[zillagod]

can someone please help! i cant get rid of dyfuca and moneytree. they seem to be downloading trojans and worms. norton keeps finding them.explorer closes randomly.i cant run explorer in safe mode to scan. help!! Logfile of HijackThis v1.99.1
Scan saved at 2:15:17 PM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\zillah\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[Advertisements]

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.
Your log is not showing me much, so let's get a look at a more detailed log.


Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

[Buckeye_Sam]

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.
Your log is not showing me much, so let's get a look at a more detailed log.


Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

[zillagod]

thank you for responding here is my combofix log zillah - 06-08-23 0:45:55.19
ComboFix 06.08.18 - Running from: C:\Documents and Settings\zillah\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((( Files Created from 2006-07-23 to 2006-08-23 ))))))))))))))))))))))))))))))))))


2006-08-22 16:17 13,844 C:\WINDOWS\system32\qdklfyif.exe
2006-08-22 15:57 13,844 C:\WINDOWS\system32\hujhcqcb.exe
2006-08-22 15:40 13,844 C:\WINDOWS\system32\utkjqttq.exe
2006-08-22 14:07 13,844 C:\WINDOWS\system32\pbagbkht.exe
2006-08-22 14:06 13,844 C:\WINDOWS\system32\jasogknr.exe
2006-08-22 13:16 13,844 C:\WINDOWS\system32\tfpglutn.exe
2006-08-22 04:03 13,844 C:\WINDOWS\system32\phuikacx.exe
2006-08-22 03:24 13,844 C:\WINDOWS\system32\fkoijclk.exe
2006-08-22 02:23 13,844 C:\WINDOWS\system32\ietqmjkv.exe
2006-08-22 02:11 13,844 C:\WINDOWS\system32\eqiiotpi.exe
2006-08-22 02:04 13,844 C:\WINDOWS\system32\abveaxrp.exe
2006-08-22 01:39 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-08-22 01:39 13,312 C:\WINDOWS\system32\irclass.dll
2006-08-22 01:00 13,844 C:\WINDOWS\system32\dndsitsl.exe
2006-08-22 00:53 13,844 C:\WINDOWS\system32\hwdkfiwr.exe
2006-08-22 00:42 13,844 C:\WINDOWS\system32\teynlsol.exe
2006-08-22 00:32 13,844 C:\WINDOWS\system32\tjcwlbrj.exe
2006-08-21 22:06 13,844 C:\WINDOWS\system32\dapmymaw.exe
2006-08-21 22:04 13,844 C:\WINDOWS\system32\nltvtbfe.exe
2006-08-21 21:39 13,844 C:\WINDOWS\system32\ifabdyji.exe
2006-08-21 21:26 13,844 C:\WINDOWS\system32\gvkuaamv.exe
2006-08-21 20:54 13,844 C:\WINDOWS\system32\wrvgaoue.exe
2006-08-21 20:49 46,352 C:\WINDOWS\setdebug.exe
2006-08-21 20:49 313,856 C:\WINDOWS\system32\dx3j.dll
2006-08-21 20:49 171,280 C:\WINDOWS\system32\jit.dll
2006-08-21 20:49 139,536 C:\WINDOWS\system32\javaee.dll
2006-08-21 20:48 945,424 C:\WINDOWS\system32\msjava.dll
2006-08-21 20:48 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-08-21 20:48 49,424 C:\WINDOWS\system32\clspack.exe
2006-08-21 20:48 404,752 C:\WINDOWS\system32\javart.dll
2006-08-21 20:48 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-08-21 20:48 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-08-21 20:48 187,152 C:\WINDOWS\system32\javacypt.dll
2006-08-21 20:48 172,304 C:\WINDOWS\system32\jview.exe
2006-08-21 20:48 171,792 C:\WINDOWS\system32\wjview.exe
2006-08-21 20:48 154,896 C:\WINDOWS\system32\msawt.dll
2006-08-21 20:48 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-08-21 20:48 113 C:\WINDOWS\system32\zonedon.reg
2006-08-21 20:48 113 C:\WINDOWS\system32\zonedoff.reg
2006-08-21 20:46 13,844 C:\WINDOWS\system32\lmapgfth.exe
2006-08-21 20:43 13,844 C:\WINDOWS\system32\yokmaibp.exe
2006-08-21 20:39 529,086 C:\WINDOWS\system32\twabc.ini2
2006-08-21 20:20 6,656 C:\WINDOWS\system32\wuauserv.dll
2006-08-21 20:20 382,464 C:\WINDOWS\system32\qmgr.dll
2006-08-21 20:20 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-08-21 20:20 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-08-21 20:19 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-08-21 20:19 628,224 C:\WINDOWS\system32\catsrvut.dll
2006-08-21 20:19 62,464 C:\WINDOWS\system32\colbact.dll
2006-08-21 20:19 540,160 C:\WINDOWS\system32\comuid.dll
2006-08-21 20:19 501,248 C:\WINDOWS\system32\clbcatq.dll
2006-08-21 20:19 38,912 C:\WINDOWS\system32\cfgbkend.dll
2006-08-21 20:19 229,888 C:\WINDOWS\system32\catsrv.dll
2006-08-21 20:19 185,344 C:\WINDOWS\system32\cmprops.dll
2006-08-21 20:19 183,808 C:\WINDOWS\system32\accwiz.exe
2006-08-21 20:19 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-08-21 20:19 102,912 C:\WINDOWS\system32\clipbrd.exe
2006-08-21 20:19 1,251,840 C:\WINDOWS\system32\comsvcs.dll
2006-08-21 20:18 949,248 C:\WINDOWS\system32\msdtctm.dll
2006-08-21 20:18 93,696 C:\WINDOWS\system32\tscfgwmi.dll
2006-08-21 20:18 90,112 C:\WINDOWS\system32\mtxoci.dll
2006-08-21 20:18 87,176 C:\WINDOWS\system32\rdpwsx.dll
2006-08-21 20:18 81,920 C:\WINDOWS\system32\isign32.dll
2006-08-21 20:18 81,920 C:\WINDOWS\system32\ils.dll
2006-08-21 20:18 73,728 C:\WINDOWS\system32\icwdial.dll
2006-08-21 20:18 69,632 C:\WINDOWS\system32\msconf.dll
2006-08-21 20:18 678,400 C:\WINDOWS\system32\inetcomm.dll
2006-08-21 20:18 67,584 C:\WINDOWS\system32\srclient.dll
2006-08-21 20:18 67,072 C:\WINDOWS\system32\rdshost.exe
2006-08-21 20:18 655,360 C:\WINDOWS\system32\mstscax.dll
2006-08-21 20:18 65,536 C:\WINDOWS\system32\icwphbk.dll
2006-08-21 20:18 62,464 C:\WINDOWS\system32\rdpclip.exe
2006-08-21 20:18 60,416 C:\WINDOWS\system32\remotepg.dll
2006-08-21 20:18 6,144 C:\WINDOWS\system32\msdtc.exe
2006-08-21 20:18 58,880 C:\WINDOWS\system32\msdtclog.dll
2006-08-21 20:18 58,880 C:\WINDOWS\system32\licwmi.dll
2006-08-21 20:18 56,320 C:\WINDOWS\system32\servdeps.dll
2006-08-21 20:18 538,624 C:\WINDOWS\system32\spider.exe
2006-08-21 20:18 48,128 C:\WINDOWS\system32\inetres.dll
2006-08-21 20:18 45,568 C:\WINDOWS\system32\safrslv.dll
2006-08-21 20:18 44,544 C:\WINDOWS\system32\tscupgrd.exe
2006-08-21 20:18 43,520 C:\WINDOWS\system32\safrcdlg.dll
2006-08-21 20:18 43,520 C:\WINDOWS\system32\racpldlg.dll
2006-08-21 20:18 425,472 C:\WINDOWS\system32\msdtcprx.dll
2006-08-21 20:18 407,552 C:\WINDOWS\system32\mstsc.exe
2006-08-21 20:18 4,096 C:\WINDOWS\system32\ksuser.dll
2006-08-21 20:18 343,040 C:\WINDOWS\system32\mspaint.exe
2006-08-21 20:18 34,560 C:\WINDOWS\system32\mnmdd.dll
2006-08-21 20:18 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-08-21 20:18 32,768 C:\WINDOWS\system32\isrdbg32.dll
2006-08-21 20:18 295,424 C:\WINDOWS\system32\termsrv.dll
2006-08-21 20:18 29,696 C:\WINDOWS\system32\safrdm.dll
2006-08-21 20:18 28,672 C:\WINDOWS\system32\nmmkcert.dll
2006-08-21 20:18 274,944 C:\WINDOWS\system32\mstask.dll
2006-08-21 20:18 274,432 C:\WINDOWS\system32\inetcfg.dll
2006-08-21 20:18 252,928 C:\WINDOWS\system32\msoeacct.dll
2006-08-21 20:18 239,104 C:\WINDOWS\system32\srrstr.dll
2006-08-21 20:18 20,480 C:\WINDOWS\system32\qprocess.exe
2006-08-21 20:18 190,976 C:\WINDOWS\system32\schedsvc.dll
2006-08-21 20:18 19,968 C:\WINDOWS\system32\rdpsnd.dll
2006-08-21 20:18 18,944 C:\WINDOWS\system32\qmgrprxy.dll
2006-08-21 20:18 170,496 C:\WINDOWS\system32\srsvc.dll
2006-08-21 20:18 17,408 C:\WINDOWS\system32\mmfutil.dll
2006-08-21 20:18 161,280 C:\WINDOWS\system32\msdtcuiu.dll
2006-08-21 20:18 147,968 C:\WINDOWS\system32\rdchost.dll
2006-08-21 20:18 131,584 C:\WINDOWS\system32\sndrec32.exe
2006-08-21 20:18 13,824 C:\WINDOWS\system32\rdsaddin.exe
2006-08-21 20:18 123,392 C:\WINDOWS\system32\mplay32.exe
2006-08-21 20:18 12,288 C:\WINDOWS\system32\mstinit.exe
2006-08-21 20:18 11,264 C:\WINDOWS\system32\icaapi.dll
2006-08-21 20:18 105,984 C:\WINDOWS\system32\msoert2.dll
2006-08-21 20:17 47,104 C:\WINDOWS\system32\mspmspsv.dll
2006-08-21 20:17 345,088 C:\WINDOWS\system32\hypertrm.dll
2006-08-21 20:17 140,800 C:\WINDOWS\system32\sessmgr.exe
2006-08-21 20:17 14,366 C:\WINDOWS\system32\asfsipc.dll
2006-08-21 20:17 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-08-21 20:03 13,844 C:\WINDOWS\system32\lwaolqbt.exe
2006-08-21 19:49 64,512 C:\WINDOWS\system32\acctres.dll
2006-08-21 19:49 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-08-21 19:49 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-08-21 19:49 11,264 C:\WINDOWS\system32\atrace.dll
2006-08-21 19:47 73,216 C:\WINDOWS\system32\avwav.dll
2006-08-21 19:47 5,632 C:\WINDOWS\system32\write.exe
2006-08-21 19:47 44,544 C:\WINDOWS\system32\hticons.dll
2006-08-21 19:47 35,328 C:\WINDOWS\system32\winchat.exe
2006-08-21 19:47 227,840 C:\WINDOWS\system32\avtapi.dll
2006-08-21 19:47 16,384 C:\WINDOWS\system32\avmeter.dll
2006-08-21 19:47 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-08-21 19:46 9,728 C:\WINDOWS\system32\reset.exe
2006-08-21 19:46 82,432 C:\WINDOWS\system32\comrepl.dll
