Jump to content


Photo

lots of problems


  • This topic is locked This topic is locked
9 replies to this topic

#1 Marasgal

Marasgal

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 29 May 2007 - 04:11 AM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:05:29 AM, on 5/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\program files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\jim.JIM-EF2A2CE683A\Desktop\HiJackThis_v2.exe

O2 - BHO: (no name) - {0D86DAF5-D7EA-4D47-9668-954A9397C5D2} - \
O2 - BHO: 0 - {1CF978E0-545F-49F7-568C-9F0F8FD6E9D5} - C:\program files\Windows NT\qufasyfu.dll (file missing)
O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\program files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\ppvdwunl.dll
O2 - BHO: (no name) - {57005CEF-B162-4124-B29C-E724B50CBA76} - C:\program files\Graphics\mesozi.dll (file missing)
O2 - BHO: (no name) - {98551366-D4A6-EE23-DF7C-8DADAF9521B0} - C:\WINDOWS\system32\knlnrxzu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AED4C851-DA9A-4084-B142-00FA39F9A922} - C:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [Tsre] "C:\DOCUME~1\JIM~1.JIM\APPLIC~1\MANTEC~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [Bior] "C:\Documents and Settings\jim.JIM-EF2A2CE683A\My Documents\?racle\d?xplore.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\program files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\program files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\program files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\program files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1180423242812
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: awtqrst - awtqrst.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 6101 bytes


I have run SBSD, Avast, SUPERAntiSpyware, Webroot Spy Sweeper, AVG Anti-Virus (Ewido is part of it, or at least it says it is), Ad-Aware. I still cant seem to get rid of everything. I get through running everything, I restart the PC and seems like all the problems come back in full force. So I can use any help you can offer. Thanks.

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 31 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Angelfire777

Angelfire777

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 437 posts

Posted 02 June 2007 - 08:01 AM

Hi, welcome to SWI

Download combofix.exe

1. Double click combofix.exe & follow the prompts.
2. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

#4 Marasgal

Marasgal

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 02 June 2007 - 01:53 PM

"jim" - 2007-06-02 13:41:12 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\program files\Mozilla Firefox\"


((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))


