Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.Trojan.Yspy

Started by kelkay , Jun 10 2008 07:09 AM

  • This topic is locked This topic is locked

#76
koko_crunch
Posted 23 June 2008 - 05:42 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Still some left.
Let's do this manually, I'll be needing an uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
  • 0

Advertisements

#77
kelkay
Posted 23 June 2008 - 06:01 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
7-Zip 4.57
Active Ports
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ArcSoft PhotoPrinter 5
Ashampoo Burning Studio 2007
Ashampoo Burning Studio 5
Ashampoo Burning Studio 6
Ashampoo Music Studio 3
Ashampoo PowerUP XP Platinum 2
Ashampoo WinOptimizer Platinum 3
AT&T Self Support Tool
Audacity 1.2.6
AudibleManager
Camp Funshine: Carrie the Caregiver 3
Career Direct
CCleaner (remove only)
Click'N Design 3D (V5)
Coffee Rush
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
Data Fax SoftModem with SmartCP
DiskTools ImageMaker 1.1 Version 1.1
Dr.Web
DropMyRights
DVD Shrink 3.2
Enhanced Multimedia Keyboard Solution
Error Messages for Windows
e-Sword
Fish Tycoon
Free CD to MP3 Converter
Google Earth
Google Video Player
GTK+ 2.10.13 runtime environment
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Solution Center 7.0
HP Update
HP Web Helper
IObit SmartDefrag Beta1.1
iTunes
iVocalize Web Conference 4
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
JGsoft EditPad Lite 6.2.1
Lame ACM MP3 Codec
Legacy 6.0
Logitech MouseWare 9.79
Malware Immunizer 1.5
Malwarebytes' Anti-Malware
Media Center Karaoke Plug-in
MediaCoder 0.5.1
MediaMonkey 2.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft ActiveSync
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Outlook 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Moodflow.com Inspirational Screen Saver
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Napster
Napster Burn Engine
Napster Label Creator
Navilog1 3.5.7
Nero Suite
NVIDIA Drivers
OMN
OpenOffice.org 2.3
OpenTalk v3.20
Otto
PaltalkScene
PC-Doctor 5 for Windows
PortPeeker
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
REA's TESTware for CLEP Western Civilization I
Registry Mechanic 6.0
RootsMagic 3.2.5.0
Samsung Digital Camera
Samsung Master
Sansa Media Converter
Sansa Updater
SeaMonkey (1.1.9)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB951376-v2)
SelectSoft Championship Chess
Sophos Anti-Rootkit 1.3.1
SpeedFan (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
SpywareGuard v2.2
SUPERAntiSpyware Free Edition
SureThing CD Labeler
The GIMP 2.2.17
The Sims Deluxe Edition
TheSage
Time Zone Data Update Tool for Microsoft Office Outlook
Traces Viewer
Unreal Streaming Media Player v 4.0
Updates from HP (remove only)
WebFerret
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Mobile Daylight Saving Time 2007 Updates
Windows Presentation Foundation
WinUpdatesList
WordWeb
Yahoo! Messenger
Yahoo! Toolbar
ZENcast Organizer
ZMatrix 1.5.2
ZoneAlarm Pro
Zoo Tycoon 2
ZVUE Portable MP3 Player
  • 0

#78
kelkay
Posted 23 June 2008 - 06:02 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I'm gonna eat supper, be back in a while. These things are sure persistent aren't they....
  • 0

#79
koko_crunch
Posted 23 June 2008 - 07:17 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Yup they are. Somehow, something blocking it from removal.
Luckily we have a number of tool in reserve. :)

Try this.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\BOOT.BAK
C:\csrss.exe
C:\Program Files\Accoona
C:\Program Files\eMedia Codec
C:\Program Files\adwareremovergold.com
C:\Program Files\bulletproofsoft.com
C:\Program Files\dealhelper.com inc
C:\Program Files\gator.com
C:\Program Files\malwaresweeper.com
C:\Program Files\pcprivacysoftware.com
C:\Program Files\PSGuard
C:\Program Files\Security IGuard
C:\WINDOWS\2020search.dll
C:\WINDOWS\ads.js
C:\WINDOWS\avpcc.dll
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\csrss.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\dlmax.dll
C:\WINDOWS\explore.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\lsasss.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\Pynix.dll
C:\WINDOWS\qttasks.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\services.exe
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\alsys.exe
C:\WINDOWS\system32\anti_troj.exe
C:\WINDOWS\system32\bho.dll
C:\WINDOWS\system32\bootconf.exe
C:\WINDOWS\system32\bridge.dll
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\dfrgsrv.exe
C:\WINDOWS\system32\dxmpp.dll
C:\WINDOWS\system32\e1.dll
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\ginuerep.dll
C:\WINDOWS\system32\higehsg.dll
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\system32\internet.exe
C:\WINDOWS\system32\intmon.exe
C:\WINDOWS\system32\ipv6mons.dll
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\msbe.dll
C:\WINDOWS\system32\msclt.exe
C:\WINDOWS\system32\mscornet.exe
C:\WINDOWS\system32\msmsgs.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\mstc.exe
C:\WINDOWS\system32\msupdate.exe
C:\WINDOWS\system32\mswins.exe
C:\WINDOWS\system32\MTC.dll
C:\WINDOWS\system32\nordsys.exe
C:\WINDOWS\system32\nuclabdll.dll
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\nvms.dll
C:\WINDOWS\system32\ppl.exe
C:\WINDOWS\system32\regperf.exe
C:\WINDOWS\system32\remote.exe
C:\WINDOWS\system32\replmap.dll
C:\WINDOWS\system32\rundll.exe
C:\WINDOWS\system32\rx.exe
C:\WINDOWS\system32\scvhost32.exe
C:\WINDOWS\system32\se.exe
C:\WINDOWS\system32\server.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\system32\svshost.exe
C:\WINDOWS\system32\sys.exe
C:\WINDOWS\system32\taskgmr.exe
C:\WINDOWS\system32\twain32.dll
C:\WINDOWS\system32\update.exe
C:\WINDOWS\system32\wgareg.exe
C:\WINDOWS\system32\wgavm.exe
C:\WINDOWS\system32\wiatwain.dll
C:\WINDOWS\system32\win32.exe
C:\WINDOWS\system32\wincom32.sys
C:\WINDOWS\system32\windll.exe
C:\WINDOWS\system32\windowz.exe
C:\WINDOWS\system32\winhost.exe
C:\WINDOWS\system32\winsvc.exe
C:\WINDOWS\system32\winsys32.exe
C:\WINDOWS\system32\winupd.exe
C:\WINDOWS\system32\winxp.exe
C:\WINDOWS\system32\xkrdk.dll
C:\WINDOWS\system32\zlbw.dll
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winlogon.exe
C:\WINDOWS\winserv.exe
C:\WINDOWS\xpupdate.exe
C:\WINDOWS\ZServ.dll
C:\winstall.exe

