Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Adware.virtumonde


  • This topic is locked This topic is locked
2 replies to this topic

#1 Buran

Buran

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 21 April 2008 - 12:56 PM

Hi, I have made many attempts to rid my NEW computer (1 day old) that I just built, of this virus/spyware/malware/whatever this is, and nothing has worked yet. I have NOD32 set up, and have scanned my computer a few times using the full scan. That hasn't worked, all it has really done is popped this message up 10-20 seconds or so:

Object:
c:\windows\system32\nnnomji.dll
Threat:
Win32/Adware.Vurtumonde application
Information:
cleaned by deleting (after the next restart) - quarantined

In Nod32, I am currently at a rate of 6% infected (31069 infected objects for 445952 scanned objects).

I also scanned and removed many things with SpyBot S&D (twice, back to back) and Ad Aware. Neither has resolved the problems I am having. I still have virtumonde on my computer after S&D said it had removed it twice.

I have a blue background on my desktop that is always being refreshed in the event that I decided to remove the webpage from my background which reads:

Warning: Spyware threat has been detected on your PC.

Your computer has several fatal errors due to spyware activity. It is strongly recommended to install an antispyware software to close all security vulnerabilities.


Then there is a link that says "CLICK HERE TO SCAN YOUR PC FOR SPYWARE... (embedded link: <hxxp://winsecuritysolutions.com/?aid=444.0)">

Even without clicking anything, it will open one of those winsecuritysolutions websites at a random time (while typing this!).

I also get the yellow caution triangle-symbol in my system tray. It pops up messages: "Your computer is working slowly. Due to spyware yadda yadda yadda, download here, etc. etc." All of the pop up urge me to do a FULL SYSTEM SCAN... obviously trying get me to click something to download more viruses, etc.

On top of that, it seems my computer's keyboard has been hacked or something! Even being very careful, characters are being missed. Pressing ctrl+alt+delete to see processes running? "Task manager has been disabled by your administrator".

Thanks for reading, here is the main.txt and extra.txt:


Deckard's System Scanner v20071014.68
Run by Michael Giller on 2008-04-21 11:59:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2008-04-21 16:59:54 UTC - RP32 - Deckard's System Scanner Restore Point
31: 2008-04-21 06:53:44 UTC - RP31 - Installed Ad-Aware 2007
30: 2008-04-21 04:03:02 UTC - RP30 - Installed ESET NOD32 Antivirus
29: 2008-04-21 04:02:53 UTC - RP29 - Removed ESET Smart Security
28: 2008-04-21 04:00:36 UTC - RP28 - Installed ESET Smart Security


-- First Restore Point --
1: 2008-04-21 01:10:00 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 62.43 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-21 12:01:00
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\winself.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CtHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\EASEUS\Data Recovery Wizard Professional 4.3.6\DRW.exe
C:\Program Files\EASEUS\Data Recovery Wizard Professional 4.3.6\DRW0.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Local Settings\Temporary Internet Files\Content.IE5\GBO0IP6F\dss[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {0D378E71-1EF0-4B27-A82C-51FBB7BB085A} - C:\WINDOWS\system32\vtuut.dll (file missing)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {571CADCE-27D6-419E-9CDD-372943335DBB} - C:\WINDOWS\system32\ddcya.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E3C1CB50-0F01-4F9F-9924-609CA722412B} - C:\WINDOWS\system32\wvwvw.dll (file missing)
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\nnnomji.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [rqtcbsxw] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\rqtcbsxw.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SYS
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ukcbosse] C:\WINDOWS\system32\nanatkzu.exe
O4 - HKLM\..\Policies\Explorer\Run: [hPLo9AgHtT] C:\Documents and Settings\All Users.WINDOWS\Application Data\vkzwtcrw\vgxqlmxk.exe
O4 - HKLM\..\Policies\Explorer\Run: [mhGcRHOKZF] C:\Documents and Settings\All Users.WINDOWS\Application Data\vkzwtcrw\vgxqlmxk.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O20 - Winlogon Notify: nnnomji - C:\WINDOWS\system32\nnnomji.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe


--
End of file - 10950 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CTAudSvcService (Creative Audio Service) - c:\program files\creative\shared files\ctaudsvc.exe <Not Verified; Creative Technology Ltd; Creative Audio Service>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\progra~1\nvidia~1\networ~1\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\winself.exe service
R2 TVersityMediaServer - "c:\program files\tversity\media server\mediaserver.exe"


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_00311102&REV_00\4&25700A26&0&3020
Manufacturer: Creative Technology, Ltd.
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_00311102&REV_00\4&25700A26&0&3020
Service:


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 11:57:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-04-21 11:57:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 11:57:02 0 d-------- C:\WINDOWS\LastGood
2008-04-21 01:54:31 6646 --ahs---- C:\WINDOWS\system32\aycdd.ini2
2008-04-21 01:54:11 274432 --a------ C:\WINDOWS\system32\ddcya.dll
2008-04-21 01:53:49 0 d-------- C:\Program Files\Lavasoft
2008-04-21 01:53:49 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-04-21 01:53:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 01:03:27 2216 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-21 01:02:59 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-21 01:02:58 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-21 01:02:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-21 01:02:58 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-21 01:02:57 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-21 01:02:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-21 00:54:48 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-04-21 00:46:06 13312 --a------ C:\WINDOWS\stcloader.exe
2008-04-21 00:46:06 15104 --a------ C:\WINDOWS\bokja.exe
2008-04-21 00:46:06 11264 --a------ C:\WINDOWS\2020search2.dll
2008-04-21 00:46:06 9216 --a------ C:\WINDOWS\2020search.dll
2008-04-21 00:46:02 18432 --a------ C:\WINDOWS\saiemod.dll
2008-04-21 00:20:23 6914 --ahs---- C:\WINDOWS\system32\wvwvw.ini2
2008-04-21 00:09:37 13824 --a------ C:\WINDOWS\cdsm32.dll
2008-04-20 23:35:47 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-20 23:12:27 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\Macromedia
2008-04-20 23:12:07 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\Adobe
2008-04-20 20:51:44 0 d-------- C:\Programas
2008-04-20 20:47:55 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\ESET
2008-04-20 20:42:05 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-04-20 20:40:19 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\vlc
2008-04-20 20:29:51 25856 --a------ C:\WINDOWS\voiceip.dll
2008-04-20 20:29:51 30464 --a------ C:\WINDOWS\swin32.dll
2008-04-20 20:29:50 10752 --a------ C:\WINDOWS\mssvr.exe
2008-04-20 20:29:50 18688 --a------ C:\WINDOWS\mspphe.dll
2008-04-20 20:29:50 32256 --a------ C:\WINDOWS\bjam.dll
2008-04-20 20:29:42 15360 --a------ C:\WINDOWS\msapasrc.dll
2008-04-20 20:29:41 24832 --a------ C:\WINDOWS\msa64chk.dll
2008-04-20 20:29:40 29184 --a------ C:\WINDOWS\shdocpl.dll
2008-04-20 20:29:39 31232 --a------ C:\WINDOWS\ntnut.exe
2008-04-20 20:29:38 26368 --a------ C:\WINDOWS\shdocpe.dll
2008-04-20 20:29:37 16384 --a------ C:\WINDOWS\winsb.dll
2008-04-20 20:29:37 17408 --a------ C:\WINDOWS\browserad.dll
2008-04-20 20:29:37 10496 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-20 20:29:37 12800 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-20 20:29:37 8448 --a------ C:\WINDOWS\avifile32.dll
2008-04-20 20:29:36 26112 --a------ C:\WINDOWS\autodisc32.dll
2008-04-20 20:29:36 17408 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-20 20:29:36 16384 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-20 20:29:36 29696 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-20 20:29:35 24832 --a------ C:\WINDOWS\athprxy32.dll
2008-04-20 20:29:35 18944 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-20 20:29:34 18688 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-20 20:29:34 23808 --a------ C:\WINDOWS\asferror32.dll
2008-04-20 20:29:34 9984 --a------ C:\WINDOWS\apphelp32.dll
2008-04-20 20:25:23 0 d-------- C:\Program Files\PC-Cleaner
2008-04-20 20:09:50 8142 --ahs---- C:\WINDOWS\system32\tuutv.ini2
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\vbsys2.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\thun32.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\thun.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\temp#01.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\ssvchost.com
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\ssurf022.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-04-20 20:05:30 0 d-------- C:\WINDOWS\system32\smp
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\regc64.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\psof1.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\netode.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\msvchost.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\msnbho.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\medup012.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\emesx.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\awtoolb.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\anticipator.dll