2007-06-02 13:31 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-02 13:28 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-01 14:00 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-01 14:00 <DIR> dr-h----- C:\DOCUME~1\JIM~1.JIM\APPLIC~1\SecuROM
2007-06-01 13:58 <DIR> d-------- C:\program files\Games of the Month
2007-05-31 20:42 <DIR> d--h----- C:\program files\InstallShield Installation Information
2007-05-31 20:42 <DIR> d-------- C:\program files\The Adventure Company
2007-05-31 20:42 <DIR> d-------- C:\program files\Common Files\InstallShield
2007-05-31 02:31 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-05-30 00:57 <DIR> d-------- C:\Documents and Settings\JIM~1.JIM\Saved Games
2007-05-30 00:57 <DIR> d-------- C:\DOCUME~1\JIM~1.JIM\Saved Games
2007-05-30 00:57 <DIR> d-------- C:\DOCUME~1\JIM~1.JIM\APPLIC~1\FloodLightGames
2007-05-30 00:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FloodLightGames
2007-05-29 22:55 <DIR> d-------- C:\program files\Virtual Realm Advanced
2007-05-29 16:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\JollyBear
2007-05-29 05:24 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-29 05:24 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-29 05:24 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-29 05:24 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-29 05:24 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-29 05:24 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-29 05:24 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-29 05:24 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-29 05:24 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-29 05:23 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-29 05:23 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-29 05:23 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-29 05:23 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-29 05:23 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-05-29 05:13 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-05-29 04:54 <DIR> d-------- C:\DOCUME~1\JIM~1.JIM\APPLIC~1\Media Player Classic
2007-05-29 04:02 1,060,864 --a------ C:\WINDOWS\system\mfc71.dll
2007-05-29 03:44 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-05-29 02:56 <DIR> d-------- C:\program files\Lavasoft
2007-05-29 02:56 <DIR> d-------- C:\DOCUME~1\JIM~1.JIM\APPLIC~1\Lavasoft
2007-05-29 02:47 1,156 --a------ C:\WINDOWS\mozver.dat
2007-05-29 02:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SUPERAntiSpyware.com
2007-05-29 02:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
2007-05-29 02:28 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-29 02:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-29 02:28 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-29 02:21 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-29 02:21 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-29 02:17 <DIR> d-------- C:\program files\MpcStar
2007-05-29 02:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
2007-05-29 02:13 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-29 02:05 <DIR> d-------- C:\DOCUME~1\JIM~1.JIM\APPLIC~1\Google
2007-05-29 02:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
2007-05-29 02:04 <DIR> d-------- C:\program files\Google
2007-05-29 02:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google Updater
2007-05-28 03:47 <DIR> d-------- C:\program files\SUPERAntiSpyware
2007-05-28 03:47 <DIR> d-------- C:\DOCUME~1\JIM~1.JIM\APPLIC~1\SUPERAntiSpyware.com
2007-05-28 03:45 <DIR> d-------- C:\program files\Common Files\Wise Installation Wizard
2007-05-28 03:44 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-28 03:42 <DIR> d-------- C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Webroot
2007-05-28 03:41 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2007-05-28 03:41 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-05-28 03:41 <DIR> d-------- C:\program files\Webroot
2007-05-28 03:41 <DIR> d-------- C:\DOCUME~1\JIM~1.JIM\APPLIC~1\Webroot
2007-05-28 02:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-05-28 02:09 <DIR> d---s---- C:\Documents and Settings\JIM~1.JIM\UserData
2007-05-28 02:09 <DIR> d---s---- C:\DOCUME~1\JIM~1.JIM\UserData
2007-05-28 01:53 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-05-28 01:53 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-05-28 01:53 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-05-28 01:53 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-05-28 01:53 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-05-28 01:53 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-05-28 01:53 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-05-28 01:53 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-05-28 01:53 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-05-28 01:53 <DIR> d-------- C:\program files\Alwil Software
2007-05-28 01:52 <DIR> d-------- C:\WINDOWS\system32\TQ0
2007-05-28 01:52 <DIR> d-------- C:\WINDOWS\system32\T6
2007-05-28 01:52 <DIR> d-------- C:\WINDOWS\system32\T4
2007-05-28 01:52 <DIR> d-------- C:\WINDOWS\system32\T3
2007-05-28 01:52 <DIR> d-------- C:\WINDOWS\system32\pog
2007-05-28 01:46 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ
2007-05-28 01:46 <DIR> d-------- C:\Temp\0b9
2007-05-28 01:46 <DIR> d-------- C:\Temp
2007-05-28 01:33 110,592 --a------ C:\WINDOWS\system32\drivers\ianswxp.sys
2007-05-28 01:32 81,920 --------- C:\WINDOWS\system32\drivers\iansmsg.dll
2007-05-28 01:32 385,024 --------- C:\WINDOWS\system32\NcsCoLib.dll
2007-05-28 01:32 385,024 --------- C:\WINDOWS\system32\Ncs2DMIX.dll
2007-05-28 01:32 290,816 --------- C:\WINDOWS\system32\Accesor.dll
2007-05-28 01:32 19,456 --------- C:\WINDOWS\system32\drivers\iqvw32.sys
2007-05-28 01:32 135,168 --------- C:\WINDOWS\system32\PRONtObj.dll
2007-05-28 01:32 126,976 --------- C:\WINDOWS\system32\Ncs2InstUtility.dll
2007-05-28 01:31 <DIR> d-------- C:\program files\Intel
2007-05-28 01:31 <DIR> d-------- C:\Intel9.2
2007-05-28 01:18 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-05-28 01:18 <DIR> d-------- C:\program files\Belarc
2007-05-28 01:16 <DIR> d-------- C:\program files\BitComet
2007-05-27 14:51 1,835,008 --ah----- C:\Documents and Settings\JIM~1.JIM\NTUSER.DAT
2007-05-27 14:51 1,835,008 --ah----- C:\DOCUME~1\JIM~1.JIM\NTUSER.DAT
2007-05-27 14:50 786,432 --ah----- C:\DOCUME~1\NETWOR~1.NTA\NTUSER.DAT
2007-05-27 14:50 786,432 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-05-27 14:46 225,280 ---h----- C:\DOCUME~1\DEFAUL~1.WIN\NTUSER.DAT
2007-05-27 14:46 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-05-27 14:45 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1.WIN\DRM
2007-05-27 14:44 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-05-27 14:44 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-05-27 14:44 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-05-27 14:44 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-05-27 14:44 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-27 14:44 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-05-27 14:44 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-05-27 14:44 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-27 14:44 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-27 14:44 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-05-27 14:44 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-05-27 14:44 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-27 14:44 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-05-27 14:44 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-27 14:44 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-27 14:44 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-27 14:44 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-27 14:44 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-05-27 14:44 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-27 14:44 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-05-27 14:44 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-05-27 14:44 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-05-27 14:44 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-27 14:44 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-27 14:44 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-27 14:44 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-05-27 14:44 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-27 14:44 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-27 14:44 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-05-27 14:44 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-27 14:44 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-27 14:44 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-27 14:44 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-05-27 14:44 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-27 14:44 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-05-27 14:44 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-05-27 14:44 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-05-27 14:44 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-05-27 14:44 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-27 14:44 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-27 14:44 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-05-27 14:44 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-27 14:44 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-05-27 14:44 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-05-27 14:44 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-27 14:43 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-27 14:42 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-05-27 14:42 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-05-27 14:42 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-27 14:42 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-05-27 14:42 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-27 14:42 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-27 14:42 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-05-27 14:42 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-27 14:42 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-27 14:42 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-27 14:42 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-27 14:42 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-05-27 14:42 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-27 14:42 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-27 14:42 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-27 14:42 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-05-27 14:42 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-05-27 14:42 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-05-27 14:42 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-05-27 14:42 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-05-27 14:42 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-27 14:42 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-27 14:42 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-05-27 14:42 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-27 14:42 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-05-27 14:42 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-27 14:42 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-05-27 14:42 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-05-27 14:42 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-27 14:42 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-27 14:42 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-05-27 14:42 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-27 14:42 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-27 14:42 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-27 14:42 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-27 14:42 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-05-27 14:42 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-27 14:42 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-05-27 14:42 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-27 14:42 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-27 14:42 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-27 14:42 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-05-27 14:42 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-27 14:42 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-27 14:42 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-05-27 14:42 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-27 14:42 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-27 14:42 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-05-27 14:42 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-27 14:42 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-27 14:42 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-27 14:42 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-05-27 14:42 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-05-27 14:42 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-27 14:42 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-05-27 14:42 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-05-27 14:42 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-27 14:42 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-05-27 14:42 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-27 14:42 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-27 14:42 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-05-27 14:42 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-05-27 14:42 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-05-27 14:42 