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#80
kelkay
Posted 23 June 2008 - 07:40 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I can't find it I am looking for it. I had it before...but I guess I will have to re-download it.

Edited by kelkay, 23 June 2008 - 07:41 PM.

  • 0

#81
kelkay
Posted 23 June 2008 - 07:49 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
File/Folder CODE not found.
C:\BOOT.BAK moved successfully.
C:\csrss.exe moved successfully.
C:\Program Files\Accoona moved successfully.
C:\Program Files\eMedia Codec moved successfully.
C:\Program Files\adwareremovergold.com moved successfully.
C:\Program Files\bulletproofsoft.com moved successfully.
C:\Program Files\dealhelper.com inc moved successfully.
C:\Program Files\gator.com moved successfully.
C:\Program Files\malwaresweeper.com moved successfully.
C:\Program Files\pcprivacysoftware.com moved successfully.
C:\Program Files\PSGuard moved successfully.
C:\Program Files\Security IGuard moved successfully.
C:\WINDOWS\2020search.dll moved successfully.
C:\WINDOWS\ads.js moved successfully.
C:\WINDOWS\avpcc.dll moved successfully.
C:\WINDOWS\BTGrab.dll moved successfully.
C:\WINDOWS\csrss.exe moved successfully.
C:\WINDOWS\ctrlpan.dll moved successfully.
C:\WINDOWS\dlmax.dll moved successfully.
C:\WINDOWS\explore.exe moved successfully.
C:\WINDOWS\FVProtect.exe moved successfully.
C:\WINDOWS\iexplorer.exe moved successfully.
C:\WINDOWS\lsasss.exe moved successfully.
C:\WINDOWS\msconfd.dll moved successfully.
C:\WINDOWS\mssvr.exe moved successfully.
C:\WINDOWS\olehelp.exe moved successfully.
C:\WINDOWS\Pynix.dll moved successfully.
C:\WINDOWS\qttasks.exe moved successfully.
C:\WINDOWS\rundll16.exe moved successfully.
C:\WINDOWS\services.exe moved successfully.
C:\WINDOWS\sistem.exe moved successfully.
C:\WINDOWS\svchost.exe moved successfully.
C:\WINDOWS\system32\a.exe moved successfully.
C:\WINDOWS\system32\alsys.exe moved successfully.
C:\WINDOWS\system32\anti_troj.exe moved successfully.
C:\WINDOWS\system32\bho.dll moved successfully.
C:\WINDOWS\system32\bootconf.exe moved successfully.
C:\WINDOWS\system32\bridge.dll moved successfully.
C:\WINDOWS\system32\dcomcfg.exe moved successfully.
C:\WINDOWS\system32\dfrgsrv.exe moved successfully.
C:\WINDOWS\system32\dxmpp.dll moved successfully.
C:\WINDOWS\system32\e1.dll moved successfully.
C:\WINDOWS\system32\emesx.dll moved successfully.
C:\WINDOWS\system32\ginuerep.dll moved successfully.
C:\WINDOWS\system32\higehsg.dll moved successfully.
C:\WINDOWS\system32\iexplore.exe moved successfully.
C:\WINDOWS\system32\internet.exe moved successfully.
C:\WINDOWS\system32\intmon.exe moved successfully.
C:\WINDOWS\system32\ipv6mons.dll moved successfully.
C:\WINDOWS\system32\ishost.exe moved successfully.
C:\WINDOWS\system32\ismon.exe moved successfully.
C:\WINDOWS\system32\isnotify.exe moved successfully.
C:\WINDOWS\system32\issearch.exe moved successfully.
C:\WINDOWS\system32\msbe.dll moved successfully.
C:\WINDOWS\system32\msclt.exe moved successfully.
C:\WINDOWS\system32\mscornet.exe moved successfully.
C:\WINDOWS\system32\msmsgs.exe moved successfully.
C:\WINDOWS\system32\mssearchnet.exe moved successfully.
C:\WINDOWS\system32\mstc.exe moved successfully.
C:\WINDOWS\system32\msupdate.exe moved successfully.
C:\WINDOWS\system32\mswins.exe moved successfully.
C:\WINDOWS\system32\MTC.dll moved successfully.
C:\WINDOWS\system32\nordsys.exe moved successfully.
C:\WINDOWS\system32\nuclabdll.dll moved successfully.
C:\WINDOWS\system32\nvctrl.exe moved successfully.
C:\WINDOWS\system32\nvms.dll moved successfully.
C:\WINDOWS\system32\ppl.exe moved successfully.
C:\WINDOWS\system32\regperf.exe moved successfully.
C:\WINDOWS\system32\remote.exe moved successfully.
C:\WINDOWS\system32\replmap.dll moved successfully.
C:\WINDOWS\system32\rundll.exe moved successfully.
C:\WINDOWS\system32\rx.exe moved successfully.
C:\WINDOWS\system32\scvhost32.exe moved successfully.
C:\WINDOWS\system32\se.exe moved successfully.
C:\WINDOWS\system32\server.exe moved successfully.
C:\WINDOWS\system32\shnlog.exe moved successfully.
C:\WINDOWS\system32\svhost.exe moved successfully.
C:\WINDOWS\system32\svshost.exe moved successfully.
C:\WINDOWS\system32\sys.exe moved successfully.
C:\WINDOWS\system32\taskgmr.exe moved successfully.
C:\WINDOWS\system32\twain32.dll moved successfully.
C:\WINDOWS\system32\update.exe moved successfully.
C:\WINDOWS\system32\wgareg.exe moved successfully.
C:\WINDOWS\system32\wgavm.exe moved successfully.
C:\WINDOWS\system32\wiatwain.dll moved successfully.
C:\WINDOWS\system32\win32.exe moved successfully.
C:\WINDOWS\system32\wincom32.sys moved successfully.
C:\WINDOWS\system32\windll.exe moved successfully.
C:\WINDOWS\system32\windowz.exe moved successfully.
C:\WINDOWS\system32\winhost.exe moved successfully.
C:\WINDOWS\system32\winsvc.exe moved successfully.
C:\WINDOWS\system32\winsys32.exe moved successfully.
C:\WINDOWS\system32\winupd.exe moved successfully.
C:\WINDOWS\system32\winxp.exe moved successfully.
C:\WINDOWS\system32\xkrdk.dll moved successfully.
C:\WINDOWS\system32\zlbw.dll moved successfully.
C:\WINDOWS\userconfig9x.dll moved successfully.
C:\WINDOWS\voiceip.dll moved successfully.
C:\WINDOWS\winlogon.exe moved successfully.
C:\WINDOWS\winserv.exe moved successfully.
C:\WINDOWS\xpupdate.exe moved successfully.
C:\WINDOWS\ZServ.dll moved successfully.
C:\winstall.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06232008_204827
  • 0

#82
koko_crunch
Posted 23 June 2008 - 07:58 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Much better. :)
Let's run those tools again.

First,

Reboot computer.

Next,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back

Then,

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Logs required
- SDfix log
- Smitfraudfix log
  • 0

#83
kelkay
Posted 23 June 2008 - 08:49 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
SDFix: Version 1.196
Run by Kelly on Mon 06/23/2008 at 21:17

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:



Could Not Remove C:\WINDOWS\2020search2.dll
Could Not Remove C:\WINDOWS\system32\iexplorer.exe
Could Not Remove C:\WINDOWS\system32\svchost32.exe



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 21:35:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1164757353\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1164757353\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:Paltalk 9 beta"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Common Files\\AOL\\1164757353\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1164757353\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\kontiki\\KService.exe"="C:\\Program Files\\kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

Remaining Files :

C:\WINDOWS\2020search2.dll Found
C:\WINDOWS\system32\iexplorer.exe Found
C:\WINDOWS\system32\svchost32.exe Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 19 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Fri 19 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Tue 12 Jul 2005 54,872 A..H. --- "C:\Program Files\America Online 9.0a\AOLphx.exe"
Tue 12 Jul 2005 31,832 A..H. --- "C:\Program Files\America Online 9.0a\rbm.exe"
Sun 21 Oct 2007 72,704 ..SHR --- "C:\Program Files\Malware Immunizer\MI.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 28 Nov 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Tue 25 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 27 Nov 2006 211 A.SHR --- "C:\_OTMoveIt\MovedFiles\06232008_204827\BOOT.BAK"
Tue 25 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 19 Sep 2005 788,568 A..H. --- "C:\Program Files\Online Services\Canada\KOL\client.exe"
Wed 17 Aug 2005 13,459,528 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\nsb-install-8-0.exe"
Wed 17 Aug 2005 233,472 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\webutil8.exe"
Wed 17 Aug 2005 389,120 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\WinsockFix.exe"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT2.tmp"
Thu 5 Jun 2008 274 A..HR --- "C:\_OTMoveIt\MovedFiles\06232008_204827\Program Files\adwareremovergold.com"
Thu 5 Jun 2008 274 A..HR --- "C:\_OTMoveIt\MovedFiles\06232008_204827\Program Files\bulletproofsoft.com"
Thu 5 Jun 2008 236 A..HR --- "C:\_OTMoveIt\MovedFiles\06232008_204827\Program Files\dealhelper.com inc"
Thu 5 Jun 2008 228 A..HR --- "C:\_OTMoveIt\MovedFiles\06232008_204827\Program Files\gator.com"
Thu 5 Jun 2008 274 A..HR --- "C:\_OTMoveIt\MovedFiles\06232008_204827\Program Files\malwaresweeper.com"
Thu 5 Jun 2008 274 A..HR --- "C:\_OTMoveIt\MovedFiles\06232008_204827\Program Files\pcprivacysoftware.com"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL"
Thu 1 Nov 2007 10,186 A.SH. --- "C:\Documents and Settings\Kelly\Application Data\Roxio\Dragon\DiscInfoCache\TSSTcorp_CD_DVDW_TS-H652L_0603_300_DICV018_DRGV2050108.TMP"
Sat 21 Jun 2008 2,146 A.SH. --- "C:\Documents and Settings\Kelly\Application Data\Roxio\Dragon\DiscInfoCache\TSSTcorp_CD_DVDW_TS-H652L_0603_000_DICV018_DRGV2050108.TMP"
Mon 19 Sep 2005 77,824 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\AcsInstN.dll"
Mon 19 Sep 2005 6,961,146 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acsnet.zip"
Mon 19 Sep 2005 3,058,888 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acssetup.exe"
Mon 19 Sep 2005 307,289 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspcheck.dll"
Mon 19 Sep 2005 7,083,361 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\autoit\autoit-v3.zip"
Mon 19 Sep 2005 550,488 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\deskbar\deskbr.exe"
Mon 19 Sep 2005 553,984 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\flash\FlashAX.exe"
Mon 19 Sep 2005 2,242,759 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\nisale.exe"
Mon 19 Sep 2005 24,064 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\NISChk.dll"
Mon 19 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpchk.dll"
Mon 19 Sep 2005 748,728 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpinst.exe"
Mon 19 Sep 2005 7,515,304 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\qt.exe"
Mon 19 Sep 2005 86,016 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\QTInsInf.dll"
Mon 19 Sep 2005 45,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealChk.dll"
Mon 19 Sep 2005 5,111,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealPl8.EXE"
Mon 19 Sep 2005 4,378,673 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\real_upd.exe"
Mon 19 Sep 2005 360,448 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\rp9codec.exe"
Mon 19 Sep 2005 40,960 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SiNdInst.dll"
Mon 19 Sep 2005 473,736 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SinfInst.exe"
Mon 19 Sep 2005 12,288 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbinst.dll"
Mon 19 Sep 2005 516,032 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbsetup.exe"
Mon 19 Sep 2005 597,080 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\toolbar\toolbr.exe"
Mon 19 Sep 2005 590,688 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\TSsetup.exe"
Mon 19 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\tsverchk.dll"
Mon 19 Sep 2005 49,152 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\AOLVPChk.dll"
Mon 19 Sep 2005 61,440 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\VPPrePop.exe"
Mon 19 Sep 2005 3,858,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\Vwpt.exe"

Finished!
  • 0

#84
koko_crunch
Posted 23 June 2008 - 08:58 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
and the Smitfraud fix log?
  • 0

#85
kelkay
Posted 23 June 2008 - 09:04 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
SmitFraudFix v2.328

Scan done at 21:55:22.37, Mon 06/23/2008
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BC66573B-7393-429F-9833-129CDC3EBDFC}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BC66573B-7393-429F-9833-129CDC3EBDFC}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BC66573B-7393-429F-9833-129CDC3EBDFC}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements

#86
kelkay
Posted 23 June 2008 - 09:05 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:57, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\PROGRA~1\DrWeb\spiderui.exe
C:\PROGRA~1\DrWeb\SpiderNT.exe
C:\Program Files\DrWeb\spiderml.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/s...ayerSupport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/s...iaPublisher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165348971449
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SpIDer Guard for Windows NT (spidernt) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\SpiderNT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10850 bytes
  • 0

#87
kelkay
Posted 23 June 2008 - 09:06 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Okay I believe that is all up to this point. I hope this got it! :)
  • 0

#88
koko_crunch
Posted 23 June 2008 - 09:08 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Some more left.

Please read this post completely before proceeding.
Follow directions carefully.

Next,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\2020search2.dll
C:\WINDOWS\system32\iexplorer.exe
C:\WINDOWS\system32\svchost32.exe

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Then,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.

Click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt


Logs required
- OTmoveit log
- DSS main and extra
  • 0

#89
kelkay
Posted 23 June 2008 - 09:12 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
C:\WINDOWS\2020search2.dll moved successfully.
C:\WINDOWS\system32\iexplorer.exe moved successfully.
C:\WINDOWS\system32\svchost32.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06232008_221201
  • 0

#90
kelkay
Posted 23 June 2008 - 09:27 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Deckard's System Scanner v20071014.68
Run by Kelly on 2008-06-23 22:21:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


Performed disk cleanup.