2008-04-20 20:05:30 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-04-20 20:05:16 0 dr------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
2008-04-20 20:05:16 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Google
2008-04-20 20:05:16 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio
2008-04-20 20:05:15 89515 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-20 20:05:15 89515 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-04-20 20:05:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\vkzwtcrw
2008-04-20 20:05:13 192512 --a------ C:\WINDOWS\uhivencl.dll
2008-04-20 20:05:13 0 d-------- C:\WINDOWS\PerfInfo
2008-04-20 20:05:13 0 d-------- C:\WINDOWS\mgwwgmke
2008-04-20 20:05:11 0 d-------- C:\Program Files\EASEUS
2008-04-20 20:04:55 28672 --a------ C:\WINDOWS\winself.exe
2008-04-20 20:04:45 37376 --a------ C:\WINDOWS\system32\nnnomji.dll
2008-04-20 19:29:28 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\Help
2008-04-20 19:23:38 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\Google
2008-04-20 19:05:49 94208 --a------ C:\WINDOWS\system32\cttele32.dll <Not Verified; Creative Technology Ltd; Creative Common Proxy Stud>
2008-04-20 18:57:50 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-20 18:57:49 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-04-20 18:38:53 0 d-------- C:\WINDOWS\network diagnostic
2008-04-20 18:26:54 0 d-------- C:\Program Files\PowerQuest
2008-04-20 17:40:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
2008-04-20 17:40:54 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\Azureus
2008-04-20 17:39:43 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-04-20 17:38:49 25088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-04-20 17:38:49 44032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-04-20 17:38:37 0 d--h----- C:\Program Files\Creative Installation Information
2008-04-20 17:38:37 0 d-------- C:\Program Files\Common Files\Creative
2008-04-20 17:37:31 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-04-20 17:37:31 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-04-20 17:37:29 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\Creative
2008-04-20 17:36:57 0 d-------- C:\WINDOWS\system32\Data
2008-04-20 17:36:56 3072 --a------ C:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-04-20 17:36:56 10240 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-04-20 17:35:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Creative
2008-04-20 17:34:33 0 d-------- C:\Program Files\Creative
2008-04-20 17:33:32 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\Sun
2008-04-20 17:33:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-04-20 17:28:41 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-20 17:28:40 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-20 17:14:42 0 d-------- C:\Program Files\DIFX
2008-04-20 17:14:39 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-20 17:14:08 0 d-------- C:\WINDOWS\system32\Lang
2008-04-20 17:12:05 49152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2008-04-20 17:11:41 0 d-------- C:\WINDOWS\system32\RTCOM
2008-04-20 17:10:21 0 d-------- C:\Program Files\Realtek
2008-04-20 17:10:18 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-20 17:10:18 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-20 01:55:54 22 --a------ C:\WINDOWS\FileName
2008-04-20 01:55:33 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-20 01:55:03 1732 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-04-20 01:54:04 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\InstallShield
2008-04-20 01:53:11 10288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-04-20 01:51:50 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\Identities
2008-04-20 01:51:39 0 d--h----- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Templates
2008-04-20 01:51:39 0 dr------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Start Menu
2008-04-20 01:51:39 0 dr-h----- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\SendTo
2008-04-20 01:51:39 0 dr-h----- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Recent
2008-04-20 01:51:39 0 d--h----- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\PrintHood
2008-04-20 01:51:39 2883584 --ah----- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\NTUSER.DAT
2008-04-20 01:51:39 0 d--h----- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\NetHood
2008-04-20 01:51:39 0 dr------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\My Documents
2008-04-20 01:51:39 0 d--h----- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Local Settings
2008-04-20 01:51:39 0 dr------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Favorites
2008-04-20 01:51:39 0 d-------- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Desktop
2008-04-20 01:51:39 0 d--hs---- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Cookies
2008-04-20 01:51:39 0 dr-h----- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data
2008-04-20 01:50:52 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-20 01:50:49 262144 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-04-20 01:50:49 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-04-20 01:50:49 0 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-04-20 01:50:49 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-04-20 01:50:49 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-04-20 01:50:36 262144 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2008-04-20 01:50:36 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2008-04-20 01:50:36 0 d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2008-04-20 01:50:36 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2008-04-20 01:50:36 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2008-04-20 01:48:07 225280 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2008-04-20 01:47:05 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-04-20 01:45:44 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-19 13:10:24 0 d-------- C:\$WIN_NT$.~BT
2008-04-19 13:10:14 0 d-------- C:\WINDOWS\setupupd
2008-04-19 13:02:53 0 d-------- C:\SP2
2008-04-19 12:50:54 0 d-------- C:\WINDOWS\setup.pss
2008-04-19 12:36:37 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-04-19 12:35:55 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 12:17:04 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-04-19 11:56:12 0 d-------- C:\WINDOWS\WinRAR
2008-04-19 10:37:45 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
2008-04-19 10:37:45 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
2008-04-19 10:37:45 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2008-04-19 10:37:45 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2008-04-19 10:37:45 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
2008-04-19 10:37:45 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
2008-04-19 10:37:45 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
2008-04-19 10:37:45 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2008-04-19 10:37:45 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
2008-04-19 10:37:45 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
2008-04-19 10:37:45 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2008-04-19 10:37:45 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
2008-04-19 10:37:45 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2008-04-19 10:37:45 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
2008-04-19 10:37:45 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-04-19 10:37:45 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
2008-04-19 10:36:02 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2008-04-19 10:36:02 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2008-04-19 10:36:02 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2008-04-19 10:36:02 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-04-19 10:30:40 0 d-------- C:\WINDOWS\Provisioning
2008-04-19 10:30:40 0 d-------- C:\WINDOWS\PeerNet
2008-04-19 01:16:19 0 d-------- C:\Program Files\ffdshow
2008-04-19 01:12:30 0 d-------- C:\Program Files\QuickTime
2008-04-19 01:12:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-19 01:12:23 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-19 01:12:22 0 d-------- C:\Program Files\Apple Software Update
2008-04-19 01:12:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-19 00:58:23 0 d-------- C:\Program Files\Xilisoft
2008-04-19 00:58:21 0 d-------- C:\Program Files\WinAVI MP4 Converter
2008-04-19 00:58:16 0 d-------- C:\Program Files\VideoLAN
2008-04-19 00:58:15 0 d-------- C:\Program Files\USBToolbox
2008-04-19 00:58:14 0 d-------- C:\Program Files\UltraISO
2008-04-19 00:58:14 0 d-------- C:\Program Files\TVersity Codec Pack
2008-04-19 00:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-19 00:53:48 0 d-------- C:\WINDOWS\Sun
2008-04-19 00:53:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-19 00:53:29 0 d-------- C:\Program Files\Google
2008-04-19 00:52:52 0 d-------- C:\Program Files\Common Files\Java
2008-04-19 00:51:30 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-19 00:48:56 0 d-------- C:\Program Files\TVersity
2008-04-19 00:48:56 0 d-------- C:\Program Files\TradeStation Archives
2008-04-19 00:48:41 0 d-------- C:\Program Files\TradeStation 8.2 (Build 3894)
2008-04-19 00:48:31 0 d-------- C:\Program Files\TradeStation 8.1 (Build 3264)
2008-04-19 00:48:29 0 d-------- C:\Program Files\Total Video Converter
2008-04-19 00:47:51 0 d-------- C:\Program Files\River Past
2008-04-19 00:47:16 0 d-------- C:\Program Files\Red Kawa
2008-04-19 00:47:01 0 d-------- C:\Program Files\The Rosetta Stone
2008-04-19 00:45:53 0 d-------- C:\Program Files\Safari
2008-04-19 00:45:29 0 d-------- C:\Program Files\PowerISO
2008-04-19 00:45:26 0 d-------- C:\Program Files\Pegasys Inc
2008-04-19 00:45:17 0 d-------- C:\Program Files\PATS JTrader Client
2008-04-19 00:45:12 0 d-------- C:\Program Files\PeerGuardian2
2008-04-19 00:44:47 0 d-------- C:\Program Files\MP4Converter
2008-04-19 00:44:13 0 d-------- C:\Program Files\Java
2008-04-19 00:44:09 0 d-------- C:\Program Files\Matroska Pack
2008-04-19 00:44:05 0 d-------- C:\Program Files\MagicISO
2008-04-19 00:44:01 0 d-------- C:\Program Files\iTunes
2008-04-19 00:43:51 0 d-------- C:\Program Files\iPod
2008-04-19 00:43:40 0 d-------- C:\Program Files\hp LaserJet 1000
2008-04-19 00:43:33 0 d-------- C:\Program Files\Haali
2008-04-19 00:43:12 0 d-------- C:\Program Files\DivX
2008-04-19 00:43:05 0 d-------- C:\Program Files\CyberLink
2008-04-19 00:42:53 0 d-------- C:\Program Files\Cucusoft
2008-04-19 00:42:23 0 d-------- C:\Program Files\Canon
2008-04-19 00:42:18 0 d-------- C:\Program Files\Azureus
2008-04-19 00:23:10 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-04-19 00:20:11 0 d-------- C:\WINDOWS\ASUSInstAll
2008-04-19 00:19:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-19 00:18:18 0 d-------- C:\Program Files\NVIDIA Corporation
2008-04-19 00:18:05 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-19 00:17:35 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-19 00:16:43 0 d-------- C:\WINDOWS\nview
2008-04-18 23:41:03 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-18 23:23:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-18 23:20:00 0 d-------- C:\Old Hard Drive C (20 GB)
2008-04-18 22:49:41 0 d--hs---- C:\WINDOWS\Installer
2008-04-18 22:48:43 0 d--hs---- C:\System Volume Information
2008-04-18 22:48:42 0 d-------- C:\WINDOWS\Prefetch
2008-04-18 22:48:42 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-18 22:48:42 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-18 22:48:42 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-18 22:48:42 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-18 22:48:42 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-18 22:48:41 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-18 22:48:41 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-18 22:48:41 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-18 22:48:41 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-18 22:48:41 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-18 22:44:37 0 d-------- C:\WINDOWS\system32\xircom
2008-04-18 22:44:37 0 d-------- C:\Program Files\microsoft frontpage
2008-04-18 22:43:56 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-18 22:43:53 0 d-------- C:\DELL
2008-04-18 22:43:40 0 -rahs---- C:\MSDOS.SYS
2008-04-18 22:43:40 0 -rahs---- C:\IO.SYS
2008-04-18 22:43:40 0 --a------ C:\CONFIG.SYS
2008-04-18 22:43:40 0 --a------ C:\AUTOEXEC.BAT
2008-04-18 22:43:02 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-18 22:42:56 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-18 22:42:56 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-18 22:42:40 0 d-------- C:\WINDOWS\srchasst
2008-04-18 22:42:34 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-18 22:42:34 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-18 22:42:25 0 d-------- C:\Program Files\Movie Maker
2008-04-18 22:42:06 0 d-------- C:\WINDOWS\system32\Restore
2008-04-18 22:42:02 0 d-------- C:\WINDOWS\PCHEALTH
2008-04-18 22:41:58 0 d---s---- C:\WINDOWS\Tasks
2008-04-18 22:41:55 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-18 22:41:22 0 d-------- C:\WINDOWS\Registration
2008-04-18 22:41:17 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-18 22:41:17 0 d-------- C:\Program Files\Online Services
2008-04-18 22:41:12 0 d-------- C:\Program Files\Messenger
2008-04-18 22:41:06 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-18 22:40:58 0 d-------- C:\Program Files\Windows NT
2008-04-18 22:40:49 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-18 22:40:48 0 d-------- C:\WINDOWS\system32\Com
2008-04-18 17:36:27 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-18 17:36:25 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-18 17:36:24 0 dr------- C:\Program Files
2008-04-18 17:36:24 0 d-------- C:\Program Files\Common Files
2008-04-18 17:36:06 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-18 17:36:06 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-18 17:36:06 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-18 17:36:06 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-18 17:36:06 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-18 17:36:06 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-18 17:36:06 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-18 17:36:06 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-18 17:36:06 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-18 17:36:06 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-18 17:36:06 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-18 17:36:06 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-18 17:36:06 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-18 17:36:06 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-18 17:36:06 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-18 17:36:06 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-18 17:35:31 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-18 17:35:31 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-18 17:35:26 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-18 17:35:26 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-18 17:35:26 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-18 17:35:26 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-18 17:35:16 0 d-------- C:\Documents and Settings
2008-04-18 17:32:31 0 d-------- C:\WINDOWS
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\WinSxS
2008-04-18 17:32:31 0 dr------- C:\WINDOWS\Web
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\twain_32
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\wins
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\wbem
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\usmt
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\spool
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\Setup
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\ras
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\oobe
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\npp
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\mui
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\IME
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\ias
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\export
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\drivers
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-18 17:32:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\config
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\3076
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\2052
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\1054
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\1042
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\1041
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\1037
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\1033
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\1031
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\1028
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system32\1025
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\system
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\security
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\Resources
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\repair
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\mui
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\msapps
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\msagent
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\Media
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\java
2008-04-18 17:32:31 0 d--h----- C:\WINDOWS\inf
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\ime
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\Help
2008-04-18 17:32:31 0 dr--s---- C:\WINDOWS\Fonts
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\Driver Cache
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\Debug
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\Cursors
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\Config
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\AppPatch
2008-04-18 17:32:31 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-04-19 10:37:45 62 --ahs---- C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data\desktop.ini
2008-02-20 21:00:12 43520 --a------ C:\WINDOWS\system32\CTBurst.dll <Not Verified; ; CTBurst Module>
2008-02-20 20:59:14 34816 --a------ C:\WINDOWS\system32\a3d.dll <Not Verified; ; a3dx5>
2008-02-20 20:59:02 27648 --a------ C:\WINDOWS\system32\ac3api.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:58:50 35840 --a------ C:\WINDOWS\system32\CTxfiBtn.dll <Not Verified; Creative Technology Ltd; CTXFIBTN Dynamic Link Library>
2008-02-20 20:58:48 45056 --a------ C:\WINDOWS\system32\CTxfiSpk.dll <Not Verified; Creative Technology Ltd; Ctxfispk Dynamic Link Library>
2008-02-20 20:58:46 37888 --a------ C:\WINDOWS\system32\psconv.exe
2008-02-20 20:58:46 19968 --a------ C:\WINDOWS\system32\Ctxfihlp.exe <Not Verified; Creative Technology Ltd; CTXfiHlp Application>
2008-02-20 20:58:44 19456 --a------ C:\WINDOWS\system32\CtHelper.exe <Not Verified; Creative Technology Ltd; CtHelper Application>
2008-02-20 20:58:42 43520 --a------ C:\WINDOWS\system32\ctspkhlp.dll <Not Verified; Creative Technology Ltd; CtSpkHlp Dynamic Link Library>
2008-02-20 20:58:42 56832 --a------ C:\WINDOWS\system32\CTpcmcia.dll <Not Verified; Creative Technology Ltd; CTPCMCIA Dynamic Link Library>
2008-02-20 20:58:42 8704 --a------ C:\WINDOWS\system32\ctagent.dll <Not Verified; Creative Technology Ltd; ctagent>
2008-02-20 20:58:40 12800 --a------ C:\WINDOWS\system32\ctmmep.dll <Not Verified; Creative Technology Ltd; Ctmmep Dynamic Link Library>
2008-02-20 20:58:28 9216 --a------ C:\WINDOWS\system32\ctpres.dll <Not Verified; Creative Technology Ltd; CtPanel Resource>
2008-02-20 20:58:26 69632 --a------ C:\WINDOWS\system32\ctthxcal.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:58:26 78336 --a------ C:\WINDOWS\system32\ctscal.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:58:24 131072 --a------ C:\WINDOWS\system32\ctdcifce.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:58:22 10240 --a------ C:\WINDOWS\system32\ctdcres.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:58:22 335360 --a------ C:\WINDOWS\system32\ctdc0001.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:58:22 227840 --a------ C:\WINDOWS\system32\ctdc0000.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:55:18 43520 --a------ C:\WINDOWS\system32\Ctxfireg.exe <Not Verified; Creative Technology Ltd; CTXFIREG>
2008-02-20 20:55:14 10752 --a------ C:\WINDOWS\system32\Ct20xspi.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:55:12 969216 --a------ C:\WINDOWS\system32\CTxfispi.exe <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:49:46 56509 --a------ C:\WINDOWS\system32\ctdnlstr.dat
2008-02-20 20:49:46 321512 --a------ C:\WINDOWS\system32\ctdlang.dat
2008-02-20 20:49:18 110080 --a------ C:\WINDOWS\system32\ctemupia.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:47:12 17920 --a------ C:\WINDOWS\system32\ctedasio.dll <Not Verified; Creative Technology, Ltd; Creative Audio Product>
2008-02-20 20:47:12 174592 --a------ C:\WINDOWS\system32\ct_oal.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:47:10 46592 --a------ C:\WINDOWS\system32\ctasio.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:47:08 49152 --a------ C:\WINDOWS\system32\ctdproxy.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:46:52 6144 --a------ C:\WINDOWS\system32\sfman32.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:46:52 69120 --a------ C:\WINDOWS\system32\ctosuser.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:46:50 104448 --a------ C:\WINDOWS\system32\sfms32.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:46:46 13312 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2008-02-20 20:46:42 64512 --a------ C:\WINDOWS\system32\piaproxy.dll <Not Verified; Creative Technology Ltd; E-mu PIA>
2008-02-20 20:46:20 149838 --a------ C:\WINDOWS\system32\CTBAS2W.DAT
2008-02-20 20:44:34 274587 --a------ C:\WINDOWS\system32\CTSBAS2W.DAT
2008-02-20 20:44:26 241084 --a------ C:\WINDOWS\system32\CTSBASW.DAT
2008-02-20 20:44:26 115166 --a------ C:\WINDOWS\system32\CTBASICW.DAT
2008-02-20 20:44:10 313207 --a------ C:\WINDOWS\system32\ctstatic.dat
2008-02-20 20:44:10 53932 --a------ C:\WINDOWS\system32\ctdaught.dat
2008-02-20 20:44:08 5120 --a------ C:\WINDOWS\system32\enlocstr.exe
2008-02-20 20:44:02 10240 --a------ C:\WINDOWS\system32\killapps.exe <Not Verified; ; killapps>
2008-02-20 20:43:46 28672 --a------ C:\WINDOWS\system32\mididef.exe <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-02-20 20:43:46 32768 --a------ C:\WINDOWS\system32\devreg.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D378E71-1EF0-4B27-A82C-51FBB7BB085A}]
C:\WINDOWS\system32\vtuut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{571CADCE-27D6-419E-9CDD-372943335DBB}]
04/21/2008 01:54 AM 274432 --a------ C:\WINDOWS\system32\ddcya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3C1CB50-0F01-4F9F-9924-609CA722412B}]
C:\WINDOWS\system32\wvwvw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}]
04/20/2008 08:04 PM 37376 --a------ C:\WINDOWS\system32\nnnomji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/30/2006 05:35 PM]
"nwiz"="nwiz.exe" [10/30/2006 05:35 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/30/2006 05:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 03:08 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [06/15/2007 03:45 AM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 AM C:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [07/13/2006 02:11 PM]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [11/04/2005 06:07 PM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [10/10/1999 12:00 PM]
"AsioReg"="REGSVR32 /S CTASIO.DLL" []
"CTHelper"="CTHELPER.EXE" [02/20/2008 08:58 PM C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [02/20/2008 08:58 PM C:\WINDOWS\system32\Ctxfihlp.exe]
"rqtcbsxw"="regsvr32 /u C:\Documents and Settings\All Users.WINDOWS\Application Data\rqtcbsxw.dll" []
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [10/25/2007 09:26 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [12/12/2005 09:36 AM]
"SetDefaultMIDI"="MIDIDef.exe" [02/20/2008 08:43 PM C:\WINDOWS\system32\mididef.exe]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/20/2008 07:23 PM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"ukcbosse"="C:\WINDOWS\system32\nanatkzu.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"hPLo9AgHtT"=C:\Documents and Settings\All Users.WINDOWS\Application Data\vkzwtcrw\vgxqlmxk.exe
"mhGcRHOKZF"=C:\Documents and Settings\All Users.WINDOWS\Application Data\vkzwtcrw\vgxqlmxk.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9383002-FC55-4330-B9C9-67E03BC5C840}"= C:\WINDOWS\system32\nnnomji.dll [04/20/2008 08:04 PM 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnomji]
nnnomji.dll 04/20/2008 08:04 PM 37376 C:\WINDOWS\system32\nnnomji.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcya

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Bin\assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bd3bd71-0e25-11dd-900a-806d6172696f}]
AutoRun\command- D:\Bin\assetup.exe

*Newly Created Service* - AAWSERVICE
*Newly Created Service* - PGFILTER



-- End of Deckard's System Scanner: finished at 2008-04-21 12:07:33 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 2943.23 MiB / 2216.92 MiB
Pagefile Memory (total/avail): 4830.25 MiB / 4257.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.46 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 465.76 GiB total, 60.78 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3320620A - 298.09 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 298.09 GiB

\\.\PHYSICALDRIVE1 - ST3500320AS - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Michael Giller.BURANCHI-2AE675\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BURANCHIKOV
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michael Giller.BURANCHI-2AE675
LOGONSERVER=\\BURANCHIKOV
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MICHAE~1.BUR\LOCALS~1\Temp
TMP=C:\DOCUME~1\MICHAE~1.BUR\LOCALS~1\Temp
USERDOMAIN=BURANCHIKOV
USERNAME=Michael Giller
USERPROFILE=C:\Documents and Settings\Michael Giller.BURANCHI-2AE675
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Michael Giller.BURANCHI-2AE675 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
EASEUS Data Recovery Wizard Professional 4.3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1965C9BB-9114-4A50-AEC7-E62414BB117B}\setup.exe" -l0x9 -removeonly
ESET NOD32 Antivirus --> MsiExec.exe /I{944BFDEB-868F-4943-A37C-2852C7D9824A}
ffdshow [rev 1324] [2007-07-01] --> "C:\Program Files\ffdshow\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Sound Blaster X-Fi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9 /remove
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TVersity Codec Pack 1.1 --> C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 0.9.11.4 beta --> C:\Program Files\TVersity\Media Server\uninst.exe
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf


-- Application Event Log -------------------------------------------------------

Event Record #/Type138 / Error
Event Submitted/Written: 04/20/2008 10:57:11 PM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> Syntax error on line 121 of C:/Program Files/NVIDIA Corporation/NetworkAccessManager/Apache Group/Apache2/conf/httpd.conf: .

Event Record #/Type137 / Error
Event Submitted/Written: 04/20/2008 10:57:11 PM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> [Sun Apr 20 22:57:11 2008] [crit] (OS 10106)The requested service provider could not be loaded or initialized. : alloc_listener: failed to get a socket for localhost .

Event Record #/Type132 / Error
Event Submitted/Written: 04/20/2008 10:42:39 PM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> Syntax error on line 121 of C:/Program Files/NVIDIA Corporation/NetworkAccessManager/Apache Group/Apache2/conf/httpd.conf: .

Event Record #/Type131 / Error
Event Submitted/Written: 04/20/2008 10:42:39 PM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> [Sun Apr 20 22:42:39 2008] [crit] (OS 10106)The requested service provider could not be loaded or initialized. : alloc_listener: failed to get a socket for localhost .

Event Record #/Type127 / Error
Event Submitted/Written: 04/20/2008 10:35:01 PM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> Listen setup failed .



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1810 / Error
Event Submitted/Written: 04/21/2008 11:46:05 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.101 for the Network Card with network address 001FC6154139 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type1802 / Error
Event Submitted/Written: 04/21/2008 01:51:42 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\EASEUS\Data Recovery Wizard Professional 4.3.6\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type1801 / Error
Event Submitted/Written: 04/21/2008 01:51:42 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type1800 / Error
Event Submitted/Written: 04/21/2008 01:51:42 AM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type1799 / Error
Event Submitted/Written: 04/21/2008 01:51:41 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\EASEUS\Data Recovery Wizard Professional 4.3.6\MFC80.DLL.
Reference error message: The operation completed successfully.
.



-- End of Deckard's System Scanner: finished at 2008-04-21 12:07:33 ------------



Thank you in advance for your patience and your assistance.

Edit: Deactivated link and corrected some spelling for clarity. ~ OB


Edited by Orange Blossom, 11 February 2013 - 01:17 AM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:34 AM

Posted 23 April 2008 - 01:05 PM

Hello Buran and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:34 AM

Posted 22 May 2008 - 07:16 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users