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-05-27 14:42 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-05-27 14:42 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-05-27 14:42 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-27 14:42 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-27 14:42 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-05-27 14:42 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-27 14:42 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-27 14:42 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-27 14:42 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-05-27 14:42 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-27 14:42 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-27 14:42 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-27 14:42 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-27 14:42 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-05-27 14:42 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-05-27 14:42 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-27 14:42 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-05-27 14:42 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-27 14:42 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-05-27 14:42 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-27 09:37 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-27 09:36 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-27 09:36 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-05-27 09:36 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-05-27 09:35 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-27 09:35 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-05-27 09:35 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2007-05-27 09:34 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-05-27 09:34 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-05-27 09:34 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-05-27 09:34 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-27 09:34 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-05-27 09:34 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-05-27 09:34 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-27 09:34 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-05-27 09:34 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-05-27 09:34 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-05-27 09:34 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-05-27 09:34 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-05-27 09:34 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-05-27 09:34 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-05-27 09:34 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-05-27 09:34 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-05-27 09:34 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-05-27 09:34 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-05-27 09:34 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-05-27 09:34 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-05-27 09:34 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-05-27 09:34 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-05-27 09:34 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-05-27 09:34 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-05-27 09:34 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-05-27 09:34 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-05-27 09:34 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-05-27 09:34 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-05-27 09:34 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-05-27 09:34 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-05-27 09:34 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-05-27 09:34 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-05-27 09:34 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-05-27 09:34 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-05-27 09:34 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-05-27 09:34 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-05-27 09:34 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-05-27 09:34 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-05-27 09:34 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-05-27 09:34 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-27 09:34 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-05-27 09:34 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-27 09:34 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-27 09:34 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-27 09:34 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-05-27 09:34 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-27 09:34 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-27 09:34 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-05-27 09:34 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-05-27 09:34 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-05-27 09:34 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-05-27 09:34 <DIR> dr------- C:\DOCUME~1\ALLUSE~1.WIN\Documents
2007-05-27 04:21 <DIR> d-------- C:\DOCUME~1\jim\APPLIC~1\Media Player Classic
2007-05-27 04:18 786,432 --ah----- C:\DOCUME~1\jim\NTUSER.DAT
2007-05-27 04:17 262,144 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-27 04:17 225,280 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-27 04:17 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-27 04:17 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-27 04:14 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-05-27 04:14 <DIR> d-------- C:\program files\microsoft frontpage
2007-05-27 04:13 225,280 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-27 04:13 0 -rahs---- C:\MSDOS.SYS
2007-05-27 04:13 0 -rahs---- C:\IO.SYS
2007-05-27 04:13 0 --a------ C:\CONFIG.SYS
2007-05-27 04:13 0 --a------ C:\AUTOEXEC.BAT
2007-05-27 04:13 <DIR> d-------- C:\DELL
2007-05-27 04:12 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-05-27 04:12 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-27 04:12 <DIR> d--h----- C:\program files\WindowsUpdate
2007-05-27 04:12 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-27 04:11 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-27 04:11 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-05-27 04:11 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-05-27 04:11 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-05-27 04:11 <DIR> d-------- C:\WINDOWS\srchasst
2007-05-27 04:11 <DIR> d-------- C:\program files\Movie Maker
2007-05-27 04:11 <DIR> d-------- C:\program files\Common Files\MSSoap
2007-05-27 04:10 <DIR> d-------- C:\WINDOWS\Registration
2007-05-27 04:10 <DIR> d-------- C:\program files\Online Services
2007-05-27 04:09 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-05-27 04:09 <DIR> d-------- C:\WINDOWS\system32\Com
2007-05-27 04:09 <DIR> d-------- C:\program files\Windows NT
2007-05-27 04:09 <DIR> d-------- C:\program files\MSN Gaming Zone
2007-05-27 04:09 <DIR> d-------- C:\program files\Messenger
2007-05-26 23:04 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-26 23:04 <DIR> d-------- C:\program files\Common Files\SpeechEngines
2007-05-26 23:04 <DIR> d-------- C:\program files\Common Files\ODBC
2007-05-26 23:03 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-05-26 23:03 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-05-26 23:03 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-05-26 23:02 <DIR> d-------- C:\Documents and Settings
2007-05-26 22:55 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-26 22:55 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-26 22:55 <DIR> dr------- C:\WINDOWS\Web
2007-05-26 22:55 <DIR> d--h----- C:\WINDOWS\inf
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\WinSxS
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\twain_32
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\wins
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\spool
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\ras
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\npp
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\mui
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\IME
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\ias
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\export
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\config
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\3076
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\2052
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\1054
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\1042
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\1041
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\1037
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\1033
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\1031
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\1028
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32\1025
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system32
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\system
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\security
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\Resources
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\repair
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\Provisioning
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\PeerNet
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\pchealth
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\mui
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\msapps
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\msagent
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\Media
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\ime
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\Help
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\dell
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\Debug
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\Cursors
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\Config
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\AppPatch
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS\addins
2007-05-26 22:55 <DIR> d-------- C:\WINDOWS
2007-05-24 13:34 <DIR> d-------- C:\MOVIES
2007-05-24 13:29 <DIR> d-------- C:\MpcStar
2007-05-24 03:02 <DIR> d-------- C:\Downloads
2007-05-23 10:21 <DIR> d-------- C:\bitcomet
2007-05-16 02:36 <DIR> d-------- C:\psp
2007-05-16 02:18 5,135,697 --a------ C:\phedinst.exe
2007-05-16 02:18 <DIR> d-------- C:\VCW VicMan's Photo Editor
2007-05-16 02:00 <DIR> d-------- C:\okcgc
2007-05-14 13:25 <DIR> d-------- C:\program files\Shockwave.com
2007-05-14 13:16 20,718,344 --a------ C:\InstallVirtualVillagers.exe
2007-05-09 01:14 <DIR> d-------- C:\New Folder
2007-05-06 10:15 456,780 --a------ C:\gge908v1.25setup.exe
2007-05-05 23:23 <DIR> d-------- C:\blood
2007-05-02 15:04 <DIR> d-------- C:\thomas2
2007-05-02 01:22 <DIR> d-------- C:\program files\avast
2007-05-02 01:21 13,326,120 --a------ C:\setupeng.exe
2007-05-02 01:04 <DIR> d-------- C:\program files\sbsd
2007-05-02 01:03 5,037,072 --a------ C:\spybotsd14.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-28 18:02:11 -------- d-----w C:\Program Files\Graphics
2007-05-28 06:36:37 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-05-14 19:47:53 -------- d-----w C:\Program Files\Bodog Poker
2007-05-08 07:07:17 158 ----a-w C:\Program Files\Marasgal.dat
2007-04-30 17:22:22 3,729,880 ----a-w C:\BodogPokerClient.exe
2007-04-27 18:33:35 585,728 ----a-w C:\Program Files\FullTiltPoker.exe
2007-04-27 18:33:35 339,968 ----a-w C:\Program Files\FTC_Game.dll
2007-04-25 16:01:42 -------- d-----w C:\Program Files\Cache
2007-04-25 06:33:55 -------- d-----w C:\Program Files\Waves
2007-04-25 06:33:30 10,092,065 ----a-w C:\FullTiltSetup.exe
2007-04-24 23:10:42 6,753,816 ----a-w C:\winamp534_full_emusic-7plus.exe
2007-04-17 19:15:28 61,440 ----a-w C:\Program Files\zlib1.dll
2007-04-17 19:15:28 561,152 ----a-w C:\Program Files\libeay32.dll
2007-04-17 19:15:28 348,160 ----a-w C:\Program Files\MSVCR71.dll
2007-04-17 19:15:28 131,072 ----a-w C:\Program Files\Updater.exe
2007-04-17 19:15:28 122,880 ----a-w C:\Program Files\LibPNG.dll
2007-04-17 19:15:28 118,784 ----a-w C:\Program Files\libjpeg.dll
2007-04-17 19:15:26 106,496 ----a-w C:\Program Files\ssleay32.dll
2007-04-16 10:31:52 359,112 ----a-w C:\LimeWireWin.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0D86DAF5-D7EA-4D47-9668-954A9397C5D2}=\ [2007-06-02 13:41]
{1CF978E0-545F-49F7-568C-9F0F8FD6E9D5}=C:\program files\Windows NT\qufasyfu.dll []
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\program files\BitComet\tools\BitCometBHO_1.1.5.19.dll [2007-05-18 13:17]
{57005CEF-B162-4124-B29C-E724B50CBA76}=C:\program files\Graphics\mesozi.dll []
{98551366-D4A6-EE23-DF7C-8DADAF9521B0}=C:\WINDOWS\system32\knlnrxzu.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-05-31 20:34]
{AED4C851-DA9A-4084-B142-00FA39F9A922}=C:\WINDOWS\system32\gebca.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 10:42]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-11-16 14:38]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tsre"="C:\DOCUME~1\JIM~1.JIM\APPLIC~1\MANTEC~1\mmc.exe" []
"Bior"="C:\Documents and Settings\jim.JIM-EF2A2CE683A\My Documents\?racle\d?xplore.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-29 02:43]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 02:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2007-05-29 02:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrst]
awtqrst.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - HTTPFILTER

Contents of the 'Scheduled Tasks' folder
2007-06-02 05:00:00 C:\WINDOWS\tasks\At1.job
2007-06-02 14:00:00 C:\WINDOWS\tasks\At10.job
2007-06-02 15:00:00 C:\WINDOWS\tasks\At11.job
2007-06-02 16:00:00 C:\WINDOWS\tasks\At12.job
2007-06-02 17:00:00 C:\WINDOWS\tasks\At13.job
2007-06-02 18:00:00 C:\WINDOWS\tasks\At14.job
2007-06-01 19:00:00 C:\WINDOWS\tasks\At15.job
2007-06-01 20:00:00 C:\WINDOWS\tasks\At16.job
2007-06-01 21:00:00 C:\WINDOWS\tasks\At17.job
2007-06-01 22:00:00 C:\WINDOWS\tasks\At18.job
2007-06-01 23:00:00 C:\WINDOWS\tasks\At19.job
2007-06-02 06:00:00 C:\WINDOWS\tasks\At2.job
2007-06-02 00:00:00 C:\WINDOWS\tasks\At20.job
2007-06-02 01:00:00 C:\WINDOWS\tasks\At21.job
2007-06-02 02:00:00 C:\WINDOWS\tasks\At22.job
2007-06-02 03:00:00 C:\WINDOWS\tasks\At23.job
2007-06-02 04:00:00 C:\WINDOWS\tasks\At24.job
2007-06-02 07:00:00 C:\WINDOWS\tasks\At3.job
2007-06-02 08:00:00 C:\WINDOWS\tasks\At4.job
2007-06-02 09:00:00 C:\WINDOWS\tasks\At5.job
2007-06-02 10:00:00 C:\WINDOWS\tasks\At6.job
2007-06-02 11:00:00 C:\WINDOWS\tasks\At7.job
2007-06-02 12:00:00 C:\WINDOWS\tasks\At8.job
2007-06-02 13:00:00 C:\WINDOWS\tasks\At9.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 13:46:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-06-02 13:50:11
C:\ComboFix-quarantined-files.txt ... 2007-06-02 13:50
C:\ComboFix2.txt ... 2007-06-02 13:31

--- E O F ---

#5 Angelfire777

Angelfire777

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 437 posts

Posted 04 June 2007 - 12:29 AM

Hi,

Update AVG Anti-Spyware
  • From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Exit AVG Anti-Spyware. DO NOT scan yet.
Download ATF Cleaner by Atribune

Do not use it yet.
_______________

*Look in your control panels add/remove programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga


*Download and run this uninstaller:
http://www.outerinfo...Uninstaller.exe

Tutorial for the uninstaller if needed

Reboot when done.


*A few optionals that I would recommend be uninstalled.

BitComet
This program is very likely the reason your system is infected with malware. Even when a program like this is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove this program from your system.

Bodog Poker
FullTiltPoker

If you do not play these poker games, I recommend that you uninstall them from your system because the sites in which these games are loaded sometimes serve as vectors for malware to get in your system.

*Reboot
______________

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O2 - BHO: (no name) - {0D86DAF5-D7EA-4D47-9668-954A9397C5D2} - \
O2 - BHO: 0 - {1CF978E0-545F-49F7-568C-9F0F8FD6E9D5} - C:\program files\Windows NT\qufasyfu.dll (file missing)
O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\ppvdwunl.dll
O2 - BHO: (no name) - {57005CEF-B162-4124-B29C-E724B50CBA76} - C:\program files\Graphics\mesozi.dll (file missing)
O2 - BHO: (no name) - {98551366-D4A6-EE23-DF7C-8DADAF9521B0} - C:\WINDOWS\system32\knlnrxzu.dll (file missing)
O2 - BHO: (no name) - {AED4C851-DA9A-4084-B142-00FA39F9A922} - C:\WINDOWS\system32\gebca.dll (file missing)
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [Tsre] "C:\DOCUME~1\JIM~1.JIM\APPLIC~1\MANTEC~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [Bior] "C:\Documents and Settings\jim.JIM-EF2A2CE683A\My Documents\?racle\d?xplore.exe"
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O20 - Winlogon Notify: awtqrst - awtqrst.dll (file missing)
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)


Fix the following entries if you uninstalled BitComet:

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\program files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\program files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\program files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\program files\BitComet\BitComet.exe/AddAllLink.htm


Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
______________

You may want to print these instructions here or save them in notepad since you'll work offline.

Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

*Configure your machine to view hidden files:

Windows XP
  • Click Start.
  • Open My Computer..
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the "Hidden files and folders" heading select Show hidden files and folders.
  • Uncheck the Hide Protected Operating System Files Option.
  • Click Yes to confirm.
  • Click OK.
*Click start > run > copy and paste this command:

sc delete "Net Agent"


*Using Windows Explorer, delete these files:

C:\WINDOWS\system32\ppvdwunl.dll
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\system32\awtqrst.dll

*Delete these folders:

C:\Documents and Settings\jim.JIM-EF2A2CE683A\APPLICation data\MANTEC <<The name of this folder starts with MANTEC
C:\Documents and Settings\jim.JIM-EF2A2CE683A\My Documents\?racle <<The ? in the name may represent any letter or number, usually, this folder will be the last folder listed in the My Documents folder.

*Delete these folders and file if you uninstalled BitComet:

C:\program files\BitComet
C:\bitcomet
C:\WINDOWS\system32\BitCometRes.dll

*Delete the following files/folders if you uninstalled the corresponding poker program for them.

C:\Program Files\Bodog Poker
C:\BodogPokerClient.exe
C:\Program Files\FullTiltPoker.exe
C:\Program Files\FTC_Game.dll
C:\FullTiltSetup.exe

Do you know what the following folders are for?

C:\WINDOWS\system32\TQ0
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\pog
C:\WINDOWS\system32\T1QaSQ
C:\okcgc

If not, double click on each of them and try to locate a file if there are any then right click it then click properties and see if you can get information on its vendor. Post back with the information about the vendor if you find any. If the folders doesn't seem to have any files, you may delete them.

C:\LimeWireWin.exe
I also see that you have downloaded the setup for limewire but for some reason it is still not installed in your machine. I recommend that you do not use it anymore as it is a risk on your machine i you use it, like BitComet but Limewire is worse. Delete the setup above if you decide that you'll not need limewire.

Empty your recycle bin.
_______________

Important: Make sure all your browsers are closed before running ATF Cleaner..
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose:Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE:If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

*Please run AVG AntiSpyware, and run a full scan as follow:

IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning process.
  • Launch AVG AntiSpyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save Report As" button in the lower left hand of the screen and save it to a text file on your system. (Make sure to remember where you saved that file, this is important).
  • Close AVG AntiSpyware.
  • Reboot to normal mode.
On your next reply, please post a fresh HijackThis log, AVG Antispyware log and a description on how your machine is running.

Edited by Angelfire777, 04 June 2007 - 12:31 AM.


#6 Marasgal

Marasgal

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 04 June 2007 - 04:25 AM

hijackthis report -
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:11:11 AM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jim.JIM-EF2A2CE683A\Desktop\HiJackThis_v2.exe
C:\program files\Mozilla Firefox\firefox.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\program files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1180423242812
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosun...load/p3xset.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 3960 bytes



AVG Report -

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:03:51 AM 6/4/2007

+ Scan result:



HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B409B043-9B4B-4056-9F3A-B586DD94B423}\RP4\A0003273.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B409B043-9B4B-4056-9F3A-B586DD94B423}\RP4\A0003274.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B409B043-9B4B-4056-9F3A-B586DD94B423}\RP4\A0003275.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B409B043-9B4B-4056-9F3A-B586DD94B423}\RP4\A0003276.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B409B043-9B4B-4056-9F3A-B586DD94B423}\RP4\A0003277.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B409B043-9B4B-4056-9F3A-B586DD94B423}\RP4\A0003286.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\NOTEDAD.EXE.vir -> Downloader.VB.ahq : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\mp43.exe.vir -> Downloader.VB.ahq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B409B043-9B4B-4056-9F3A-B586DD94B423}\RP8\A0003867.EXE -> Downloader.VB.ahq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B409B043-9B4B-4056-9F3A-B586DD94B423}\RP8\A0003868.exe -> Downloader.VB.ahq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B409B043-9B4B-4056-9F3A-B586DD94B423}\RP10\A0004689.exe -> Trojan.VB.nhr : Cleaned with backup (quarantined).
C:\WINDOWS\system32\T1QaSQ\T1QaSQ1065.exe -> Trojan.VB.nhr : Cleaned with backup (quarantined).


::Report end


of the files you wanted information on -

C:/OKCGC <--- This was just a files of pictures I had made awhile back, moved it to my Documents folder.

all but one of the other files (T1QaSQ) had something in it.

This was the information I found when i looked at its properties

T1QaSQ
Original File Name: T1QaSQ1065.exe

Product Name: T20070510

Product Version: 1.00

(I did a little Google search for T1QaSQ1065.exe and it looks like it MIGHT be a(n) adware file, but I will let you decide that for sure. So I will leave it til you say other wise)

#7 Angelfire777

Angelfire777

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 437 posts

Posted 05 June 2007 - 08:42 PM

Hi,

(I did a little Google search for T1QaSQ1065.exe and it looks like it MIGHT be a(n) adware file, but I will let you decide that for sure. So I will leave it til you say other wise)


Yes indeed it is a malware. AVG Antispyware detected it:

C:\WINDOWS\system32\T1QaSQ\T1QaSQ1065.exe


Please delete this folder too: C:\WINDOWS\system32\T1QaSQ

Empty your recycle bin.
________________

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.

Reboot then tell me how's your machine running.

#8 Marasgal

Marasgal

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 06 June 2007 - 01:03 PM

i think i am running good now, no pop ups lately, but I have also only been running Foxfire.

I think my problems are fixed now and I thank you very much for your time and efforts.

Next time I will be a bit more careful when typing a URL and make sure its the correct URL before I hit enter. Thats where this all started, I was watching TV and thought I typed in google, but when I turned around to look at the screen, that when I seen the little pop up window for WinAntiVirus. I had JUST reinstalled window cause my old HD died, and I was going to google to get all my virus protection, so I was running on the net naked so to say. So now I have made copies of my Virus protection software and have them safely stashed away.

#9 Angelfire777

Angelfire777

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 437 posts

Posted 07 June 2007 - 06:10 AM

Congratulations! I'm happy to hear that :)

Configure Windows Xp to hide system files:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading, select Do not show hidden files and folders.
  • Check the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.
_______________________
This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.

Firewall Application - Although Windows Xp comes with a firewall, you should not rely on it because the Windows Firewall can only filter incoming data; outgoing traffic is not controlled, meaning that malware/viruses that are present in your computer can access the internet with no restrictions. There are several other Firewall that can protect you better by filtering incoming and outgoing data. Make sure you get only one of these.

ZoneAlarm
Kerio

Install SpyWare Blaster
~You can download it from here
~You can read the tutorial on how to use Spyware Blaster here

IESpyAds
~You can download it from here
~If you want to know how IEspyads work you can take a look at it here
~Please note that IESpyAds only works with Internet Explorer.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

Happy safe surfing!

#10 Angelfire777

Angelfire777

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 437 posts

Posted 02 July 2007 - 06:59 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button