-- HijackThis (run as Kelly.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:21, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\PROGRA~1\DrWeb\spiderui.exe
C:\PROGRA~1\DrWeb\SpiderNT.exe
C:\Program Files\DrWeb\spiderml.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Kelly\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kelly.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/s...ayerSupport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/s...iaPublisher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165348971449
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SpIDer Guard for Windows NT (spidernt) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\SpiderNT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10657 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080605-104113-318 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20080605-104113-343 O23 - Service: AZZVJ - Unknown owner - C:\DOCUME~1\Kelly\LOCALS~1\Temp\AZZVJ.exe (file missing)
backup-20080605-104113-576 O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
backup-20080605-104113-858 O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)
backup-20080605-104113-971 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S3 catchme - c:\docume~1\kelly\locals~1\temp\catchme.sys (file missing)
S3 MEMSWEEP2 - c:\windows\system32\3.tmp (file missing)
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S4 spcstb - c:\windows\system32\drivers\spcstb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 SansaService (Sansa Updater Service) - c:\program files\sandisk\sansa updater\sansasvr.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 784)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\system32\svchost.exe (pid 1168)
2007-12-26 11:05:11 77824 --a-----t C:\WINDOWS\system32\DRWEBSP.DLL <Not Verified; Doctor Web, Ltd.; Dr.Web Anti-Virus>

C:\WINDOWS\explorer.exe (pid 1776)
2005-07-12 00:17:43 77824 --a------ C:\Program Files\Common Files\aolshare\aolshcpy.dll <Not Verified; America Online Inc.; aolshcpy Module>
2002-07-04 09:38:00 53248 --a------ C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
-- :: 0 --------- C:\DOCUME~1\Kelly\LOCALS~1\Temp\IadHide5.dll
2007-12-26 11:05:11 77824 --a-----t C:\WINDOWS\system32\DRWEBSP.DLL <Not Verified; Doctor Web, Ltd.; Dr.Web Anti-Virus>
2005-06-03 10:23:28 122880 --a------ C:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll <Not Verified; Motive Communications, Inc.; Motive System>
2008-05-13 10:13:36 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2005-04-04 14:06:02 1515520 -----n--- C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll <Not Verified; Nero AG; Nero Digital Tools>
2007-08-30 21:00:52 335872 --a------ C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll <Not Verified; Sun Microsystems, Inc.; >
2007-08-17 22:54:42 98304 --a------ C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll <Not Verified; Sun Microsystems, Inc.; >
2007-08-08 20:04:26 577536 --a------ C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll <Not Verified; STLport Consulting, Inc.; STLport Standard ANSI C++ Libarary>


-- Scheduled Tasks -------------------------------------------------------------

2008-06-23 22:01:07 478 --a------ C:\WINDOWS\Tasks\SmartDefrag.job
2008-06-13 15:40:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 21:55:03 0 d-------- C:\SmitfraudFix
2008-06-23 20:42:18 291328 --a------ C:\OTMoveIt2.exe <Not Verified; OldTimer Tools; OTMoveIt>
2008-06-23 17:52:34 1477906 --a------ C:\SmitfraudFix.exe
2008-06-23 17:06:15 0 d-------- C:\WINDOWS\ERUNT
2008-06-23 14:20:18 1441875 --a------ C:\SDFix.exe
2008-06-16 15:42:13 3322 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-15 21:31:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-15 21:31:41 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-15 21:31:41 0 d-------- C:\Documents and Settings\Kelly\Application Data\SUPERAntiSpyware.com
2008-06-12 15:35:16 0 d-------- C:\Program Files\iPod
2008-06-12 15:35:06 0 d-------- C:\Program Files\iTunes
2008-06-12 15:34:02 0 d-------- C:\Program Files\QuickTime
2008-06-12 15:32:24 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-12 15:31:58 0 d-------- C:\Program Files\Common Files\Apple
2008-06-12 15:29:32 0 d-------- C:\Program Files\Apple Software Update
2008-06-12 15:29:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-06 17:04:15 21312 --a------ C:\WINDOWS\choice.exe
2008-06-06 16:59:37 0 d-------- C:\old
2008-06-06 16:59:37 0 d-------- C:\choice
2008-06-06 16:59:37 0 d-------- C:\adult
2008-06-06 16:59:00 0 d-------- C:\ie-spyad
2008-06-06 08:57:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-06 08:57:03 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\winupie.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\winmuschi.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\updatewinlocator.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\zp.dll
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\zeropopupbar.dll
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\winwsl.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\wintft.dll
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\wintbpx.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\wintbp.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\winshow.dll
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\winsb.dll
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\winrvl.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\winpup32.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\winpup.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\winlocatorhelper.dll
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\winlocator.dll
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\winksl.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\systemout.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\sysdll32.dll
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\servises.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\pup.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\pnp.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\per.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\norton update.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\[bleep].exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\df_kme.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\csm.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\botzor.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\axconfig.dll
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\system32\4ccc3cea.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\pnpasn32.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\hpsv.exe
2008-06-05 23:49:24 0 dr-hs---- C:\WINDOWS\cdproxyserv.exe
2008-06-05 23:49:24 230 -r-h----- C:\Program Files\zsearch
2008-06-05 23:49:24 240 -r-h----- C:\Program Files\zeropopupbar
2008-06-05 23:49:24 226 -r-h----- C:\Program Files\zangoclient
2008-06-05 23:49:24 226 -r-h----- C:\Program Files\zango games
2008-06-05 23:49:24 228 -r-h----- C:\Program Files\xsoftware
2008-06-05 23:49:24 228 -r-h----- C:\Program Files\xpcspy
2008-06-05 23:49:24 232 -r-h----- C:\Program Files\winfixer 2005
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\windowsupd4.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\windowsupd2.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\windowsupd1.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\vx2.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\winntcreate.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\vx2.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\vwix32.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\uninmyad.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\tps108.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\tisa.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\tips.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\tippcls.dat
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\tipp.dat
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\ticont.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\ticads.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\tconini.dat
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\sysmonnt.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\spwgoc.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\rvreg.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\rulesak.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\myad.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\msview.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\msnavc32.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\lut.dat
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\lspak.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\localnrd.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\lcch.dat
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\ladchkr.exe
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\host.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\gdu.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\dad.bat
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\cidrules.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\system32\6fo4svc.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\psapi.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\kernellos.dll
2008-06-05 23:49:23 222 -r-h----- C:\WINDOWS\isrvs
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\iehelper.dll
2008-06-05 23:49:23 0 dr-hs---- C:\WINDOWS\cleanhistories.dll
2008-06-05 23:49:23 240 -r-h----- C:\Program Files\winfavorites
2008-06-05 23:49:23 246 -r-h----- C:\Program Files\windows adtools
2008-06-05 23:49:23 250 -r-h----- C:\Program Files\windows adcontrol
2008-06-05 23:49:23 230 -r-h----- C:\Program Files\win comm
2008-06-05 23:49:23 226 -r-h----- C:\Program Files\whenu
2008-06-05 23:49:23 236 -r-h----- C:\Program Files\web_rebates
2008-06-05 23:49:23 236 -r-h----- C:\Program Files\web_cpr
2008-06-05 23:49:23 224 -r-h----- C:\Program Files\vvsn
2008-06-05 23:49:23 226 -r-h----- C:\Program Files\vvsdl
2008-06-05 23:49:23 226 -r-h----- C:\Program Files\vomba
2008-06-05 23:49:23 238 -r-h----- C:\Program Files\vmntoolbar
2008-06-05 23:49:23 232 -r-h----- C:\Program Files\ts trial
2008-06-05 23:49:23 222 -r-h----- C:\Program Files\hpdll
2008-06-05 23:49:23 232 -r-h----- C:\Program Files\Common Files\winsoftware
2008-06-05 23:49:23 226 -r-h----- C:\Program Files\Common Files\ucontrol
2008-06-05 23:49:23 222 -r-h----- C:\Program Files\autoupdate
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\t2serv.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\t2serv.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\wshtlprh.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\wshnseri.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\winftsap.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\winftsap.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\w3sskbda.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\vsxmpgpc.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\vnetsmme.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\vb5dmspo.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\v4pbpt51.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\trafracp.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\timesrv.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\snmpmssw.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\slbrmqtr.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\slbipsch.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\slbipsch.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\shfoxpob.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\secumsje.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\sd16win.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\scp3jgaw.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\rdpwmsjt.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\rcbdwmpd.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\qdvtscf.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\oebdfc.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\msstersv.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\msnsxole.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\msnsxole.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\mslsicwd.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\msexcred.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\msafiasn.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\messenger.lib.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\hook2.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\hook1.dll
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\google.png.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\game3.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\game2.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\game1.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\system32\adchkr.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\sserrvv.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\serrv.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\reggserv.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\msupdtwiz.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\cserv32.exe
2008-06-05 23:49:22 0 dr-hs---- C:\WINDOWS\ccsserv.exe
2008-06-05 23:49:22 234 -r-h----- C:\temp_kl
2008-06-05 23:49:22 232 -r-h----- C:\Program Files\topmoxie
2008-06-05 23:49:22 244 -r-h----- C:\Program Files\sys detective+
2008-06-05 23:49:22 240 -r-h----- C:\Program Files\surfsidekick
2008-06-05 23:49:22 240 -r-h----- C:\Program Files\surfsidekick 2
2008-06-05 23:49:22 232 -r-h----- C:\Program Files\superbar
2008-06-05 23:49:22 232 -r-h----- C:\Program Files\netmeting
2008-06-05 23:49:22 234 -r-h----- C:\archivos de programa
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\unsocul.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\sodahk.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\socul.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\mqoacdmo.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\mqadscp3.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\mgmtmtxc.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\mcd3mscm.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\lmrtatkc.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\kbdpkbdr.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\kbdfwshe.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\jgsdrpcn.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\jgsdrpcn.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\jgdwadsn.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\jgdwadsn.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\iuennwcf.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\ir32racp.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\ipxwshel.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\ipxrmfc4.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\imesrdch.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\icmpdx3j.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\iaspdpus.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\i4n27vl.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\hhselz32.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\fltlauto.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\fileserv.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\dsseds32.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\dsseds32.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\dpugmswe.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\dnsrxpob.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\deskmcd3.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\ddemdmco.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\davctool.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\davctool.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\confbrw.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\comrkbdd.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\comploader.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\chkmfdep.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\camodpnm.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\brwstat.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\brwprf32.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\brwperf.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\brwmgr32.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\brwconf.exe
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\avifipxr.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\admeiolo.dll
2008-06-05 23:49:21 0 dr-hs---- C:\WINDOWS\system32\actidmoc.exe
2008-06-05 23:49:21 234 -r-h----- C:\spedia
2008-06-05 23:49:21 244 -r-h----- C:\Program Files\swagent
2008-06-05 23:49:21 244 -r-h----- C:\Program Files\stealthwatcher200
2008-06-05 23:49:21 230 -r-h----- C:\Program Files\spytech software
2008-06-05 23:49:21 234 -r-h----- C:\Program Files\spyonthis
2008-06-05 23:49:21 232 -r-h----- C:\Program Files\spyblast
2008-06-05 23:49:21 226 -r-h----- C:\Program Files\p4p
2008-06-05 23:49:21 226 -r-h----- C:\Program Files\Common Files\sogou pxp
2008-06-05 23:49:20 236 -r-h----- C:\WINDOWS\winsecurity
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\waladhpr.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\wzhelper.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\webalize.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\somatic.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\smdnn05.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\servehost.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\seqsb.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\searchupdate33.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\searchupdate31.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\searchsquire33.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\searchsquire3.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\searchsquire2.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\searchsquire.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\seantb.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\s4helper.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\reg2.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\pqhelper.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\mygeek.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\msqsb.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\msplus4.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\msplus3.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\msplus2.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\mslspcg.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\mgeekremove.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\ifsomatic.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\ifhelper.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\iebrw.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\hotlink.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\homepage.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\hmepge.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\gsim.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\system32\barbho.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\svrmgr.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\ssmsgr.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\ssls.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\ssdgt.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\sscrg.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\skynetave.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\napatch.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\gsim.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\cssswd.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\csssupd.exe
2008-06-05 23:49:20 236 -r-h----- C:\WINDOWS\connectionstatus
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\cfg32s.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\cfg32r.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\cfg32o.dll
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\cfg32.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\avserve3.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\avserve2.exe
2008-06-05 23:49:20 0 dr-hs---- C:\WINDOWS\adrsb.exe
2008-06-05 23:49:20 232 -r-h----- C:\Program Files\valintines day card
2008-06-05 23:49:20 234 -r-h----- C:\Program Files\softomate
2008-06-05 23:49:20 248 -r-h----- C:\Program Files\selectrebates
2008-06-05 23:49:20 234 -r-h----- C:\Program Files\searchnet
2008-06-05 23:49:20 240 -r-h----- C:\Program Files\searchlocate
2008-06-05 23:49:20 236 -r-h----- C:\Program Files\screenview
2008-06-05 23:49:20 230 -r-h----- C:\Program Files\savenow
2008-06-05 23:49:20 234 -r-h----- C:\Program Files\rxtoolbar
2008-06-05 23:49:20 234 -r-h----- C:\Program Files\ietoolbar
2008-06-05 23:49:20 230 -r-h----- C:\Program Files\ezthemes_whenusavenow_installer
2008-06-05 23:49:20 242 -r-h----- C:\Program Files\dynamic toolbar
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\wserver.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\winlogon.scr
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\visualguard.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\vlcx052.dll
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\speeder.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\slpube03.dll
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\rlvknlg.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\rkinstaller.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\rk.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\optserve.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\optserve.dll
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\msplus1.dll
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\msplus.dll
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\mrkscr.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\lp.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\lp.dll
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\system32\auole4.dll
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\sysmonxp.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\symav.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\switpb.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\switpa.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\rundil32.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\rundil.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\phantom.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\pandaavengine.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\netmedia.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\msnmsgrs.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\maja.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\lansas.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\kasperskyaveng.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\jammer2nd.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\infodll.dll
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\fooding.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\firewallsvr.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\easyav.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\diskmonitor.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\comp.cpl
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\avprotect9x.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\avprotect.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\avpguard.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\avguard.exe
2008-06-05 23:49:19 0 dr-hs---- C:\WINDOWS\avbgle.exe
2008-06-05 23:49:19 234 -r-h----- C:\Program Files\startup mechanic
2008-06-05 23:49:19 250 -r-h----- C:\Program Files\relevantknowledge
2008-06-05 23:49:19 234 -r-h----- C:\Program Files\rax search helper
2008-06-05 23:49:19 228 -r-h----- C:\Program Files\psupport
2008-06-05 23:49:19 234 -r-h----- C:\Program Files\need2find
2008-06-05 23:49:19 226 -r-h----- C:\Program Files\ncase
2008-06-05 23:49:19 232 -r-h----- C:\Program Files\navexcel
2008-06-05 23:49:19 232 -r-h----- C:\Program Files\navexcel search toolbar
2008-06-05 23:49:19 238 -r-h----- C:\Program Files\mywebsearch
2008-06-05 23:49:19 228 -r-h----- C:\Program Files\exolon
2008-06-05 23:49:19 234 -r-h----- C:\Program Files\ddr
2008-06-05 23:49:19 236 -r-h----- C:\Program Files\Common Files\nsis
2008-06-05 23:49:19 234 -r-h----- C:\Program Files\arcade!
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\xpfirewall.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\wpwmgrs.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\winvnc.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\wintasker.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\winsyscfg.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\winsys.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\winsvc32.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\winstart.pif
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\winnt.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\wininfo.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\winhlpapi.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\wingmt32.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\winds.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\windowsfirewall.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\windasz-updote.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\win24.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\wid32.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\wfdmgr.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\wfdgmr.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\wdns33.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\w32ntupdt.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\w1nt5k.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\twunk_65.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\timemanager.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\taskgmr32.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\taskgamr.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\tagmr.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\sysconf.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\sword.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\stagmr.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\sp2winfix.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\sp2fx.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\skybot.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\shell.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\service5.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\sd.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\scrigz.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\scalpe91.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\protection.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\plugnplay32.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\picx.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\phantom.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\netcog.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\mtrnqs.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\mssck.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\msplus32.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\msnl.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\msmgrxp.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\msgmr.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\msdev32.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\mouse.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\microupdate.exe
2008-06-05 23:49:18 0 dr-hs---- C:\WINDOWS\system32\memloader.exe
2008-06-05 23:49:17 0 dr-hs---- C:\winssystem.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\unstall.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\winnb60.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\winnb58.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\winnb57.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\winnb56.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\winnb52.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\winnb51.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\winnb42.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\winnb41.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\winnb40.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\windmy.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\winats.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\patch31345.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\osalogbe.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\nn_bar31.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\nn_bar22.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\nn_bar21.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\nn_bar.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\myaccess.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\msapasrc.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\msa64chk.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\microsystem.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\mcscn.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\mailinfo.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\logitechwls.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\logic.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\lienvdk.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\lienvandekelder.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\lientjeuh.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\lien vd kelder.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\lien vande kelder.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\lien Van de kelderrr.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\lien van de kelder.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\lcd32.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\jusched32.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\itunegui.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\hostdrvxp.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\hbmail.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\gothica.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\fixupdattr.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\evil.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\ds.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\dcomuser.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\coolbot.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\ccsrs.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\avpr.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\abs.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\666.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\1hellbot.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\system32\0.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\patch31345.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\msnarrator.exe
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\mrhop.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\mpgcom.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\iempg2.dll
2008-06-05 23:49:17 0 dr-hs---- C:\WINDOWS\iempg.dll
2008-06-05 23:49:17 236 -r-h----- C:\Program Files\support software
2008-06-05 23:49:17 236 -r-h----- C:\Program Files\network essentials
2008-06-05 23:49:17 236 -r-h----- C:\Program Files\medialoads
2008-06-05 23:49:17 236 -r-h----- C:\Program Files\medialoads enhanced
2008-06-05 23:49:17 0 dr-hs---- C:\hellmsn.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\xwrm.exe
2008-06-05 23:49:16 240 -r-h----- C:\WINDOWS\wintrim
2008-06-05 23:49:16 240 -r-h----- C:\WINDOWS\winmgts
2008-06-05 23:49:16 240 -r-h----- C:\WINDOWS\wincomp
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\vtlbar1.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\version.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\updtscheduler.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\tubby.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\toolbar.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\tbc.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\nas.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\msxml4r.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\msklive.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\mseggrpid.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\msegcompid.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\mscache.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\mapisvc32.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\madise.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\keyhost.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\keyactivex.ocx
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\jeired.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\ia.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\gcasctrl.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\egdial.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\egdhtml_1027.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\egdhtml_1026.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\duel.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\dll.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\aupdate_uninstall.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\aupdate.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\system32\adv.dll
2008-06-05 23:49:16 240 -r-h----- C:\WINDOWS\navpmc
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\mscache.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\mscache.dll
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\mmups.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\mm63.ocx
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\mm21.ocx
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\mm20.ocx
2008-06-05 23:49:16 240 -r-h----- C:\WINDOWS\mc
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\istsvc.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\imgurla.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\exedialer.exe
2008-06-05 23:49:16 0 dr-hs---- C:\WINDOWS\a64sddd.exe
2008-06-05 23:49:16 234 -r-h----- C:\Program Files\powersearch
2008-06-05 23:49:16 234 -r-h----- C:\Program Files\perfectnav
2008-06-05 23:49:16 242 -r-h----- C:\Program Files\media gateway
2008-06-05 23:49:16 232 -r-h----- C:\Program Files\md
2008-06-05 23:49:16 228 -r-h----- C:\Program Files\lstsvc
2008-06-05 23:49:16 244 -r-h----- C:\Program Files\kuaiso toolsbar
2008-06-05 23:49:16 242 -r-h----- C:\Program Files\kgb keylogger
2008-06-05 23:49:16 266 -r-h----- C:\Program Files\invisible secrets toolbar
2008-06-05 23:49:16 240 -r-h----- C:\Program Files\instant buzz
2008-06-05 23:49:16 234 -r-h----- C:\Program Files\incredifind
2008-06-05 23:49:16 228 -r-h----- C:\Program Files\ebayshop
2008-06-05 23:49:16 234 -r-h----- C:\Program Files\Common Files\updmgr
2008-06-05 23:49:16 234 -r-h----- C:\Program Files\Common Files\updater
2008-06-05 23:49:16 234 -r-h----- C:\Program Files\Common Files\keenvalue
2008-06-05 23:49:15 232 -r-h----- C:\WINDOWS\wqzq
2008-06-05 23:49:15 0 dr-hs---- C:\WINDOWS\winobject.dll
2008-06-05 23:49:15 0 dr-hs---- C:\WINDOWS\wdskctl.exe
2008-06-05 23:49:15 232 -r-h-----
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP