS\System32\mgeekremove.exe folder moved successfully.
C:\WINDOWS\System32\mgmtmtxc.exe folder moved successfully.
C:\WINDOWS\System32\mgs_32.dll folder moved successfully.
C:\WINDOWS\System32\microsystem.exe folder moved successfully.
C:\WINDOWS\System32\microupdate.exe folder moved successfully.
C:\WINDOWS\System32\mid.dll folder moved successfully.
C:\WINDOWS\System32\mmview_101.dll folder moved successfully.
C:\WINDOWS\System32\mmx17g.dll folder moved successfully.
C:\WINDOWS\System32\mmx432.dll folder moved successfully.
C:\WINDOWS\System32\mmx4xt.dll folder moved successfully.
C:\WINDOWS\System32\mmxf32.dll folder moved successfully.
C:\WINDOWS\System32\mmxf64.sys folder moved successfully.
C:\WINDOWS\System32\mouse.exe folder moved successfully.
C:\WINDOWS\System32\mpz300.dll folder moved successfully.
C:\WINDOWS\System32\mqadscp3.exe folder moved successfully.
C:\WINDOWS\System32\mqexdlm.srg folder moved successfully.
C:\WINDOWS\System32\mqoacdmo.dll folder moved successfully.
C:\WINDOWS\System32\mrkscr.exe folder moved successfully.
C:\WINDOWS\System32\MRT.INI moved successfully.
C:\WINDOWS\System32\msa64chk.dll folder moved successfully.
C:\WINDOWS\System32\msafiasn.dll folder moved successfully.
C:\WINDOWS\System32\msapasrc.dll folder moved successfully.
C:\WINDOWS\System32\msbe.dll folder moved successfully.
C:\WINDOWS\System32\mscache.dll folder moved successfully.
C:\WINDOWS\System32\mscb.dll folder moved successfully.
C:\WINDOWS\System32\msccof.exe folder moved successfully.
C:\WINDOWS\System32\mscdka.dll folder moved successfully.
C:\WINDOWS\System32\msconfd.dll folder moved successfully.
C:\WINDOWS\System32\mscornet.exe folder moved successfully.
C:\WINDOWS\System32\mscpbo.exe folder moved successfully.
C:\WINDOWS\System32\msdaim.dll folder moved successfully.
C:\WINDOWS\System32\msdev32.exe folder moved successfully.
C:\WINDOWS\System32\msdlgk.dll folder moved successfully.
C:\WINDOWS\System32\mseclk.dll folder moved successfully.
C:\WINDOWS\System32\msedah.dll folder moved successfully.
C:\WINDOWS\System32\mseffm.dll folder moved successfully.
C:\WINDOWS\System32\msegcompid.dll folder moved successfully.
C:\WINDOWS\System32\mseggrpid.dll folder moved successfully.
C:\WINDOWS\System32\msenfh.dll folder moved successfully.
C:\WINDOWS\System32\msexcred.exe folder moved successfully.
C:\WINDOWS\System32\msexreg.exe folder moved successfully.
C:\WINDOWS\System32\msfaol.dll folder moved successfully.
C:\WINDOWS\System32\msgdmf.exe folder moved successfully.
C:\WINDOWS\System32\msgmr.exe folder moved successfully.
C:\WINDOWS\System32\mshelper.dll folder moved successfully.
C:\WINDOWS\System32\msibkd.dll folder moved successfully.
C:\WINDOWS\System32\msiebho.dll folder moved successfully.
C:\WINDOWS\System32\msiefr40.dll folder moved successfully.
C:\WINDOWS\System32\msiein.dll folder moved successfully.
C:\WINDOWS\System32\msielink.dll folder moved successfully.
C:\WINDOWS\System32\msiesh.dll folder moved successfully.
C:\WINDOWS\System32\msietk1020.dll folder moved successfully.
C:\WINDOWS\System32\msinfosys.dll folder moved successfully.
C:\WINDOWS\System32\msipcsv.exe folder moved successfully.
C:\WINDOWS\System32\msjfbl.dll folder moved successfully.
C:\WINDOWS\System32\mskceo.dll folder moved successfully.
C:\WINDOWS\System32\mskehb.dll folder moved successfully.
C:\WINDOWS\System32\mskhhe.dll folder moved successfully.
C:\WINDOWS\System32\msklive.dll folder moved successfully.
C:\WINDOWS\System32\mskpkc.dll folder moved successfully.
C:\WINDOWS\System32\mslefh.dll folder moved successfully.
C:\WINDOWS\System32\mslsicwd.dll folder moved successfully.
C:\WINDOWS\System32\mslspcg.exe folder moved successfully.
C:\WINDOWS\System32\msmc.exe folder moved successfully.
C:\WINDOWS\System32\msmdld.DLL folder moved successfully.
C:\WINDOWS\System32\msmgrxp.exe folder moved successfully.
C:\WINDOWS\System32\msmm.exe folder moved successfully.
C:\WINDOWS\System32\msnavc32.exe folder moved successfully.
C:\WINDOWS\System32\msncjk.dll folder moved successfully.
C:\WINDOWS\System32\msnkmi.dll folder moved successfully.
C:\WINDOWS\System32\msnl.exe folder moved successfully.
C:\WINDOWS\System32\msnsxole.dll folder moved successfully.
C:\WINDOWS\System32\msnsxole.exe folder moved successfully.
C:\WINDOWS\System32\msobfl.dll folder moved successfully.
C:\WINDOWS\System32\msongn.exe folder moved successfully.
C:\WINDOWS\System32\msph32.exe folder moved successfully.
C:\WINDOWS\System32\msplus.dll folder moved successfully.
C:\WINDOWS\System32\msplus1.dll folder moved successfully.
C:\WINDOWS\System32\msplus2.dll folder moved successfully.
C:\WINDOWS\System32\msplus3.dll folder moved successfully.
C:\WINDOWS\System32\msplus32.exe folder moved successfully.
C:\WINDOWS\System32\msplus4.dll folder moved successfully.
C:\WINDOWS\System32\msqsb.dll folder moved successfully.
C:\WINDOWS\System32\mssck.exe folder moved successfully.
C:\WINDOWS\System32\mssearch.dll folder moved successfully.
C:\WINDOWS\System32\mssearchnet.exe folder moved successfully.
C:\WINDOWS\System32\msspi.dll folder moved successfully.
C:\WINDOWS\System32\msstersv.dll folder moved successfully.
C:\WINDOWS\System32\mssz32.dll folder moved successfully.
C:\WINDOWS\System32\msview.dll folder moved successfully.
C:\WINDOWS\System32\msxct.exe folder moved successfully.
C:\WINDOWS\System32\msxml4r.exe folder moved successfully.
C:\WINDOWS\System32\msxmlpp.dll folder moved successfully.
C:\WINDOWS\System32\msxver64.sqr folder moved successfully.
C:\WINDOWS\System32\mtc.dll folder moved successfully.
C:\WINDOWS\System32\mtrnqs.exe folder moved successfully.
C:\WINDOWS\System32\mtwirl32.dll folder moved successfully.
C:\WINDOWS\System32\mupdate.exe folder moved successfully.
C:\WINDOWS\System32\myaccess.dll folder moved successfully.
C:\WINDOWS\System32\myad.dll folder moved successfully.
C:\WINDOWS\System32\mygeek.dll folder moved successfully.
C:\WINDOWS\System32\n3tpa1p.dll folder moved successfully.
C:\WINDOWS\System32\nas.dll folder moved successfully.
C:\WINDOWS\System32\navext.dll folder moved successfully.
C:\WINDOWS\System32\ndrv.dll folder moved successfully.
C:\WINDOWS\System32\ndrv.exe folder moved successfully.
C:\WINDOWS\System32\netcog.exe folder moved successfully.
C:\WINDOWS\System32\netjh32.exe folder moved successfully.
C:\WINDOWS\System32\netut80ex.vxd folder moved successfully.
C:\WINDOWS\System32\newmsrdk2.zip folder moved successfully.
C:\WINDOWS\System32\nkgfs.sys folder moved successfully.
C:\WINDOWS\System32\nnmzoq.exe folder moved successfully.
C:\WINDOWS\System32\nn_bar.dll folder moved successfully.
C:\WINDOWS\System32\nn_bar21.dll folder moved successfully.
C:\WINDOWS\System32\nn_bar22.dll folder moved successfully.
C:\WINDOWS\System32\nn_bar31.dll folder moved successfully.
C:\WINDOWS\System32\norton update.exe folder moved successfully.
C:\WINDOWS\System32\ntdx.exe folder moved successfully.
C:\WINDOWS\System32\nvapps.nvb moved successfully.
C:\WINDOWS\System32\nvctrl.exe folder moved successfully.
C:\WINDOWS\System32\nvms.dll folder moved successfully.
C:\WINDOWS\System32\nvrcr32.dll folder moved successfully.
C:\WINDOWS\System32\oebdfc.dll folder moved successfully.
C:\WINDOWS\System32\ofrg.dll folder moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ogg.dll
C:\WINDOWS\System32\ogg.dll NOT unregistered.
C:\WINDOWS\System32\ogg.dll moved successfully.
C:\WINDOWS\System32\oifhhio.dll folder moved successfully.
C:\WINDOWS\System32\oipa.dll folder moved successfully.
C:\WINDOWS\System32\oo4.dll folder moved successfully.
C:\WINDOWS\System32\opc.dll folder moved successfully.
C:\WINDOWS\System32\optserve.dll folder moved successfully.
C:\WINDOWS\System32\optserve.exe folder moved successfully.
C:\WINDOWS\System32\osalogbe.exe folder moved successfully.
C:\WINDOWS\System32\otw0i.dll folder moved successfully.
C:\WINDOWS\System32\patch31345.exe folder moved successfully.
C:\WINDOWS\System32\pavb1u2.exe folder moved successfully.
C:\WINDOWS\System32\pdfzzy.dll folder moved successfully.
C:\WINDOWS\System32\pdx.dll folder moved successfully.
C:\WINDOWS\System32\per.exe folder moved successfully.
C:\WINDOWS\System32\phantom.exe folder moved successfully.
C:\WINDOWS\System32\picx.exe folder moved successfully.
C:\WINDOWS\System32\plugnplay32.exe folder moved successfully.
C:\WINDOWS\System32\pnkeb.dll folder moved successfully.
C:\WINDOWS\System32\pnp.exe folder moved successfully.
C:\WINDOWS\System32\poller.exe folder moved successfully.
C:\WINDOWS\System32\pptp16.dll folder moved successfully.
C:\WINDOWS\System32\pptp24.sys folder moved successfully.
C:\WINDOWS\System32\pptp32.dll folder moved successfully.
C:\WINDOWS\System32\ppts16.dll folder moved successfully.
C:\WINDOWS\System32\pqhelper.dll folder moved successfully.
C:\WINDOWS\System32\preload.ocx folder moved successfully.
C:\WINDOWS\System32\protection.exe folder moved successfully.
C:\WINDOWS\System32\prutpct.exe folder moved successfully.
C:\WINDOWS\System32\prutsct.exe folder moved successfully.
C:\WINDOWS\System32\pruttct.exe folder moved successfully.
C:\WINDOWS\System32\ptech.exe folder moved successfully.
C:\WINDOWS\System32\pup.exe folder moved successfully.
C:\WINDOWS\System32\qdvtscf.dll folder moved successfully.
C:\WINDOWS\System32\qo.dll folder moved successfully.
C:\WINDOWS\System32\qo.sys folder moved successfully.
C:\WINDOWS\System32\quicklaunchie.dll folder moved successfully.
C:\WINDOWS\System32\qy.sys folder moved successfully.
C:\WINDOWS\System32\qz.dll folder moved successfully.
C:\WINDOWS\System32\qz.sys folder moved successfully.
C:\WINDOWS\System32\randreco.exe folder moved successfully.
C:\WINDOWS\System32\rcbdwmpd.dll folder moved successfully.
C:\WINDOWS\System32\rdpwmsjt.exe folder moved successfully.
C:\WINDOWS\System32\reg2.exe folder moved successfully.
C:\WINDOWS\System32\regp32.dll folder moved successfully.
C:\WINDOWS\System32\regperf.exe folder moved successfully.
C:\WINDOWS\System32\regsvc32.exe folder moved successfully.
C:\WINDOWS\System32\rem00001.dll folder moved successfully.
C:\WINDOWS\System32\replmap.dll folder moved successfully.
C:\WINDOWS\System32\re_file.exe folder moved successfully.
C:\WINDOWS\System32\rkinstaller.exe folder moved successfully.
C:\WINDOWS\System32\rlvknlg.exe folder moved successfully.
C:\WINDOWS\System32\rmashlex.dll folder moved successfully.
C:\WINDOWS\System32\rsp.dll folder moved successfully.
C:\WINDOWS\System32\rsp001.dll folder moved successfully.
C:\WINDOWS\System32\rsstoolbar.dll folder moved successfully.
C:\WINDOWS\System32\rulesak.dll folder moved successfully.
C:\WINDOWS\System32\rundll.exe folder moved successfully.
C:\WINDOWS\System32\rundll16.dll folder moved successfully.
C:\WINDOWS\System32\rundnm.exe folder moved successfully.
C:\WINDOWS\System32\rvreg.exe folder moved successfully.
C:\WINDOWS\System32\s4helper.dll folder moved successfully.
C:\WINDOWS\System32\sbus.dll folder moved successfully.
C:\WINDOWS\System32\scalpe91.exe folder moved successfully.
C:\WINDOWS\System32\scp3jgaw.dll folder moved successfully.
C:\WINDOWS\System32\scrigz.exe folder moved successfully.
C:\WINDOWS\System32\sd.exe folder moved successfully.
C:\WINDOWS\System32\sd16win.dll folder moved successfully.
C:\WINDOWS\System32\sdkdh.exe folder moved successfully.
C:\WINDOWS\System32\sdkhb32.exe folder moved successfully.
C:\WINDOWS\System32\sdkly.exe folder moved successfully.
C:\WINDOWS\System32\sdmapi.sys folder moved successfully.
C:\WINDOWS\System32\seantb.dll folder moved successfully.
C:\WINDOWS\System32\searchaddon.dll folder moved successfully.
C:\WINDOWS\System32\searchsquire.dll folder moved successfully.
C:\WINDOWS\System32\searchsquire2.dll folder moved successfully.
C:\WINDOWS\System32\searchsquire3.dll folder moved successfully.
C:\WINDOWS\System32\searchsquire33.dll folder moved successfully.
C:\WINDOWS\System32\searchupdate31.exe folder moved successfully.
C:\WINDOWS\System32\searchupdate33.exe folder moved successfully.
C:\WINDOWS\System32\secumsje.exe folder moved successfully.
C:\WINDOWS\System32\sed.exe moved successfully.
C:\WINDOWS\System32\semd32.dll folder moved successfully.
C:\WINDOWS\System32\seqsb.dll folder moved successfully.
C:\WINDOWS\System32\sertgs.dll folder moved successfully.
C:\WINDOWS\System32\servehost.exe folder moved successfully.
C:\WINDOWS\System32\service5.exe folder moved successfully.
C:\WINDOWS\System32\services moved successfully.
C:\WINDOWS\System32\servises.exe folder moved successfully.
C:\WINDOWS\System32\shell.exe folder moved successfully.
C:\WINDOWS\System32\shfoxpob.exe folder moved successfully.
C:\WINDOWS\System32\shnlog.exe folder moved successfully.
C:\WINDOWS\System32\sksdrvr2.sys folder moved successfully.
C:\WINDOWS\System32\skybot.exe folder moved successfully.
C:\WINDOWS\System32\skytown.exe folder moved successfully.
C:\WINDOWS\System32\skyx16.dll folder moved successfully.
C:\WINDOWS\System32\slbipsch.dll folder moved successfully.
C:\WINDOWS\System32\slbipsch.exe folder moved successfully.
C:\WINDOWS\System32\slbrmqtr.exe folder moved successfully.
C:\WINDOWS\System32\slpube03.dll folder moved successfully.
C:\WINDOWS\System32\smdnn05.dll folder moved successfully.
C:\WINDOWS\System32\smtapi.sys folder moved successfully.
C:\WINDOWS\System32\snda32.dll folder moved successfully.
C:\WINDOWS\System32\sndu32.dll folder moved successfully.
C:\WINDOWS\System32\snmpmssw.exe folder moved successfully.
C:\WINDOWS\System32\socul.dll folder moved successfully.
C:\WINDOWS\System32\sodahk.dll folder moved successfully.
C:\WINDOWS\System32\somatic.dll folder moved successfully.
C:\WINDOWS\System32\sp2fx.exe folder moved successfully.
C:\WINDOWS\System32\sp2winfix.exe folder moved successfully.
C:\WINDOWS\System32\speeder.exe folder moved successfully.
C:\WINDOWS\System32\spwgoc.exe folder moved successfully.
C:\WINDOWS\System32\sqlbgb.dll folder moved successfully.
C:\WINDOWS\System32\ss.dll folder moved successfully.
C:\WINDOWS\System32\ss32.dll folder moved successfully.
C:\WINDOWS\System32\stagmr.exe folder moved successfully.
C:\WINDOWS\System32\stcloader.exe folder moved successfully.
C:\WINDOWS\System32\stlbad123.dll folder moved successfully.
C:\WINDOWS\System32\stlbdist.dll folder moved successfully.
C:\WINDOWS\System32\stlbupdt.dll folder moved successfully.
C:\WINDOWS\System32\stmtreco.exe folder moved successfully.
C:\WINDOWS\System32\submithook.dll folder moved successfully.
C:\WINDOWS\System32\support.exe folder moved successfully.
C:\WINDOWS\System32\susp_reco.exe folder moved successfully.
C:\WINDOWS\System32\svjvpn.sys folder moved successfully.
C:\WINDOWS\System32\svkvpn.dll folder moved successfully.
C:\WINDOWS\System32\svkvpn.sys folder moved successfully.
C:\WINDOWS\System32\sword.exe folder moved successfully.
C:\WINDOWS\System32\sysconf.exe folder moved successfully.
C:\WINDOWS\System32\sysdll32.dll folder moved successfully.
C:\WINDOWS\System32\sysldr.dll folder moved successfully.
C:\WINDOWS\System32\sysmonnt.exe folder moved successfully.
C:\WINDOWS\System32\systemout.exe folder moved successfully.
C:\WINDOWS\System32\sys_ext.dll folder moved successfully.
C:\WINDOWS\System32\sys_xp.exe folder moved successfully.
C:\WINDOWS\System32\sys_xp.exeopen folder moved successfully.
File not found!
< End of fix log >
OTScanIt by OldTimer - Version 1.0.6.0 fix logfile created on 03232008_120845

#22
kingviper

Posted 23 March 2008 - 10:43 AM

Member

Topic Starter
Member
37 posts

Here you go buddy!:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:42 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [HPIJetSend] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10586 bytes

Attached Files

OTScanIt4.Txt 397.71KB 169 downloads

#23
Essexboy

Posted 23 March 2008 - 11:20 AM

GeekU Moderator

Retired Staff
69,964 posts

OK that is A to S gone now we need to do the rest of the alphabet. As an aside you aren't an instructor testing me out are you

OK this fix is large so I will upload it as a text file. Download the text file and copy the entire contents and then paste them into OTScanit same again I am killing explorer and rebooting the system

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

#24
kingviper

Posted 23 March 2008 - 12:15 PM

Member

Topic Starter
Member
37 posts

It's not creating a logfile for some reason?

#25
kingviper

Posted 23 March 2008 - 01:45 PM

Member

Topic Starter
Member
37 posts

Here is the current scan log:

and HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:24 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bryan\Desktop\MALWARE PROGRAMS\OTScanIt\OTScanIt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [HPIJetSend] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10641 bytes

Attached Files

OTScanIt.Txt 177.57KB 144 downloads

Edited by kingviper, 23 March 2008 - 01:48 PM.

#26
Essexboy

Posted 23 March 2008 - 04:45 PM

GeekU Moderator

Retired Staff
69,964 posts

Looking a lot better now - If I could have one more MBAM run please and an update on how your system is running

Run MBAM

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#27
kingviper

Posted 23 March 2008 - 05:47 PM

Member

Topic Starter
Member
37 posts

Everything seems to be running ALOT smoother now. The only problem I'm still having is that pesky "error" code. Here is the log:

Malwarebytes' Anti-Malware 1.09
Database version: 521

Scan type: Quick Scan
Objects scanned: 32281
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks,

Bryan

#28
Essexboy

Posted 24 March 2008 - 06:50 AM

GeekU Moderator

Retired Staff
69,964 posts

OK thats the malware gone so lets tidy that section up before we proceed

Now the best part of the day ----- Your log now appears clean

Double click OTMoveit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself. MBAM will need to be uninstalled from Add/Remove in comtrol panel

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

SpywareBlaster to help prevent spyware from installing in the first place.
SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Keep safe

OK TO CONTINUE

We will now tidy the rest of the system up

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

THEN

Download, install and run Tuneup Utilities 2008

Select Free up disk space

Select Unneccesary files and backups then clean

Select Maintain Windows

Run Drive Defrag

Run Tune Up registry clean up

Then run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Select Increase performance

Run the internet Optimiser to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click Increase performance then system optimizer to run system advisor

ON COMPLETION

Can you now repost the error that you are getting plus the programmes running when you get it

#29
kingviper

Posted 24 March 2008 - 10:25 AM

Member

Topic Starter
Member
37 posts

working on it now

#30
kingviper

Posted 24 March 2008 - 11:03 AM

Member

Topic Starter
Member
37 posts

Ok, everything is complete. The error I'm getting is for example, when I try to open Battlefield Vietnam, I double click the Icon and I get BF1942.exe Application error 0xc000005, The program failed to initialize properly. I have 3 other games that are giving me the same problem but one of them Unreal Tournament is not. This only started about 8 months ago. I have tried uninstalling and reinstalling several times with no luck. Not sure what to do?

B