2006-08-21 19:46 80,384 C:\WINDOWS\system32\charmap.exe
2006-08-21 19:46 605,696 C:\WINDOWS\system32\getuname.dll
2006-08-21 19:46 56,832 C:\WINDOWS\system32\sol.exe
2006-08-21 19:46 55,296 C:\WINDOWS\system32\freecell.exe
2006-08-21 19:46 54,272 C:\WINDOWS\system32\stclient.dll
2006-08-21 19:46 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-08-21 19:46 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-08-21 19:46 4,096 C:\WINDOWS\system32\mtxex.dll
2006-08-21 19:46 33,792 C:\WINDOWS\system32\regini.exe
2006-08-21 19:46 25,600 C:\WINDOWS\system32\comaddin.dll
2006-08-21 19:46 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-08-21 19:46 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-08-21 19:46 20,992 C:\WINDOWS\system32\msg.exe
2006-08-21 19:46 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-08-21 19:46 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-08-21 19:46 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-08-21 19:46 16,384 C:\WINDOWS\system32\tskill.exe
2006-08-21 19:46 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-08-21 19:46 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-08-21 19:46 15,360 C:\WINDOWS\system32\logoff.exe
2006-08-21 19:46 147,456 C:\WINDOWS\system32\comsnap.dll
2006-08-21 19:46 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-08-21 19:46 14,848 C:\WINDOWS\system32\tscon.exe
2006-08-21 19:46 14,848 C:\WINDOWS\system32\shadow.exe
2006-08-21 19:46 126,976 C:\WINDOWS\system32\mshearts.exe
2006-08-21 19:46 119,808 C:\WINDOWS\system32\winmine.exe
2006-08-21 19:46 114,688 C:\WINDOWS\system32\calc.exe
2006-08-21 19:46 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-08-21 19:34 74,752 C:\WINDOWS\system32\storprop.dll
2006-08-21 19:34 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-08-21 19:34 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-08-13 15:07 9,728 C:\WINDOWS\system32\rwnh.dll
2006-08-13 15:07 9,728 C:\WINDOWS\system32\comsdupd.exe
2006-08-13 15:07 10,752 C:\WINDOWS\system32\smtpapi.dll
2006-08-13 15:06 870,784 C:\WINDOWS\system32\ati3d1ag.dll
2006-08-13 15:06 86,016 C:\WINDOWS\system32\mdmxsdk.dll
2006-08-13 15:06 73,832 C:\WINDOWS\system32\slcoinst.dll
2006-08-13 15:06 73,796 C:\WINDOWS\system32\slserv.exe
2006-08-13 15:06 516,768 C:\WINDOWS\system32\ativvaxx.dll
2006-08-13 15:06 397,056 C:\WINDOWS\system32\s3gnb.dll
2006-08-13 15:06 377,984 C:\WINDOWS\system32\ati2dvaa.dll
2006-08-13 15:06 32,866 C:\WINDOWS\system32\slrundll.exe
2006-08-13 15:06 32,866 C:\WINDOWS\slrundll.exe
2006-08-13 15:06 32,768 C:\WINDOWS\system32\ativtmxx.dll
2006-08-13 15:06 32,285 C:\WINDOWS\system32\hsfcisp2.dll
2006-08-13 15:06 286,792 C:\WINDOWS\system32\slextspk.dll
2006-08-13 15:06 229,376 C:\WINDOWS\system32\ati2cqag.dll
2006-08-13 15:06 22,528 C:\WINDOWS\system32\fltmc.exe
2006-08-13 15:06 201,728 C:\WINDOWS\system32\ati2dvag.dll
2006-08-13 15:06 188,508 C:\WINDOWS\system32\slgen.dll
2006-08-13 15:06 16,896 C:\WINDOWS\system32\fltlib.dll
2006-08-13 15:06 1,888,992 C:\WINDOWS\system32\ati3duag.dll
2006-08-13 15:06 1,737,856 C:\WINDOWS\system32\mtxparhd.dll
2006-08-13 13:10 278,927,592 C:\WindowsXP-KB835935-SP2-ENU.exe
2006-08-13 11:03 579,328 C:\sevinst.exe
2006-08-12 04:53 7,168 C:\WINDOWS\system32\remon.sys
2006-08-11 15:27 90,112 C:\WINDOWS\system32\AVASTSS.scr
2006-08-10 00:32 910,511 C:\WINDOWS\system32\twabc.bak2
2006-08-09 04:53 8,192 C:\WINDOWS\system32\bitsprx2.dll
2006-08-09 04:53 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-08-09 04:51 99,840 C:\WINDOWS\system32\_003066_.tmp.dll
2006-08-09 04:51 87,040 C:\WINDOWS\system32\_003030_.tmp.dll
2006-08-09 04:51 671,744 C:\WINDOWS\system32\_003058_.tmp.dll
2006-08-09 04:51 631,808 C:\WINDOWS\system32\_003043_.tmp.dll
2006-08-09 04:51 6,656 C:\WINDOWS\system32\_003052_.tmp.dll
2006-08-09 04:51 558,080 C:\WINDOWS\system32\_003074_.tmp.dll
2006-08-09 04:51 557,056 C:\WINDOWS\system32\_003070_.tmp.dll
2006-08-09 04:51 55,808 C:\WINDOWS\system32\_003042_.tmp.dll
2006-08-09 04:51 375,808 C:\WINDOWS\system32\_003071_.tmp.dll
2006-08-09 04:51 295,936 C:\WINDOWS\system32\_003060_.tmp.dll
2006-08-09 04:51 29,184 C:\WINDOWS\system32\_003068_.tmp.dll
2006-08-09 04:51 258,048 C:\WINDOWS\system32\_003069_.tmp.dll
2006-08-09 04:51 217,088 C:\WINDOWS\system32\_003045_.tmp.dll
2006-08-09 04:51 132,096 C:\WINDOWS\system32\_003021_.tmp.dll
2006-08-09 04:51 101,376 C:\WINDOWS\system32\_003034_.tmp.dll
2006-08-09 04:50 47,104 C:\WINDOWS\system32\_002859_.tmp.dll
2006-08-09 03:38 930,304 C:\WINDOWS\system32\_003062_.tmp.dll
2006-08-09 03:38 668,672 C:\WINDOWS\system32\_003053_.tmp.dll
2006-08-09 03:38 47,104 C:\WINDOWS\system32\_002852_.tmp.dll
2006-08-09 03:38 136,704 C:\WINDOWS\system32\_003035_.tmp.dll
2006-08-09 03:38 132,096 C:\WINDOWS\system32\_003014_.tmp.dll
2006-08-09 03:38 126,976 C:\WINDOWS\system32\_003063_.tmp.dll
2006-08-09 03:38 12,288 C:\WINDOWS\system32\_003061_.tmp.dll
2006-08-09 03:38 1,813,632 C:\WINDOWS\system32\_003023_.tmp.dll
2006-08-08 14:31 522,240 C:\WINDOWS\system32\_003046_.tmp.dll
2006-08-08 14:31 45,568 C:\WINDOWS\system32\_003031_.tmp.dll
2006-08-08 14:31 411,136 C:\WINDOWS\system32\_003038_.tmp.dll
2006-08-08 14:31 132,096 C:\WINDOWS\system32\_003007_.tmp.dll
2006-08-08 14:31 108,544 C:\WINDOWS\system32\_003055_.tmp.dll
2006-08-08 14:31 1,813,632 C:\WINDOWS\system32\_003016_.tmp.dll
2006-08-08 14:30 47,104 C:\WINDOWS\system32\_002845_.tmp.dll
2006-08-08 12:21 573,492 C:\WINDOWS\system32\cbawt.dll
2006-08-08 12:21 468,814 C:\WINDOWS\system32\twabc.bak1
2006-08-06 16:54 1,167 C:\WINDOWS\system32\omnadd96.sys
2006-08-06 16:53 48,167 C:\WINDOWS\system32\VSL05.exe
2006-08-06 16:52 190 C:\WINDOWS\ujejl.dll
2006-08-06 16:47 151,112 C:\WINDOWS\system32\tam32.exe
2006-08-06 16:23 932,864 C:\WINDOWS\system32\_003032_.tmp.dll
2006-08-06 16:23 569,344 C:\WINDOWS\system32\_003048_.tmp.dll
2006-08-06 16:23 54,784 C:\WINDOWS\system32\_003039_.tmp.dll
2006-08-06 16:23 54,272 C:\WINDOWS\system32\_003041_.tmp.dll
2006-08-06 16:23 47,104 C:\WINDOWS\system32\_002838_.tmp.dll
2006-08-06 16:23 132,096 C:\WINDOWS\system32\_003000_.tmp.dll
2006-08-06 16:23 1,813,632 C:\WINDOWS\system32\_003009_.tmp.dll
2006-08-06 16:23 1,813,632 C:\WINDOWS\system32\_003002_.tmp.dll
2006-08-01 02:38 221,184 C:\WINDOWS\system32\wmpns.dll
2006-07-31 19:51 178,408 C:\WINDOWS\system32\muweb.dll
2006-07-31 19:51 127,208 C:\WINDOWS\system32\mucltui.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-23 00:51 911035 ---hs---- C:\WINDOWS\system32\twabc.ini2
2006-08-23 00:51 910964 ---hs---- C:\WINDOWS\system32\twabc.bak2
2006-08-23 00:45 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-22 22:47 -------- d-------- C:\Program Files\eMule
2006-08-22 17:58 -------- d-------- C:\Program Files\Intrigue Learning
2006-08-22 17:48 -------- d-------- C:\Documents and Settings\zillah\Application Data\SmartDraw
2006-08-22 17:40 -------- d-------- C:\Program Files\Spyware Doctor
2006-08-22 17:07 -------- d-------- C:\Documents and Settings\zillah\Application Data\PC Tools
2006-08-22 16:17 13844 --a------ C:\WINDOWS\system32\qdklfyif.exe
2006-08-22 15:57 13844 --a------ C:\WINDOWS\system32\hujhcqcb.exe
2006-08-22 15:49 -------- d-------- C:\Program Files\SmartDraw 7
2006-08-22 15:40 13844 --a------ C:\WINDOWS\system32\utkjqttq.exe
2006-08-22 14:07 13844 --a------ C:\WINDOWS\system32\pbagbkht.exe
2006-08-22 14:06 13844 --a------ C:\WINDOWS\system32\jasogknr.exe
2006-08-22 13:29 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-22 13:16 13844 --a------ C:\WINDOWS\system32\tfpglutn.exe
2006-08-22 04:03 13844 --a------ C:\WINDOWS\system32\phuikacx.exe
2006-08-22 03:24 13844 --a------ C:\WINDOWS\system32\fkoijclk.exe
2006-08-22 02:23 13844 --a------ C:\WINDOWS\system32\ietqmjkv.exe
2006-08-22 02:11 13844 --a------ C:\WINDOWS\system32\eqiiotpi.exe
2006-08-22 02:04 13844 --a------ C:\WINDOWS\system32\abveaxrp.exe
2006-08-22 01:49 -------- d-------- C:\Program Files\Windows Media Player
2006-08-22 01:49 -------- d-------- C:\Program Files\Outlook Express
2006-08-22 01:49 -------- d-------- C:\Program Files\NetMeeting
2006-08-22 01:49 -------- d-------- C:\Program Files\Movie Maker
2006-08-22 01:49 -------- d-------- C:\Program Files\Internet Explorer
2006-08-22 01:49 -------- d-------- C:\Program Files\Common Files\System
2006-08-22 01:47 -------- d-------- C:\Program Files\Windows NT
2006-08-22 01:47 -------- d-------- C:\Program Files\Messenger
2006-08-22 01:00 13844 --a------ C:\WINDOWS\system32\dndsitsl.exe
2006-08-22 00:53 13844 --a------ C:\WINDOWS\system32\hwdkfiwr.exe
2006-08-22 00:42 13844 --a------ C:\WINDOWS\system32\teynlsol.exe
2006-08-22 00:32 13844 --a------ C:\WINDOWS\system32\tjcwlbrj.exe
2006-08-21 22:06 13844 --a------ C:\WINDOWS\system32\dapmymaw.exe
2006-08-21 22:04 13844 --a------ C:\WINDOWS\system32\nltvtbfe.exe
2006-08-21 21:39 13844 --a------ C:\WINDOWS\system32\ifabdyji.exe
2006-08-21 21:26 13844 --a------ C:\WINDOWS\system32\gvkuaamv.exe
2006-08-21 20:54 13844 --a------ C:\WINDOWS\system32\wrvgaoue.exe
2006-08-21 20:46 13844 --a------ C:\WINDOWS\system32\lmapgfth.exe
2006-08-21 20:43 13844 --a------ C:\WINDOWS\system32\yokmaibp.exe
2006-08-21 20:03 13844 --a------ C:\WINDOWS\system32\lwaolqbt.exe
2006-08-21 19:49 -------- d-------- C:\Program Files\Common Files\Services
2006-08-13 13:10 278927592 --a------ C:\WindowsXP-KB835935-SP2-ENU.exe
2006-08-13 11:04 -------- d-------- C:\Program Files\Symantec
2006-08-13 11:04 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-13 11:02 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-08-13 11:02 579328 --a------ C:\sevinst.exe
2006-08-13 11:02 123248 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-08-13 10:48 -------- d-------- C:\Program Files\Symantec_Client_Security
2006-08-12 14:18 779 --a------ C:\Program Files\Common Files\{FC87C860-05B4-1033-0121-031031020001}.rar
2006-08-12 14:18 -------- d-------- C:\Program Files\Common Files
2006-08-12 05:35 7168 --a------ C:\WINDOWS\system32\remon.sys
2006-08-08 12:21 573492 --ah----- C:\WINDOWS\system32\cbawt.dll
2006-08-08 12:21 468814 --ahs---- C:\WINDOWS\system32\twabc.bak1
2006-08-08 09:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-08-06 21:41 -------- d-------- C:\Program Files\PSHope
2006-08-06 17:39 1167 --a------ C:\WINDOWS\system32\omnadd96.sys
2006-08-06 17:33 190 --a------ C:\WINDOWS\ujejl.dll
2006-08-06 16:55 -------- d-------- C:\Program Files\Common Files\mfzz
2006-08-06 16:53 48167 --a------ C:\WINDOWS\system32\VSL05.exe
2006-08-06 16:47 151112 --a------ C:\WINDOWS\system32\tam32.exe
2006-08-05 08:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 08:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 08:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 08:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-08-04 23:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-08-04 15:39 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-04 15:01 398912 --a------ C:\autoruns.exe
2006-08-04 15:01 294912 --a------ C:\autorunsc.exe
2006-08-02 18:57 -------- d-------- C:\Program Files\Sonique
2006-08-02 12:02 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-01 04:11 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-27 15:57 -------- d-------- C:\Program Files\TrojanHunter 4.5
2006-07-20 18:34 -------- d-------- C:\Program Files\ewido anti-malware
2006-07-13 17:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-13 17:02 -------- d-------- C:\Program Files\R.F.Design
2006-07-13 16:53 -------- d-------- C:\Documents and Settings\zillah\Application Data\VoipBuster
2006-07-13 16:10 -------- d---s---- C:\Documents and Settings\zillah\Application Data\Microsoft
2006-07-12 01:25 -------- d-------- C:\Program Files\Electronic Arts
2006-07-10 16:38 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-07-10 16:38 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-07-06 20:13 -------- d-------- C:\Documents and Settings\zillah\Application Data\Help
2006-07-06 01:24 -------- d-------- C:\Program Files\Multiquence
2006-07-05 20:54 -------- d-------- C:\Program Files\Pinnacle
2006-07-05 20:53 -------- d-------- C:\Program Files\SmartSound Software
2006-07-05 20:52 95 --a------ C:\AUTOEXEC.BAT
2006-07-01 11:53 -------- d-------- C:\Program Files\8848Soft
2006-06-25 18:01 -------- d-------- C:\Program Files\WinRAR
2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-06-01 17:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-06-01 17:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-06-01 17:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-01 17:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-06-01 17:22 7618560 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-01 17:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-01 17:22 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-06-01 17:22 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-01 17:22 5246976 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-06-01 17:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-01 17:22 462848 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-06-01 17:22 4529408 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-06-01 17:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-01 17:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-06-01 17:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-01 17:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-06-01 17:22 3100672 --a------ C:\WINDOWS\system32\nvgames.dll
2006-06-01 17:22 2977792 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-06-01 17:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-06-01 17:22 2916352 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-01 17:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-06-01 17:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-01 17:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-06-01 17:22 1740800 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-06-01 17:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-06-01 17:22 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-06-01 17:22 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-06-01 17:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-01 17:22 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-01 17:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-01 17:22 1257472 --a------ C:\WINDOWS\system32\nvwss.dll
2006-06-01 17:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-06-01 17:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mfzz"="C:\\PROGRA~1\\COMMON~1\\mfzz\\mfzzm.exe"
"sdjvv"="C:\\WINDOWS\\System32\\woxcur.exe reg_run"
"PSHope"="\"C:\\Program Files\\PSHope\\PSHope.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mfzz"="C:\\PROGRA~1\\COMMON~1\\mfzz\\mfzzm.exe"
"sdjvv"="C:\\WINDOWS\\System32\\woxcur.exe reg_run"
"PSHope"="\"C:\\Program Files\\PSHope\\PSHope.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^zillah^Start Menu^Programs^Startup^HDDlife.lnk]
"path"="C:\\Documents and Settings\\zillah\\Start Menu\\Programs\\Startup\\HDDlife.lnk"
"backup"="C:\\WINDOWS\\pss\\HDDlife.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\BinarySense\\HDDlife\\HDDlifePro.exe "
"item"="HDDlife"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Cmaudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmicnfg"
"hkey"="HKLM"
"command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\eMuleAutoStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="emule"
"hkey"="HKCU"
"command"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NetZero_uoltray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="exec"
"hkey"="HKCU"
"command"="C:\\Program Files\\NetZero\\exec.exe regrun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\PCBG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pcbodyguard"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\INTRIG~1\\pcbodyguard.exe /start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\\\PSDrvCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Registry Crawler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RCrawler"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\RCrawler\\RCrawler.exe -TRAYONLY"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\spc_w]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nzspc"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\NZSearch\\nzspc.exe\" -w"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\THGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="THGuard"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TrojanHunter 4.5\\THGuard.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\VoipBuster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VoipBuster"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\vptray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vptray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec_Client_Security\\Symantec AntiVirus\\vptray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Win Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oleupdate"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\oleupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbawt


Completion time: Wed 08/23/2006 0:52:42.88
ComboFix.txt
ComboFix2.txt

[zillagod]

// removed double post

Edited by Buckeye_Sam, 23 August 2006 - 07:05 AM.

[Buckeye_Sam]

Now I can see some issues.



Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

[zillagod]

vundofix says it didnt find anything but i ran the symantec version of it a couple of days ago and this is the log from then i dont know if this helps or not Symantec Trojan.Vundo Removal Tool 1.5.0
The process "iexplore.exe" might be affected by the threat. It cannot be terminated.
The process "iexplore.exe" might be affected by the threat. It has been terminated.

C:\Documents and Settings\kelly\Desktop\Beach Boys Masters\Vol.9\Beach Boys - Unsurpassed Masters Volume 9 (Disc 2) - The Alternate 'Summer Days (And Summer Nights)\Beach Boys - Unsurpassed Masters Volume 9 (Disc 2) - The Alternate 'Summer Days (And Summer Nights).m3u (WARNING: not scanned, path to long)
C:\Documents and Settings\kelly\Desktop\Beach Boys Masters\Vol.9\Beach Boys - Unsurpassed Masters Volume 9 (Disc 4) - The Alternate 'Summer Days (And Summer Nights)'\Beach Boys - Unsurpassed Masters Volume 9 (Disc 4) - The Alternate 'Summer Days (And Summer Nights)'.m3u (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)

Trojan.Vundo has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 134357
The number of deleted files: 0
The number of viral processes terminated: 1
The number of viral threads terminated: 0
The number of registry entries fixed: 0

[Buckeye_Sam]

What version of Vundofix do you have?

Please post the contents of C:\vundofix.txt and a new HiJackThis log

[zillagod]

i got it from the symantec removal tools page http://www.symantec....-112210-3747-99 i ran it a couple of days ago the one i downloaded off this page isnt finding anything or giving a log

Edited by zillagod, 23 August 2006 - 06:17 PM.

[zillagod]

i'm sorry, my mistake it did give me a log here it is

Beginning removal...

VundoFix V5.1.7

Checking Java version...

Java version is 1.5.0.6

Scan started at 2:46:23 PM 8/23/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V5.1.7

Checking Java version...

Java version is 1.5.0.6

Scan started at 3:06:29 PM 8/23/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V5.1.7

Checking Java version...

Java version is 1.5.0.6

Scan started at 3:07:29 PM 8/23/2006

Listing files found while scanning....

No infected files were found.

[Buckeye_Sam]

That is an old version of Vundofix. Please delete it from your computer and then follow these steps.



Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

[zillagod]

VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.6

Scan started at 5:32:01 AM 8/24/2006

Listing files found while scanning....

C:\WINDOWS\system32\cbawt.dll
C:\WINDOWS\system32\twabc.ini
C:\WINDOWS\system32\twabc.bak1
C:\WINDOWS\system32\twabc.bak2
C:\WINDOWS\system32\twabc.ini2
C:\WINDOWS\system32\twabc.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbawt.dll
C:\WINDOWS\system32\cbawt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\twabc.ini
C:\WINDOWS\system32\twabc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\twabc.bak1
C:\WINDOWS\system32\twabc.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\twabc.bak2
C:\WINDOWS\system32\twabc.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\twabc.ini2
C:\WINDOWS\system32\twabc.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\twabc.tmp
C:\WINDOWS\system32\twabc.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V5.1.7

Checking Java version...

Java version is 1.5.0.6

Scan started at 5:40:02 AM 8/24/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...
Logfile of HijackThis v1.99.1
Scan saved at 5:49:08 AM, on 8/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\zillah\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

[Buckeye_Sam]

That looks better!


Please open up Ewido Anti-spyware

• On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close Ewido anti-spyware, Do Not run a scan just yet, we will shortly.

You may want to print out these instructions as the rest of this fix will take place in safe mode.

• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Clean out your Temporary Internet files
• Close Internet Explorer and quit any instances of Windows Explorer.
• Click Start -> Control Panel and then double-click Internet Options.
• On the General tab, click Delete Files under Temporary Internet Files.
• In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
• On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
• Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
• Click OK.

IMPORTANT: Close all windows and do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:

• Lauch Ewido-anti-spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• Ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close Ewido and reboot your system back into Normal Mode and post the results of the Ewido scan report along with a new Combofix log.

[zillagod]

+ Created at: 3:53:26 AM 8/25/2006

+ Scan result:



HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Error during cleaning.
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Error during cleaning.
C:\WINDOWS\system32\abveaxrp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dapmymaw.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dndsitsl.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\eqiiotpi.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\evntxqvk.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fkoijclk.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gvkuaamv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hujhcqcb.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hwdkfiwr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ietqmjkv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ifabdyji.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jasogknr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lhjtlhsu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lmapgfth.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lwaolqbt.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mdferhsk.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nltvtbfe.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pbagbkht.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\phuikacx.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qdklfyif.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\teynlsol.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tfpglutn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tjcwlbrj.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\utkjqttq.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vnvgytnb.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wrvgaoue.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wsgknnyv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yiijmqbg.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ymcpxpcg.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yokmaibp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).


::Report end

zillah - 06-08-25 3:59:14.09
ComboFix 06.08.18 - Running from: C:\Documents and Settings\zillah\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-25 to 2006-08-25 ))))))))))))))))))))))))))))))))))


2006-08-24 14:14 970,752 C:\WINDOWS\system32\cdintf210.dll
2006-08-24 05:37 1,492 C:\WINDOWSvundofix.reg
2006-08-23 20:03 172,688 C:\FxNetOpt.exe
2006-08-22 01:39 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-08-22 01:39 13,312 C:\WINDOWS\system32\irclass.dll
2006-08-21 20:49 46,352 C:\WINDOWS\setdebug.exe
2006-08-21 20:49 313,856 C:\WINDOWS\system32\dx3j.dll
2006-08-21 20:49 171,280 C:\WINDOWS\system32\jit.dll
2006-08-21 20:49 139,536 C:\WINDOWS\system32\javaee.dll
2006-08-21 20:48 945,424 C:\WINDOWS\system32\msjava.dll
2006-08-21 20:48 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-08-21 20:48 49,424 C:\WINDOWS\system32\clspack.exe
2006-08-21 20:48 404,752 C:\WINDOWS\system32\javart.dll
2006-08-21 20:48 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-08-21 20:48 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-08-21 20:48 187,152 C:\WINDOWS\system32\javacypt.dll
2006-08-21 20:48 172,304 C:\WINDOWS\system32\jview.exe
2006-08-21 20:48 171,792 C:\WINDOWS\system32\wjview.exe
2006-08-21 20:48 154,896 C:\WINDOWS\system32\msawt.dll
2006-08-21 20:48 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-08-21 20:48 113 C:\WINDOWS\system32\zonedon.reg
2006-08-21 20:48 113 C:\WINDOWS\system32\zonedoff.reg
2006-08-21 20:20 6,656 C:\WINDOWS\system32\wuauserv.dll
2006-08-21 20:20 382,464 C:\WINDOWS\system32\qmgr.dll
2006-08-21 20:20 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-08-21 20:20 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-08-21 20:19 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-08-21 20:19 628,224 C:\WINDOWS\system32\catsrvut.dll
2006-08-21 20:19 62,464 C:\WINDOWS\system32\colbact.dll
2006-08-21 20:19 540,160 C:\WINDOWS\system32\comuid.dll
2006-08-21 20:19 501,248 C:\WINDOWS\system32\clbcatq.dll
2006-08-21 20:19 38,912 C:\WINDOWS\system32\cfgbkend.dll
2006-08-21 20:19 229,888 C:\WINDOWS\system32\catsrv.dll
2006-08-21 20:19 185,344 C:\WINDOWS\system32\cmprops.dll
2006-08-21 20:19 183,808 C:\WINDOWS\system32\accwiz.exe
2006-08-21 20:19 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-08-21 20:19 102,912 C:\WINDOWS\system32\clipbrd.exe
2006-08-21 20:19 1,251,840 C:\WINDOWS\system32\comsvcs.dll
2006-08-21 20:18 949,248 C:\WINDOWS\system32\msdtctm.dll
2006-08-21 20:18 93,696 C:\WINDOWS\system32\tscfgwmi.dll
2006-08-21 20:18 90,112 C:\WINDOWS\system32\mtxoci.dll
2006-08-21 20:18 87,176 C:\WINDOWS\system32\rdpwsx.dll
2006-08-21 20:18 81,920 C:\WINDOWS\system32\isign32.dll
2006-08-21 20:18 81,920 C:\WINDOWS\system32\ils.dll
2006-08-21 20:18 73,728 C:\WINDOWS\system32\icwdial.dll
2006-08-21 20:18 69,632 C:\WINDOWS\system32\msconf.dll
2006-08-21 20:18 678,400 C:\WINDOWS\system32\inetcomm.dll
2006-08-21 20:18 67,584 C:\WINDOWS\system32\srclient.dll
2006-08-21 20:18 67,072 C:\WINDOWS\system32\rdshost.exe
2006-08-21 20:18 655,360 C:\WINDOWS\system32\mstscax.dll
2006-08-21 20:18 65,536 C:\WINDOWS\system32\icwphbk.dll
2006-08-21 20:18 62,464 C:\WINDOWS\system32\rdpclip.exe
2006-08-21 20:18 60,416 C:\WINDOWS\system32\remotepg.dll
2006-08-21 20:18 6,144 C:\WINDOWS\system32\msdtc.exe
2006-08-21 20:18 58,880 C:\WINDOWS\system32\msdtclog.dll
2006-08-21 20:18 58,880 C:\WINDOWS\system32\licwmi.dll
2006-08-21 20:18 56,320 C:\WINDOWS\system32\servdeps.dll
2006-08-21 20:18 538,624 C:\WINDOWS\system32\spider.exe
2006-08-21 20:18 48,128 C:\WINDOWS\system32\inetres.dll
2006-08-21 20:18 45,568 C:\WINDOWS\system32\safrslv.dll
2006-08-21 20:18 44,544 C:\WINDOWS\system32\tscupgrd.exe
2006-08-21 20:18 43,520 C:\WINDOWS\system32\safrcdlg.dll
2006-08-21 20:18 43,520 C:\WINDOWS\system32\racpldlg.dll
2006-08-21 20:18 425,472 C:\WINDOWS\system32\msdtcprx.dll
2006-08-21 20:18 407,552 C:\WINDOWS\system32\mstsc.exe
2006-08-21 20:18 4,096 C:\WINDOWS\system32\ksuser.dll
2006-08-21 20:18 343,040 C:\WINDOWS\system32\mspaint.exe
2006-08-21 20:18 34,560 C:\WINDOWS\system32\mnmdd.dll
2006-08-21 20:18 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-08-21 20:18 32,768 C:\WINDOWS\system32\isrdbg32.dll
2006-08-21 20:18 295,424 C:\WINDOWS\system32\termsrv.dll
2006-08-21 20:18 29,696 C:\WINDOWS\system32\safrdm.dll
2006-08-21 20:18 28,672 C:\WINDOWS\system32\nmmkcert.dll
2006-08-21 20:18 274,944 C:\WINDOWS\system32\mstask.dll
2006-08-21 20:18 274,432 C:\WINDOWS\system32\inetcfg.dll
2006-08-21 20:18 252,928 C:\WINDOWS\system32\msoeacct.dll
2006-08-21 20:18 239,104 C:\WINDOWS\system32\srrstr.dll
2006-08-21 20:18 20,480 C:\WINDOWS\system32\qprocess.exe
2006-08-21 20:18 190,976 C:\WINDOWS\system32\schedsvc.dll
2006-08-21 20:18 19,968 C:\WINDOWS\system32\rdpsnd.dll
2006-08-21 20:18 18,944 C:\WINDOWS\system32\qmgrprxy.dll
2006-08-21 20:18 170,496 C:\WINDOWS\system32\srsvc.dll
2006-08-21 20:18 17,408 C:\WINDOWS\system32\mmfutil.dll
2006-08-21 20:18 161,280 C:\WINDOWS\system32\msdtcuiu.dll
2006-08-21 20:18 147,968 C:\WINDOWS\system32\rdchost.dll
2006-08-21 20:18 131,584 C:\WINDOWS\system32\sndrec32.exe
2006-08-21 20:18 13,824 C:\WINDOWS\system32\rdsaddin.exe
2006-08-21 20:18 123,392 C:\WINDOWS\system32\mplay32.exe
2006-08-21 20:18 12,288 C:\WINDOWS\system32\mstinit.exe
2006-08-21 20:18 11,264 C:\WINDOWS\system32\icaapi.dll
2006-08-21 20:18 105,984 C:\WINDOWS\system32\msoert2.dll
2006-08-21 20:17 47,104 C:\WINDOWS\system32\mspmspsv.dll
2006-08-21 20:17 345,088 C:\WINDOWS\system32\hypertrm.dll
2006-08-21 20:17 140,800 C:\WINDOWS\system32\sessmgr.exe
2006-08-21 20:17 14,366 C:\WINDOWS\system32\asfsipc.dll
2006-08-21 20:17 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-08-21 19:49 64,512 C:\WINDOWS\system32\acctres.dll
2006-08-21 19:49 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-08-21 19:49 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-08-21 19:49 11,264 C:\WINDOWS\system32\atrace.dll
2006-08-21 19:47 73,216 C:\WINDOWS\system32\avwav.dll
2006-08-21 19:47 5,632 C:\WINDOWS\system32\write.exe
2006-08-21 19:47 44,544 C:\WINDOWS\system32\hticons.dll
2006-08-21 19:47 35,328 C:\WINDOWS\system32\winchat.exe
2006-08-21 19:47 227,840 C:\WINDOWS\system32\avtapi.dll
2006-08-21 19:47 16,384 C:\WINDOWS\system32\avmeter.dll
2006-08-21 19:47 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-08-21 19:46 9,728 C:\WINDOWS\system32\reset.exe
2006-08-21 19:46 82,432 C:\WINDOWS\system32\comrepl.dll
2006-08-21 19:46 80,384 C:\WINDOWS\system32\charmap.exe
2006-08-21 19:46 605,696 C:\WINDOWS\system32\getuname.dll
2006-08-21 19:46 56,832 C:\WINDOWS\system32\sol.exe
2006-08-21 19:46 55,296 C:\WINDOWS\system32\freecell.exe
2006-08-21 19:46 54,272 C:\WINDOWS\system32\stclient.dll
2006-08-21 19:46 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-08-21 19:46 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-08-21 19:46 4,096 C:\WINDOWS\system32\mtxex.dll
2006-08-21 19:46 33,792 C:\WINDOWS\system32\regini.exe
2006-08-21 19:46 25,600 C:\WINDOWS\system32\comaddin.dll
2006-08-21 19:46 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-08-21 19:46 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-08-21 19:46 20,992 C:\WINDOWS\system32\msg.exe
2006-08-21 19:46 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-08-21 19:46 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-08-21 19:46 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-08-21 19:46 16,384 C:\WINDOWS\system32\tskill.exe
2006-08-21 19:46 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-08-21 19:46 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-08-21 19:46 15,360 C:\WINDOWS\system32\logoff.exe
2006-08-21 19:46 147,456 C:\WINDOWS\system32\comsnap.dll
2006-08-21 19:46 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-08-21 19:46 14,848 C:\WINDOWS\system32\tscon.exe
2006-08-21 19:46 14,848 C:\WINDOWS\system32\shadow.exe
2006-08-21 19:46 126,976 C:\WINDOWS\system32\mshearts.exe
2006-08-21 19:46 119,808 C:\WINDOWS\system32\winmine.exe
2006-08-21 19:46 114,688 C:\WINDOWS\system32\calc.exe
2006-08-21 19:46 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-08-21 19:34 74,752 C:\WINDOWS\system32\storprop.dll
2006-08-21 19:34 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-08-21 19:34 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-08-13 15:07 9,728 C:\WINDOWS\system32\rwnh.dll
2006-08-13 15:07 9,728 C:\WINDOWS\system32\comsdupd.exe
2006-08-13 15:07 10,752 C:\WINDOWS\system32\smtpapi.dll
2006-08-13 15:06 870,784 C:\WINDOWS\system32\ati3d1ag.dll
2006-08-13 15:06 86,016 C:\WINDOWS\system32\mdmxsdk.dll
2006-08-13 15:06 73,832 C:\WINDOWS\system32\slcoinst.dll
2006-08-13 15:06 73,796 C:\WINDOWS\system32\slserv.exe
2006-08-13 15:06 516,768 C:\WINDOWS\system32\ativvaxx.dll
2006-08-13 15:06 397,056 C:\WINDOWS\system32\s3gnb.dll
2006-08-13 15:06 377,984 C:\WINDOWS\system32\ati2dvaa.dll
2006-08-13 15:06 32,866 C:\WINDOWS\system32\slrundll.exe
2006-08-13 15:06 32,866 C:\WINDOWS\slrundll.exe
2006-08-13 15:06 32,768 C:\WINDOWS\system32\ativtmxx.dll
2006-08-13 15:06 32,285 C:\WINDOWS\system32\hsfcisp2.dll
2006-08-13 15:06 286,792 C:\WINDOWS\system32\slextspk.dll
2006-08-13 15:06 229,376 C:\WINDOWS\system32\ati2cqag.dll
2006-08-13 15:06 22,528 C:\WINDOWS\system32\fltmc.exe
2006-08-13 15:06 201,728 C:\WINDOWS\system32\ati2dvag.dll
2006-08-13 15:06 188,508 C:\WINDOWS\system32\slgen.dll
2006-08-13 15:06 16,896 C:\WINDOWS\system32\fltlib.dll
2006-08-13 15:06 1,888,992 C:\WINDOWS\system32\ati3duag.dll
2006-08-13 15:06 1,737,856 C:\WINDOWS\system32\mtxparhd.dll
2006-08-13 11:03 579,328 C:\sevinst.exe
2006-08-12 04:53 7,168 C:\WINDOWS\system32\remon.sys
2006-08-11 15:27 90,112 C:\WINDOWS\system32\AVASTSS.scr
2006-08-09 04:53 8,192 C:\WINDOWS\system32\bitsprx2.dll
2006-08-09 04:53 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-08-09 04:51 99,840 C:\WINDOWS\system32\_003066_.tmp.dll
2006-08-09 04:51 87,040 C:\WINDOWS\system32\_003030_.tmp.dll
2006-08-09 04:51 671,744 C:\WINDOWS\system32\_003058_.tmp.dll
2006-08-09 04:51 631,808 C:\WINDOWS\system32\_003043_.tmp.dll
2006-08-09 04:51 6,656 C:\WINDOWS\system32\_003052_.tmp.dll
2006-08-09 04:51 558,080 C:\WINDOWS\system32\_003074_.tmp.dll
2006-08-09 04:51 557,056 C:\WINDOWS\system32\_003070_.tmp.dll
2006-08-09 04:51 55,808 C:\WINDOWS\system32\_003042_.tmp.dll
2006-08-09 04:51 375,808 C:\WINDOWS\system32\_003071_.tmp.dll
2006-08-09 04:51 295,936 C:\WINDOWS\system32\_003060_.tmp.dll
2006-08-09 04:51 29,184 C:\WINDOWS\system32\_003068_.tmp.dll
2006-08-09 04:51 258,048 C:\WINDOWS\system32\_003069_.tmp.dll
2006-08-09 04:51 217,088 C:\WINDOWS\system32\_003045_.tmp.dll
2006-08-09 04:51 132,096 C:\WINDOWS\system32\_003021_.tmp.dll
2006-08-09 04:51 101,376 C:\WINDOWS\system32\_003034_.tmp.dll
2006-08-09 04:50 47,104 C:\WINDOWS\system32\_002859_.tmp.dll
2006-08-09 03:38 930,304 C:\WINDOWS\system32\_003062_.tmp.dll
2006-08-09 03:38 668,672 C:\WINDOWS\system32\_003053_.tmp.dll
2006-08-09 03:38 47,104 C:\WINDOWS\system32\_002852_.tmp.dll
2006-08-09 03:38 136,704 C:\WINDOWS\system32\_003035_.tmp.dll
2006-08-09 03:38 132,096 C:\WINDOWS\system32\_003014_.tmp.dll
2006-08-09 03:38 126,976 C:\WINDOWS\system32\_003063_.tmp.dll
2006-08-09 03:38 12,288 C:\WINDOWS\system32\_003061_.tmp.dll
2006-08-09 03:38 1,813,632 C:\WINDOWS\system32\_003023_.tmp.dll
2006-08-08 14:31 522,240 C:\WINDOWS\system32\_003046_.tmp.dll
2006-08-08 14:31 45,568 C:\WINDOWS\system32\_003031_.tmp.dll
2006-08-08 14:31 411,136 C:\WINDOWS\system32\_003038_.tmp.dll
2006-08-08 14:31 132,096 C:\WINDOWS\system32\_003007_.tmp.dll
2006-08-08 14:31 108,544 C:\WINDOWS\system32\_003055_.tmp.dll
2006-08-08 14:31 1,813,632 C:\WINDOWS\system32\_003016_.tmp.dll
2006-08-08 14:30 47,104 C:\WINDOWS\system32\_002845_.tmp.dll
2006-08-06 16:54 1,167 C:\WINDOWS\system32\omnadd96.sys
2006-08-06 16:53 48,167 C:\WINDOWS\system32\VSL05.exe
2006-08-06 16:52 190 C:\WINDOWS\ujejl.dll
2006-08-06 16:47 151,112 C:\WINDOWS\system32\tam32.exe
2006-08-06 16:23 932,864 C:\WINDOWS\system32\_003032_.tmp.dll
2006-08-06 16:23 569,344 C:\WINDOWS\system32\_003048_.tmp.dll
2006-08-06 16:23 54,784 C:\WINDOWS\system32\_003039_.tmp.dll
2006-08-06 16:23 54,272 C:\WINDOWS\system32\_003041_.tmp.dll
2006-08-06 16:23 47,104 C:\WINDOWS\system32\_002838_.tmp.dll
2006-08-06 16:23 132,096 C:\WINDOWS\system32\_003000_.tmp.dll
2006-08-06 16:23 1,813,632 C:\WINDOWS\system32\_003009_.tmp.dll
2006-08-06 16:23 1,813,632 C:\WINDOWS\system32\_003002_.tmp.dll
2006-08-01 02:38 221,184 C:\WINDOWS\system32\wmpns.dll
2006-07-31 19:51 178,408 C:\WINDOWS\system32\muweb.dll
2006-07-31 19:51 127,208 C:\WINDOWS\system32\mucltui.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-25 03:58 -------- d-------- C:\Program Files\eMule
2006-08-25 01:34 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-24 14:58 -------- d---s---- C:\Documents and Settings\zillah\Application Data\Microsoft
2006-08-24 14:54 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-24 14:25 -------- d-------- C:\Program Files\The Print Shop 20
2006-08-24 14:14 -------- d-------- C:\Program Files\Web Publish
2006-08-24 14:11 -------- d-------- C:\Program Files\Common Files\Broderbund
2006-08-24 14:10 -------- d-------- C:\Program Files\Common Files
2006-08-24 05:37 1492 --a------ C:\WINDOWSvundofix.reg
2006-08-24 05:13 84028 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2006-08-24 04:45 -------- d-------- C:\Program Files\Internet Explorer
2006-08-24 04:16 -------- d-------- C:\Program Files\WinRAR
2006-08-23 20:03 172688 --a------ C:\FxNetOpt.exe
2006-08-23 01:17 -------- d-------- C:\Documents and Settings\zillah\Application Data\SmartDraw
2006-08-22 17:58 -------- d-------- C:\Program Files\Intrigue Learning
2006-08-22 15:49 -------- d-------- C:\Program Files\SmartDraw 7
2006-08-22 01:49 -------- d-------- C:\Program Files\Windows Media Player
2006-08-22 01:49 -------- d-------- C:\Program Files\Outlook Express
2006-08-22 01:49 -------- d-------- C:\Program Files\NetMeeting
2006-08-22 01:49 -------- d-------- C:\Program Files\Movie Maker
2006-08-22 01:49 -------- d-------- C:\Program Files\Common Files\System
2006-08-22 01:47 -------- d-------- C:\Program Files\Windows NT
2006-08-22 01:47 -------- d-------- C:\Program Files\Messenger
2006-08-21 19:49 -------- d-------- C:\Program Files\Common Files\Services
2006-08-13 11:04 -------- d-------- C:\Program Files\Symantec
2006-08-13 11:04 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-13 11:02 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-08-13 11:02 579328 --a------ C:\sevinst.exe
2006-08-13 11:02 123248 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-08-13 10:48 -------- d-------- C:\Program Files\Symantec_Client_Security
2006-08-12 14:18 779 --a------ C:\Program Files\Common Files\{FC87C860-05B4-1033-0121-031031020001}.rar
2006-08-12 05:35 7168 --a------ C:\WINDOWS\system32\remon.sys
2006-08-08 09:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-08-06 21:41 -------- d-------- C:\Program Files\PSHope
2006-08-06 17:39 1167 --a------ C:\WINDOWS\system32\omnadd96.sys
2006-08-06 17:33 190 --a------ C:\WINDOWS\ujejl.dll
2006-08-06 16:55 -------- d-------- C:\Program Files\Common Files\mfzz
2006-08-06 16:53 48167 --a------ C:\WINDOWS\system32\VSL05.exe
2006-08-06 16:47 151112 --a------ C:\WINDOWS\system32\tam32.exe
2006-08-05 08:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 08:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 08:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 08:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-08-04 23:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-08-04 15:39 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-04 15:01 398912 --a------ C:\autoruns.exe
2006-08-04 15:01 294912 --a------ C:\autorunsc.exe
2006-08-02 18:57 -------- d-------- C:\Program Files\Sonique
2006-08-02 12:02 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-01 04:11 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-27 15:57 -------- d-------- C:\Program Files\TrojanHunter 4.5
2006-07-20 18:34 -------- d-------- C:\Program Files\ewido anti-malware
2006-07-13 17:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-13 17:02 -------- d-------- C:\Program Files\R.F.Design
2006-07-13 16:53 -------- d-------- C:\Documents and Settings\zillah\Application Data\VoipBuster
2006-07-12 01:25 -------- d-------- C:\Program Files\Electronic Arts
2006-07-06 20:13 -------- d-------- C:\Documents and Settings\zillah\Application Data\Help
2006-07-06 01:24 -------- d-------- C:\Program Files\Multiquence
2006-07-05 20:54 -------- d-------- C:\Program Files\Pinnacle
2006-07-05 20:53 -------- d-------- C:\Program Files\SmartSound Software
2006-07-05 20:52 95 --a------ C:\AUTOEXEC.BAT
2006-07-01 11:53 -------- d-------- C:\Program Files\8848Soft
2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-06-01 17:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-06-01 17:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-06-01 17:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-01 17:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-06-01 17:22 7618560 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-01 17:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-01 17:22 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-06-01 17:22 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-01 17:22 5246976 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-06-01 17:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-01 17:22 462848 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-06-01 17:22 4529408 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-06-01 17:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-01 17:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-06-01 17:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-01 17:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-06-01 17:22 3100672 --a------ C:\WINDOWS\system32\nvgames.dll
2006-06-01 17:22 2977792 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-06-01 17:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-06-01 17:22 2916352 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-01 17:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-06-01 17:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-01 17:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-06-01 17:22 1740800 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-06-01 17:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-06-01 17:22 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-06-01 17:22 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-06-01 17:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-01 17:22 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-01 17:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-01 17:22 1257472 --a------ C:\WINDOWS\system32\nvwss.dll
2006-06-01 17:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-06-01 17:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mfzz"="C:\\PROGRA~1\\COMMON~1\\mfzz\\mfzzm.exe"
"sdjvv"="C:\\WINDOWS\\System32\\woxcur.exe reg_run"
"PSHope"="\"C:\\Program Files\\PSHope\\PSHope.exe\""

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mfzz"="C:\\PROGRA~1\\COMMON~1\\mfzz\\mfzzm.exe"
"sdjvv"="C:\\WINDOWS\\System32\\woxcur.exe reg_run"
"PSHope"="\"C:\\Program Files\\PSHope\\PSHope.exe\""

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^zillah^Start Menu^Programs^Startup^HDDlife.lnk]
"path"="C:\\Documents and Settings\\zillah\\Start Menu\\Programs\\Startup\\HDDlife.lnk"
"backup"="C:\\WINDOWS\\pss\\HDDlife.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\BinarySense\\HDDlife\\HDDlifePro.exe "
"item"="HDDlife"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Cmaudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmicnfg"
"hkey"="HKLM"
"command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\eMuleAutoStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="emule"
"hkey"="HKCU"
"command"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NetZero_uoltray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="exec"
"hkey"="HKCU"
"command"="C:\\Program Files\\NetZero\\exec.exe regrun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\PCBG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pcbodyguard"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\INTRIG~1\\pcbodyguard.exe /start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\\\PSDrvCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Registry Crawler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RCrawler"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\RCrawler\\RCrawler.exe -TRAYONLY"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\spc_w]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nzspc"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\NZSearch\\nzspc.exe\" -w"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\THGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="THGuard"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TrojanHunter 4.5\\THGuard.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\VoipBuster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VoipBuster"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\vptray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vptray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec_Client_Security\\Symantec AntiVirus\\vptray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Win Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oleupdate"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\oleupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"inimapping"="0"



Completion time: Fri 08/25/2006 4:01:09.59
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

[Buckeye_Sam]

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  
  
  C:\WINDOWS\system32\remon.sys
  C:\WINDOWS\System32\woxcur.exe
  C:\WINDOWS\System32\oleupdate.exe
  C:\PROGRA~1\COMMON~1\mfzz\mfzzm.exe
  C:\Program Files\Common Files\{FC87C860-05B4-1033-0121-031031020001}.rar
  
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
  
  If your computer does not restart automatically, please restart it manually.
  
  
• After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
• Post this log in your next reply.

Delete these folders.

C:\Program Files\Common Files\{FC87C860-05B4-1033-0121-031031020001}
C:\Program Files\Common Files\mfzz
C:\Program Files\PSHope


==========


Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

[zillagod]

Pocket Killbox version 2.0.0.648
Running on Windows XP as zillah(Administrator)
was started @ Friday, August 25, 2006, 2:43 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\remon.sys


# 2 [Delete on Reboot]
Path = C:\Program Files\Common Files\{FC87C860-05B4-1033-0121-031031020001}.rar


I Rebooted @ 2:46:52 PM
Killbox Closed(Exit) @ 2:46:58 PM
Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\{FC87C860-05B4-1033-0121-031031020001}.rar[{FC87C860-05B4-1033-0121-031031020001}\services.dll]
Logfile of HijackThis v1.99.1
Scan saved at 3:49:44 PM, on 8/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\MSPUB.EXE
C:\Documents and Settings\zillah\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe