Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pleasee Help! Computer's Gone Wrongg


  • This topic is locked This topic is locked
16 replies to this topic

#1 Rkikumy

Rkikumy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 18 August 2006 - 09:06 PM

Popups, crappy toolbar, restarting by itself.
Says put the type of infection, iono what it is but i think its mirar
Please help Heres my HJT log.


Logfile of HijackThis v1.99.1
Scan saved at 10:04:51 PM, on 8/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\LiteStep\litestep.exe
C:\WINDOWS\Unlhbg\command.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\outlook\outlook.exe
c:\dfndrff_11a.exe
c:\kybrdff_11a.exe
C:\WINDOWS\sszsxynA.exe
C:\WINDOWS\system32\zqskw.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\sys01371004273.exe
c:\nwnmff_11.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\{1417BE8B-0A1A-1033-0916-030522050001}\Update.exe
C:\WINDOWS\sszsxyn.exe
C:\Program Files\PSLister\PSLister.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BearShare\BearShare.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wagis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ivnmdbk.exe
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [defender] c:\\dfndrff_11a.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_11a.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [sszsxynA] C:\WINDOWS\sszsxynA.exe
O4 - HKLM\..\Run: [tvd33fba] RUNDLL32.EXE w00862aa.dll,n 00333fb70000000300862aa
O4 - HKLM\..\Run: [sys01371004273] C:\WINDOWS\sys01371004273.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_11.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [AVEDESK] "C:\Program Files\avedesk\AVEDESK.EXE"
O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe"
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\iBsacct.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Unlhbg\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sszsxyn.exe

Edited by Rkikumy, 18 August 2006 - 09:08 PM.


BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:12 AM

Posted 19 August 2006 - 01:30 AM

Welcome aboard :thumbsup:

Download Combofix to your desktop:
  • Double-click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Hi there, stranger!

#3 Rkikumy

Rkikumy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 19 August 2006 - 11:54 AM

Ryan - 06-08-19 12:44:19.46
ComboFix 06.08.18 - Running from: C:\Documents and Settings\Ryan\My Documents

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{3A8B70DE-CBAE-4571-AE70-7CA799A79780}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A8B70DE-CBAE-4571-AE70-7CA799A79780}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A8B70DE-CBAE-4571-AE70-7CA799A79780}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A8B70DE-CBAE-4571-AE70-7CA799A79780}\InprocServer32]
@="C:\\WINDOWS\\system32\\alicap32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{C6034CE8-08A7-4BA1-A85E-67D54EF3D384}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6034CE8-08A7-4BA1-A85E-67D54EF3D384}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6034CE8-08A7-4BA1-A85E-67D54EF3D384}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6034CE8-08A7-4BA1-A85E-67D54EF3D384}\InprocServer32]
@="C:\\WINDOWS\\system32\\iasutil.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\alicap32.dll
C:\WINDOWS\system32\f62mlgf1162.dll
C:\WINDOWS\system32\iasutil.dll
C:\WINDOWS\system32\ikfgnt5.dll
C:\WINDOWS\system32\ikseng.dll
C:\WINDOWS\system32\irlol5331.dll
C:\WINDOWS\system32\iSsacct.dll
C:\WINDOWS\system32\jt0607dse.dll
C:\WINDOWS\system32\jtpu0779e.dll
C:\WINDOWS\system32\obtext32.dll
C:\WINDOWS\system32\p46s0ej7eho.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


O4 - HKEY_CURRENT_USER\...\Run C:\WINDOWS\system32\hqpesv.exe
O4 - HKEY_LOCAL_MACHINE\...\Run C:\WINDOWS\system32\hqpesv.exe
F2 -REG:system.ini: Shell C:\WINDOWS\system32\wagis.exe
F2 -REG:system.ini: UserInit C:\WINDOWS\system32\ivnmdbk.exe


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-08-19 12:45 221184 --a------ C:\WINDOWS\system32\xeymi.dll
2006-08-19 12:43 52 --a------ C:\WINDOWS\nnqvcc.dat
2006-08-19 12:43 385 --a------ C:\WINDOWS\flvlk.dll
2006-08-19 12:43 234272 -r--s---- C:\WINDOWS\system32\iasutil.dll
2006-08-19 12:42 234272 -r--s---- C:\WINDOWS\system32\iSsacct.dll
2006-08-19 12:36 236113 -r--s---- C:\WINDOWS\system32\ikseng.dll
2006-08-19 12:22 234272 -r--s---- C:\WINDOWS\system32\ikfgnt5.dll
2006-08-19 12:20 45056 --a------ C:\WINDOWS\system32\ghynf.exe
2006-08-18 21:52 51712 --a------ C:\WINDOWS\system32\nxoekev.dll
2006-08-18 21:52 32256 --a------ C:\WINDOWS\system32\dmonwv.dll
2006-08-18 21:52 28672 --a------ C:\WINDOWS\system32\wagis.exe
2006-08-18 21:52 127488 --a------ C:\WINDOWS\system32\moehf.dat
2006-08-18 21:52 127488 --a------ C:\WINDOWS\system32\hqpesv.exe
2006-08-18 21:52 127488 --a------ C:\Documents and Settings\All Users\Start Menu\Programs\Startup\yxbfa.exe
2006-08-18 21:51 36864 --a------ C:\WINDOWS\system32\n9nyb.exe
2006-08-14 20:52 78848 --a------ C:\WINDOWS\system32\nsr3A.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 16:31 36864 --a------ C:\WINDOWS\system32\zqskw.exe
2006-07-20 16:31 1163264 --a------ C:\WINDOWS\system32\wfxqhv.exe
2006-07-02 15:36 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2006-07-02 15:36 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2006-07-02 15:36 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2006-06-26 10:16 82944 --ah---t- C:\WINDOWS\system32\MSVRCTD.DLL
2006-06-01 18:09 90112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-06-01 18:09 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-06-01 18:09 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-06-01 18:09 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-06-01 18:09 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-06-01 18:09 200704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-06-01 18:07 536576 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-06-01 18:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-06-01 18:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll


* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


2006-08-18 21:52 127488 C:\WINDOWS\system32\hqpesv.exe
2006-08-18 21:52 51712 C:\WINDOWS\system32\nxoekev.dll
2006-08-18 21:52 23552 C:\WINDOWS\system32\ivnmdbk.exe
2006-08-18 21:52 127488 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\yxbfa.exe
2006-08-19 12:43 385 C:\WINDOWS\flvlk.dll
2006-08-18 21:52 127488 C:\WINDOWS\system32\moehf.dat
2006-08-18 21:52 28672 C:\WINDOWS\system32\wagis.exe


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-08-18 21:52 127488 moehf.dat.qoo
06-08-18 21:52 127488 hqpesv.exe.qoo
06-08-18 21:52 127488 yxbfa.exe.qoo
06-08-18 21:52 51712 nxoekev.dll.qoo
06-08-18 21:52 32256 dmonwv.dll.qoo
06-08-18 21:52 28672 wagis.exe.qoo
06-08-19 12:43 385 flvlk.dll.qoo
06-08-19 12:43 52 nnqvcc.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Ryan\Application Data\Sskdmns.dll
C:\Documents and Settings\Ryan\Application Data\Sskknwrd.dll
C:\Documents and Settings\Ryan\Application Data\Sskuknwrd.dll
C:\WINDOWS\system32\bk.exe
C:\Program Files\surfsidekick 3\Ssk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\Duce6.exe
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\dfndrff_11a.exe
C:\kybrdff_11a.exe
C:\nwnmff_11.exe
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\DQCAHOGQ\kybrdff_11a[1].exe
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\Q0S2UD5X\drsmartload46a[1].exe
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\Q0S2UD5X\MTE3NDI6ODoxNg[1].exe
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\Q0S2UD5X\nwnmff_11[1].exe
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\Q0S2UD5X\stub_113_4_0_4_0[1].exe
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\XFX2IB1U\dfndrff_11a[1].exe
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\XFX2IB1U\drsmartload45a[1].exe
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\XFX2IB1U\drsmartload849a[1].exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\xeymi.dll
C:\WINDOWS\thiselt.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Inetget2
C:\Program Files\TheSearchAccelerator
C:\Program Files\ToolBar888
C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\xeymi.dll
C:\WINDOWS\thiselt.exe
C:\Program Files\Deskbar
C:\Program Files\outlook
C:\Program Files\network monitor
C:\Program Files\Common Files\{1417BE8B-0A1A-1033-0916-030522050001}
C:\WINDOWS\Unlhbg


((((((((((((((((((((((((((((((( Files Created from 2006-07-19 to 2006-08-19 ))))))))))))))))))))))))))))))))))


2006-08-19 12:37 394,816 C:\WINDOWS\sszsxynA.exe
2006-08-19 12:37 29,696 C:\WINDOWS\system32\w002c5e6.dll
2006-08-19 12:37 21,504 C:\WINDOWS\offun.exe
2006-08-19 12:37 186,223 C:\WINDOWS\srvjwepane.exe
2006-08-19 12:23 29,696 C:\WINDOWS\system32\w0031f9f.dll
2006-08-19 12:21 110,592 C:\WINDOWS\v1201.exe
2006-08-19 12:20 48,190 C:\WINDOWS\RDFX4.exe
2006-08-19 12:20 45,056 C:\WINDOWS\system32\ghynf.exe
2006-08-18 22:16 24,296 C:\WINDOWS\icont.exe
2006-08-18 21:53 61,952 C:\WINDOWS\system32\aaa00000.dll
2006-08-18 21:53 36,864 C:\WINDOWS\thiselt.exe
2006-08-18 21:53 29,696 C:\WINDOWS\system32\w009282d.dll
2006-08-18 21:53 214,748 C:\WINDOWS\Setup90.exe
2006-08-18 21:53 2,560 C:\WINDOWS\ac3_0002.exe
2006-08-18 21:53 115,157 C:\WINDOWS\Justin.exe
2006-08-18 21:53 106,496 C:\WINDOWS\Duce6.exe
2006-08-18 21:53 1,167 C:\WINDOWS\system32\aaa00000.sys
2006-08-18 21:52 61,952 C:\WINDOWS\system32\tvd33fba.dll
2006-08-18 21:52 403,728 C:\WINDOWS\sszsxyn.exe
2006-08-18 21:52 29,696 C:\WINDOWS\system32\w00862aa.dll
2006-08-18 21:52 23,552 C:\WINDOWS\system32\ivnmdbk.exe
2006-08-18 21:52 186,223 C:\WINDOWS\srvfsrvmbb.exe
2006-08-18 21:52 1,167 C:\WINDOWS\system32\tvd33fba.sys
2006-08-18 21:51 45,056 C:\WINDOWS\system32ghynf.exe
2006-08-18 21:51 36,864 C:\WINDOWS\system32n9nyb.exe
2006-08-18 21:51 36,864 C:\WINDOWS\system32\zqskw.exe
2006-08-18 21:51 36,864 C:\WINDOWS\system32\n9nyb.exe
2006-08-18 21:51 28,672 C:\WINDOWS\system32\iqqr.exe
2006-08-18 21:51 28,672 C:\WINDOWS\system32\bez6n4r21.exe
2006-08-18 21:51 221,184 C:\WINDOWS\system32\xeymi.dll
2006-08-18 21:51 159,744 C:\WINDOWS\system32\cvn0.exe
2006-08-18 21:51 1,163,264 C:\WINDOWS\system32\wfxqhv.exe
2006-08-18 21:51 0 C:\WINDOWS\system32bez6n4r21.exe
2006-08-18 21:48 225,280 C:\WINDOWS\USBS100phmgunin.exe
2006-08-14 20:52 78,848 C:\WINDOWS\system32\nsr3A.dll
2006-08-11 12:05 155,648 C:\WINDOWS\win3206427337100.exe
2006-08-11 12:05 155,648 C:\WINDOWS\vSg21-d.exe
2006-08-11 12:05 155,648 C:\WINDOWS\sys01371004273.exe
2006-08-06 13:30 4,682 C:\WINDOWS\system32\npptNT2.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-19 12:49 -------- d-------- C:\Program Files\Common Files
2006-08-19 12:45 221184 --a------ C:\WINDOWS\system32\xeymi.dll
2006-08-19 12:43 1167 --a------ C:\WINDOWS\system32\tvd33fba.sys
2006-08-19 12:38 1167 --a------ C:\WINDOWS\system32\aaa00000.sys
2006-08-19 12:37 29696 --a------ C:\WINDOWS\system32\w002c5e6.dll
2006-08-19 12:37 186223 --a------ C:\WINDOWS\srvjwepane.exe
2006-08-19 12:31 517 --a------ C:\Program Files\Common Files\poce
2006-08-19 12:24 -------- d-------- C:\Program Files\Common Files\fqrm
2006-08-19 12:23 29696 --a------ C:\WINDOWS\system32\w0031f9f.dll
2006-08-19 12:21 110592 --a------ C:\WINDOWS\v1201.exe
2006-08-19 12:21 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-19 12:21 -------- d-------- C:\Program Files\Windows Media Player
2006-08-19 12:20 48190 --a------ C:\WINDOWS\RDFX4.exe
2006-08-19 12:20 45056 --a------ C:\WINDOWS\system32\ghynf.exe
2006-08-18 22:55 -------- d-------- C:\Program Files\Trillian
2006-08-18 22:16 24296 --a------ C:\WINDOWS\icont.exe
2006-08-18 21:53 61952 --a------ C:\WINDOWS\system32\aaa00000.dll
2006-08-18 21:53 36864 --a------ C:\WINDOWS\thiselt.exe
2006-08-18 21:53 29696 --a------ C:\WINDOWS\system32\w009282d.dll
2006-08-18 21:53 2560 --a------ C:\WINDOWS\ac3_0002.exe
2006-08-18 21:53 214748 --a------ C:\WINDOWS\Setup90.exe
2006-08-18 21:53 115157 --a------ C:\WINDOWS\Justin.exe
2006-08-18 21:53 106496 --a------ C:\WINDOWS\Duce6.exe
2006-08-18 21:52 61952 --a------ C:\WINDOWS\system32\tvd33fba.dll
2006-08-18 21:52 29696 --a------ C:\WINDOWS\system32\w00862aa.dll
2006-08-18 21:52 23552 --a------ C:\WINDOWS\system32\ivnmdbk.exe
2006-08-18 21:52 186223 --a------ C:\WINDOWS\srvfsrvmbb.exe
2006-08-18 21:52 -------- d-------- C:\Program Files\PSLister
2006-08-18 21:51 45056 --a------ C:\WINDOWS\system32ghynf.exe
2006-08-18 21:51 36864 --a------ C:\WINDOWS\system32n9nyb.exe
2006-08-18 21:51 36864 --a------ C:\WINDOWS\system32\n9nyb.exe
2006-08-18 21:51 28672 --a------ C:\WINDOWS\system32\iqqr.exe
2006-08-18 21:51 28672 --a------ C:\WINDOWS\system32\bez6n4r21.exe
2006-08-18 21:51 0 --a------ C:\WINDOWS\system32bez6n4r21.exe
2006-08-18 21:48 -------- d-------- C:\Documents and Settings\Ryan\Application Data\MobileAction
2006-08-18 14:53 -------- d-------- C:\Documents and Settings\Ryan\Application Data\Adobe
2006-08-18 11:08 -------- d-------- C:\Program Files\Warcraft III
2006-08-18 07:24 -------- d-------- C:\Program Files\Steam
2006-08-16 16:46 -------- d-------- C:\Documents and Settings\Ryan\Application Data\Macromedia
2006-08-16 07:42 -------- d-------- C:\Program Files\Lineage II
2006-08-14 20:52 78848 --a------ C:\WINDOWS\system32\nsr3A.dll
2006-08-11 22:08 -------- d-------- C:\Program Files\Internet Explorer
2006-08-11 12:05 155648 --a------ C:\WINDOWS\win3206427337100.exe
2006-08-11 12:05 155648 --a------ C:\WINDOWS\vSg21-d.exe
2006-08-11 12:05 155648 --a------ C:\WINDOWS\sys01371004273.exe
2006-08-09 21:42 -------- d-------- C:\Program Files\Starcraft
2006-08-07 00:04 -------- d-------- C:\Program Files\QuickTime
2006-08-07 00:04 -------- d-------- C:\Program Files\mobile PhoneTools
2006-08-07 00:04 -------- d-------- C:\Program Files\iTunes
2006-08-07 00:04 -------- d-------- C:\Program Files\avedesk
2006-08-07 00:03 16897 --a------ C:\WINDOWS\vcdplayx.exe
2006-08-06 13:16 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-04 01:50 -------- d-------- C:\Program Files\Mozilla Firefox
2006-07-28 23:37 -------- d-------- C:\Program Files\Outlook Express
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 15:49 159744 --a------ C:\WINDOWS\system32\cvn0.exe
2006-07-22 21:06 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-07-22 21:05 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-22 21:02 -------- d-------- C:\Program Files\Adobe
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 16:31 36864 --a------ C:\WINDOWS\system32\zqskw.exe
2006-07-20 16:31 1163264 --a------ C:\WINDOWS\system32\wfxqhv.exe
2006-07-12 21:54 -------- d-------- C:\Documents and Settings\Ryan\Application Data\Sony Corporation
2006-07-12 21:51 -------- d-------- C:\Program Files\Sony
2006-07-12 21:50 -------- d-------- C:\Program Files\Common Files\Sony Shared
2006-07-12 21:47 -------- d-------- C:\Program Files\directx
2006-07-10 14:16 65536 --a------ C:\WINDOWS\IFinst27.exe
2006-07-10 13:45 -------- d-------- C:\Program Files\Gravity
2006-07-09 16:06 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-07-05 10:57 -------- d-------- C:\Documents and Settings\Ryan\Application Data\FarStone
2006-07-05 10:49 5501 --a------ C:\WINDOWS\system32\rtclcmg32.dll
2006-07-05 10:48 -------- d-------- C:\Program Files\FarStone
2006-07-04 23:44 967 --a------ C:\WINDOWS\SCXEUnin.pif
2006-07-04 23:44 72704 --a------ C:\WINDOWS\SCXEUnin.exe
2006-07-04 13:32 967 --a------ C:\WINDOWS\ScUnin.pif
2006-07-04 13:32 94208 --a------ C:\WINDOWS\ScUnin.exe
2006-07-03 11:15 86528 --a------ C:\WINDOWS\bnetunin.exe
2006-07-03 01:13 -------- d-------- C:\Program Files\Winamp
2006-07-03 00:43 -------- d-------- C:\Program Files\Common Files\NSV
2006-07-02 19:16 -------- d-------- C:\Program Files\Snes
2006-07-02 15:36 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2006-07-02 15:36 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2006-07-02 15:36 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2006-07-01 13:42 -------- d-------- C:\Program Files\iPod
2006-06-30 11:24 -------- d-------- C:\Program Files\WinRAR
2006-06-30 00:05 -------- d-------- C:\Documents and Settings\Ryan\Application Data\IGN_DLM
2006-06-29 13:57 -------- d-------- C:\Documents and Settings\Ryan\Application Data\SideBar
2006-06-29 03:13 -------- d-------- C:\Program Files\AIM
2006-06-29 03:04 -------- d-------- C:\Program Files\CodiNET
2006-06-29 02:43 -------- d---s---- C:\Documents and Settings\Ryan\Application Data\Microsoft
2006-06-29 01:22 -------- d-------- C:\Documents and Settings\Ryan\Application Data\AveDesk
2006-06-28 22:08 -------- d-------- C:\Program Files\IconTweaker
2006-06-27 20:31 -------- d-------- C:\Program Files\Windows NT
2006-06-27 20:31 -------- d-------- C:\Program Files\Common Files\System
2006-06-27 20:06 -------- d-------- C:\Documents and Settings\Ryan\Application Data\Download Manager
2006-06-27 19:22 -------- d-------- C:\Program Files\Stardock
2006-06-27 02:00 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-06-26 10:16 82944 --ah---t- C:\WINDOWS\system32\MSVRCTD.DLL
2006-06-26 10:16 145340 --ah---t- C:\WINDOWS\system32\MSVRCTDR.dll
2006-06-24 15:40 -------- d-------- C:\Program Files\CCleaner
2006-06-19 14:38 53248 --a------ C:\WINDOWS\uni_ehhhh.exe
2006-06-19 14:38 49152 --a------ C:\WINDOWS\uninst104.exe
2006-06-01 18:11 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-06-01 18:11 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-06-01 18:10 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-06-01 18:09 90112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-06-01 18:09 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-06-01 18:09 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-06-01 18:09 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-06-01 18:09 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-06-01 18:09 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-06-01 18:09 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-06-01 18:09 200704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-06-01 18:07 536576 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-06-01 18:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-06-01 18:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-06-01 18:06 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-06-01 18:06 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-06-01 18:06 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-06-01 18:06 619156 --a------ C:\WINDOWS\system32\DivX.dll
2006-06-01 18:06 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-06-01 18:06 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="zHotkey.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"WatchDog"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"VirtualDrive"="\"C:\\Program Files\\FarStone\\VirtualDrive\\VDTask.exe\" /AutoRestore"
"vcdplayx"="\"C:\\WINDOWS\\vcdplayx.exe\""
"ad8rIU3s"="C:\\WINDOWS\\system32\\cvn0.exe"
"k6mmN5IOU"="\"C:\\WINDOWS\\system32\\wfxqhv.exe\""
"ACTX1"="C:\\WINDOWS\\v1201.exe"
"tvd33fba"="RUNDLL32.EXE w00862aa.dll,n 00333fb70000000300862aa"
"sys01371004273"="C:\\WINDOWS\\sys01371004273.exe"
"sszsxynA"="C:\\WINDOWS\\sszsxynA.exe"
"win3206427337100"="C:\\WINDOWS\\win3206427337100.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"AVEDESK"="\"C:\\Program Files\\avedesk\\AVEDESK.EXE\""
"PSLister"="\"C:\\Program Files\\PSLister\\PSLister.exe\""
"fqrm"="C:\\PROGRA~1\\COMMON~1\\fqrm\\fqrmm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\WindowsUpdate\\rykehowo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Windows Media Player\\pohy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Completion time: Sat 08/19/2006 12:51:30.18
ComboFix.txt

Thanks. Great to be abord :-)

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:12 AM

Posted 19 August 2006 - 05:52 PM

Then lets continue :thumbsup:

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you aren't able to finish the update within Ewido for a reason or another, you can install the manual updates here.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-select "Only if threats were found"
Close Ewido Anti-spyware, DO NOT run a scan just yet, we will shortly.

==

2. Please download Brute Force Uninstaller to your desktop.
  • Right-click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

4. Clean out temporary files:
  • Click Start -> Run and type in: cleanmgr
  • Click "Ok".
  • Let it scan your system.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only ones checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.
==

5. IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning process:
  • Lauch Ewido Anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido.
==

6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by double-clicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do its job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the Complete script execution box to pop up and hit OK.
  • Press Exit to terminate the BFU program.
Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log. :flowers:
Hi there, stranger!

#5 Rkikumy

Rkikumy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 19 August 2006 - 08:50 PM

:-\ Sorry but i couldn't get the ewido log. I can give you what was quarentined but it didn't save. :-\ Save report every scan was checked too. But here's my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:48:36 PM, on 8/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sszsxynA.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\win3207273371004.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\Rar$EX00.859\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tvd33fba] RUNDLL32.EXE w00862aa.dll,n 00333fb70000000300862aa
O4 - HKLM\..\Run: [sszsxynA] C:\WINDOWS\sszsxynA.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [win3207273371004] C:\WINDOWS\win3207273371004.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [AVEDESK] "C:\Program Files\avedesk\AVEDESK.EXE"
O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe"
O4 - HKCU\..\Run: [fqrm] C:\PROGRA~1\COMMON~1\fqrm\fqrmm.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sszsxyn.exe (file missing)

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:12 AM

Posted 20 August 2006 - 05:45 AM

I can give you what was quarentined but it didn't save. :-\

I'd need to see the log.. It's possible the log is saved in C:\Program Files\ewido anti-spyware 4.0

Maybe an subfolder for logs? :thumbsup:

Make sure your Ewido Guard is disabled... I don't want it to interfere with the fixes.

Disabling the Resident Shield:
  • By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled. (When the PC has been cleaned you can activate the shield again, if you wish.)
  • Click the Shield icon at the top and under "Resident shield is..." - click active.
  • This should now change to inactive.
Let me know if you have Ewido autoupdates switched on.
Hi there, stranger!

#7 Rkikumy

Rkikumy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 20 August 2006 - 01:09 PM

Shield was off.
Sorry but it just didn't save the report :-\
Do you want me to do another scan?

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:12 AM

Posted 21 August 2006 - 06:48 AM

Alright. New scan isn't necessary.

Go ahead and remove Brute Force Uninstaller & alcanshorty.bfu if you wish.

---

Please run a scan with HijackThis and check the following objects for removal:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
O4 - HKLM\..\Run: [tvd33fba] RUNDLL32.EXE w00862aa.dll,n 00333fb70000000300862aa
O4 - HKLM\..\Run: [sszsxynA] C:\WINDOWS\sszsxynA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [win3207273371004] C:\WINDOWS\win3207273371004.exe
O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe"
O4 - HKCU\..\Run: [fqrm] C:\PROGRA~1\COMMON~1\fqrm\fqrmm.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis and reboot.

----

Through Add/Remove programs, uninstall the following entries (if present):

PSLister
Windows Overlay Components


After that, please navigate to and delete the following files IF present (not necessarely there)

C:\WINDOWS\sszsxynA.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\win3207273371004.exe
C:\Program Files\PSLister
C:\PROGRAM FILES\COMMON FILES\fqrm


Now empty recycle bin.

---

Please rerun Combofix with the same instructions as earlier and post an fresh log from it. Also post an fresh HijackThis log. :thumbsup:
Hi there, stranger!

#9 Rkikumy

Rkikumy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 21 August 2006 - 11:12 PM

Ryan - 06-08-22 0:06:25.40
ComboFix 06.08.18 - Running from: C:\Documents and Settings\Ryan\Desktop

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\Duce6.exe
C:\WINDOWS\Duce6.exe


((((((((((((((((((((((((((((((( Files Created from 2006-07-22 to 2006-08-22 ))))))))))))))))))))))))))))))))))


2006-08-21 23:43 62,744 C:\WINDOWS\system32\xinput1_2.dll
2006-08-21 23:43 236,824 C:\WINDOWS\system32\xactengine2_3.dll
2006-08-21 23:43 2,297,552 C:\WINDOWS\system32\d3dx9_26.dll
2006-08-21 14:10 106,496 C:\WINDOWS\Duce6.exe
2006-08-21 06:15 155,648 C:\WINDOWS\ms04004273371.exe
2006-08-20 14:05 155,648 C:\WINDOWS\sys02710042733.exe
2006-08-19 12:37 186,223 C:\WINDOWS\srvjwepane.exe
2006-08-19 12:20 48,190 C:\WINDOWS\RDFX4.exe
2006-08-18 21:53 61,952 C:\WINDOWS\system32\aaa00000.dll
2006-08-18 21:53 214,748 C:\WINDOWS\Setup90.exe
2006-08-18 21:53 115,157 C:\WINDOWS\Justin.exe
2006-08-18 21:53 1,167 C:\WINDOWS\system32\aaa00000.sys
2006-08-18 21:52 61,952 C:\WINDOWS\system32\tvd33fba.dll
2006-08-18 21:52 186,223 C:\WINDOWS\srvfsrvmbb.exe
2006-08-18 21:52 1,167 C:\WINDOWS\system32\tvd33fba.sys
2006-08-18 21:48 225,280 C:\WINDOWS\USBS100phmgunin.exe
2006-08-14 20:52 78,848 C:\WINDOWS\system32\nsr3A.dll
2006-08-06 13:30 4,682 C:\WINDOWS\system32\npptNT2.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-21 23:56 -------- d-------- C:\Program Files\Trillian
2006-08-21 22:35 106496 --a------ C:\WINDOWS\Duce6.exe
2006-08-21 21:51 -------- d-------- C:\Program Files\Steam
2006-08-21 14:11 -------- d-------- C:\Program Files\Common Files
2006-08-21 06:16 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-21 06:15 155648 --a------ C:\WINDOWS\ms04004273371.exe
2006-08-20 14:05 155648 --a------ C:\WINDOWS\sys02710042733.exe
2006-08-19 21:33 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-19 20:05 1167 --a------ C:\WINDOWS\system32\tvd33fba.sys
2006-08-19 17:27 -------- d---s---- C:\Documents and Settings\Ryan\Application Data\Microsoft
2006-08-19 12:38 1167 --a------ C:\WINDOWS\system32\aaa00000.sys
2006-08-19 12:37 186223 --a------ C:\WINDOWS\srvjwepane.exe
2006-08-19 12:31 517 --a------ C:\Program Files\Common Files\poce
2006-08-19 12:21 -------- d-------- C:\Program Files\Windows Media Player
2006-08-19 12:20 48190 --a------ C:\WINDOWS\RDFX4.exe
2006-08-18 21:53 61952 --a------ C:\WINDOWS\system32\aaa00000.dll
2006-08-18 21:53 214748 --a------ C:\WINDOWS\Setup90.exe
2006-08-18 21:53 115157 --a------ C:\WINDOWS\Justin.exe
2006-08-18 21:52 61952 --a------ C:\WINDOWS\system32\tvd33fba.dll
2006-08-18 21:52 186223 --a------ C:\WINDOWS\srvfsrvmbb.exe
2006-08-18 21:48 -------- d-------- C:\Documents and Settings\Ryan\Application Data\MobileAction
2006-08-18 14:53 -------- d-------- C:\Documents and Settings\Ryan\Application Data\Adobe
2006-08-18 11:08 -------- d-------- C:\Program Files\Warcraft III
2006-08-16 16:46 -------- d-------- C:\Documents and Settings\Ryan\Application Data\Macromedia
2006-08-16 07:42 -------- d-------- C:\Program Files\Lineage II
2006-08-14 20:52 78848 --a------ C:\WINDOWS\system32\nsr3A.dll
2006-08-11 22:08 -------- d-------- C:\Program Files\Internet Explorer
2006-08-09 21:42 -------- d-------- C:\Program Files\Starcraft
2006-08-07 00:04 -------- d-------- C:\Program Files\QuickTime
2006-08-07 00:04 -------- d-------- C:\Program Files\mobile PhoneTools
2006-08-07 00:04 -------- d-------- C:\Program Files\iTunes
2006-08-07 00:04 -------- d-------- C:\Program Files\avedesk
2006-08-06 13:16 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-04 01:50 -------- d-------- C:\Program Files\Mozilla Firefox
2006-07-28 23:37 -------- d-------- C:\Program Files\Outlook Express
2006-07-28 09:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-22 21:06 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-07-22 21:05 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-22 21:02 -------- d-------- C:\Program Files\Adobe
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-12 21:54 -------- d-------- C:\Documents and Settings\Ryan\Application Data\Sony Corporation
2006-07-12 21:51 -------- d-------- C:\Program Files\Sony
2006-07-12 21:50 -------- d-------- C:\Program Files\Common Files\Sony Shared
2006-07-12 21:47 -------- d-------- C:\Program Files\directx
2006-07-10 14:16 65536 --a------ C:\WINDOWS\IFinst27.exe
2006-07-10 13:45 -------- d-------- C:\Program Files\Gravity
2006-07-09 16:06 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-07-05 10:57 -------- d-------- C:\Documents and Settings\Ryan\Application Data\FarStone
2006-07-05 10:49 5501 --a------ C:\WINDOWS\system32\rtclcmg32.dll
2006-07-05 10:48 -------- d-------- C:\Program Files\FarStone
2006-07-04 23:44 967 --a------ C:\WINDOWS\SCXEUnin.pif
2006-07-04 23:44 72704 --a------ C:\WINDOWS\SCXEUnin.exe
2006-07-04 13:32 967 --a------ C:\WINDOWS\ScUnin.pif
2006-07-04 13:32 94208 --a------ C:\WINDOWS\ScUnin.exe
2006-07-03 11:15 86528 --a------ C:\WINDOWS\bnetunin.exe
2006-07-03 01:13 -------- d-------- C:\Program Files\Winamp
2006-07-03 00:43 -------- d-------- C:\Program Files\Common Files\NSV
2006-07-02 19:16 -------- d-------- C:\Program Files\Snes
2006-07-02 15:36 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2006-07-02 15:36 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2006-07-02 15:36 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2006-07-01 13:42 -------- d-------- C:\Program Files\iPod
2006-06-30 11:24 -------- d-------- C:\Program Files\WinRAR
2006-06-30 00:05 -------- d-------- C:\Documents and Settings\Ryan\Application Data\IGN_DLM
2006-06-29 13:57 -------- d-------- C:\Documents and Settings\Ryan\Application Data\SideBar
2006-06-29 03:13 -------- d-------- C:\Program Files\AIM
2006-06-29 03:04 -------- d-------- C:\Program Files\CodiNET
2006-06-29 01:22 -------- d-------- C:\Documents and Settings\Ryan\Application Data\AveDesk
2006-06-28 22:08 -------- d-------- C:\Program Files\IconTweaker
2006-06-27 20:31 -------- d-------- C:\Program Files\Windows NT
2006-06-27 20:31 -------- d-------- C:\Program Files\Common Files\System
2006-06-27 20:06 -------- d-------- C:\Documents and Settings\Ryan\Application Data\Download Manager
2006-06-27 19:22 -------- d-------- C:\Program Files\Stardock
2006-06-27 02:00 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-06-26 10:16 82944 --ah---t- C:\WINDOWS\system32\MSVRCTD.DLL
2006-06-26 10:16 145340 --ah---t- C:\WINDOWS\system32\MSVRCTDR.dll
2006-06-24 15:40 -------- d-------- C:\Program Files\CCleaner
2006-06-23 18:55 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-06-23 18:55 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-06-23 16:49 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-06-23 16:49 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-06-23 16:49 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-23 16:49 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-06-23 16:49 7626752 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-23 16:49 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-23 16:49 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-06-23 16:49 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-23 16:49 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-23 16:49 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-23 16:49 4492160 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-06-23 16:49 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-06-23 16:49 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-23 16:49 3928832 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-06-23 16:49 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-06-23 16:49 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-23 16:49 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-06-23 16:49 3026944 --a------ C:\WINDOWS\system32\nvgames.dll
2006-06-23 16:49 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-06-23 16:49 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-23 16:49 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-23 16:49 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-23 16:49 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-06-23 16:49 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-06-23 16:49 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-06-23 16:49 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-06-23 16:49 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-23 16:49 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-23 16:49 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-23 16:49 1257472 --a------ C:\WINDOWS\system32\nvwss.dll
2006-06-23 16:49 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-06-01 18:11 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-06-01 18:11 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-06-01 18:10 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-06-01 18:09 90112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-06-01 18:09 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-06-01 18:09 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-06-01 18:09 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-06-01 18:09 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-06-01 18:09 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-06-01 18:09 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-06-01 18:09 200704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-06-01 18:07 536576 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-06-01 18:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-06-01 18:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-06-01 18:06 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-06-01 18:06 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-06-01 18:06 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-06-01 18:06 619156 --a------ C:\WINDOWS\system32\DivX.dll
2006-06-01 18:06 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-06-01 18:06 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="zHotkey.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"WatchDog"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"ms04004273371"="C:\\WINDOWS\\ms04004273371.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"AVEDESK"="\"C:\\Program Files\\avedesk\\AVEDESK.EXE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\WindowsUpdate\\rykehowo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Windows Media Player\\pohy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Completion time: Tue 08/22/2006 0:08:19.35
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

--------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:10:49 AM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\ms04004273371.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\Rar$EX00.593\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ms04004273371] C:\WINDOWS\ms04004273371.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [AVEDESK] "C:\Program Files\avedesk\AVEDESK.EXE"
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sszsxyn.exe (file missing)

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:12 AM

Posted 22 August 2006 - 06:52 AM

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract Avenger.exe to your desktop.
2. Copy all the text in bold contained in the quotebox below to a blank notepad file:

Files to delete:
C:\WINDOWS\Duce6.exe
C:\WINDOWS\ms04004273371.exe
C:\WINDOWS\sys02710042733.exe
C:\WINDOWS\system32\tvd33fba.sys
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\srvjwepane.exe
C:\WINDOWS\RDFX4.exe
C:\WINDOWS\system32\aaa00000.dll
C:\WINDOWS\Justin.exe
C:\WINDOWS\system32\tvd33fba.dll
C:\WINDOWS\srvfsrvmbb.exe
C:\WINDOWS\system32\nsr3A.dll


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to the notepad file into this window
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • Restarts your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it briefly opens a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengers actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste all the contents of avenger.txt into your reply along with a fresh HJT log by using AddReply. :thumbsup:
Hi there, stranger!

#11 Rkikumy

Rkikumy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 22 August 2006 - 09:28 AM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jlykvwxx

*******************

Script file located at: \??\C:\wxsqdwcn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Avenger

Beginning to process script file:

File C:\WINDOWS\Duce6.exe deleted successfully.
File C:\WINDOWS\ms04004273371.exe deleted successfully.
File C:\WINDOWS\sys02710042733.exe deleted successfully.
File C:\WINDOWS\system32\tvd33fba.sys deleted successfully.
File C:\WINDOWS\system32\aaa00000.sys deleted successfully.
File C:\WINDOWS\srvjwepane.exe deleted successfully.
File C:\WINDOWS\RDFX4.exe deleted successfully.
File C:\WINDOWS\system32\aaa00000.dll deleted successfully.
File C:\WINDOWS\Justin.exe deleted successfully.
File C:\WINDOWS\system32\tvd33fba.dll deleted successfully.
File C:\WINDOWS\srvfsrvmbb.exe deleted successfully.
File C:\WINDOWS\system32\nsr3A.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

-----------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:27:03 AM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [ms04004273371] C:\WINDOWS\ms04004273371.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [AVEDESK] "C:\Program Files\avedesk\AVEDESK.EXE"
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sszsxyn.exe (file missing)

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:12 AM

Posted 22 August 2006 - 09:37 AM

Thats looking much, much cleaner now :thumbsup:

Go ahead and delete Avenger.

----

Please run a scan with HijackThis and check the following objects for removal:

O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [ms04004273371] C:\WINDOWS\ms04004273371.exe


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

----

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Removeservice.bat. to your desktop.

@echo off
sc stop "Windows Overlay Components"
sc delete "Windows Overlay Components"


Double-click on Removeservice.bat. A window will pop up and close. This is normal. Please reboot.

----

Please download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me and let me know hows the system running now. :flowers:

Hi there, stranger!

#13 Rkikumy

Rkikumy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 22 August 2006 - 12:31 PM

SUPERAntiSpyware Scan Log
Generated 08/22/2006 at 12:53 PM

Core Rules Database Version : 3058
Trace Rules Database Version: 1104

Memory threats detected : 0
Registry threats detected : 127
File threats detected : 245

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\InprocServer32
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\InprocServer32#ThreadingModel
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\ProgID
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\Programmable
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\TypeLib
HKCR\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447}\VersionIndependentProgID
C:\WINDOWS\system32\nsr3A.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039924.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042132.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP192\A0044099.dll

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{D623BC2F-A58D-4A75-A10D-CC244A702A35}
HKCR\CLSID\{D623BC2F-A58D-4A75-A10D-CC244A702A35}
HKCR\CLSID\{D623BC2F-A58D-4A75-A10D-CC244A702A35}
HKCR\CLSID\{D623BC2F-A58D-4A75-A10D-CC244A702A35}\InprocServer32
HKCR\CLSID\{D623BC2F-A58D-4A75-A10D-CC244A702A35}\InprocServer32#ThreadingModel
HKCR\CLSID\{D623BC2F-A58D-4A75-A10D-CC244A702A35}\ProgID
HKCR\CLSID\{D623BC2F-A58D-4A75-A10D-CC244A702A35}\VersionIndependentProgID
C:\WINDOWS\system32\xeymi.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041962.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043253.dll

Adware.Tracking Cookie
C:\Documents and Settings\Ryan\Cookies\ryan@www.burstbeacon[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@fortunecity[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@edge.ru4[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@revenue[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@zedo[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@count1.exitexchange[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@roiservice[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@belnk[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@questionmarket[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads1.revenue[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@reduxads.valuead[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@data1.perf.overture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@exitexchange[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@trafficmp[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@try.starware[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@statse.webtrendslive[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@fastclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@recipe[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@xml.bravenetmedianetwork[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@realmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@statcounter[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.burstnet[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@screensavers[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@maxserving[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@qksrv[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@as-eu.falkag[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@as-us.falkag[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@redorbit[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@mediaplex[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@winantivirus[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@revsci[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@dist.belnk[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@casalemedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@count3.exitexchange[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bravenetmedianetwork[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tacoda[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adserver.filefront[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.stopzilla[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.screensavers[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-maniatv.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tribalfusion[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.addynamix[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@stats1.reliablestats[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad.yieldmanager[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@c5.zedo[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@overture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@i.screensavers[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@mbop[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@linksynergy[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@cpvfeed[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@doubleclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adsrevenue[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@perf.overture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@targetnet[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@advertising[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adecn[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@serving-sys[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adrevolver[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@yieldmanager[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@yourenhancement[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@burstnet[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@mysafetrip[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@kanoodle[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@indextools[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@h.starware[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.realtechnetwork[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adknowledge[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@microsofteup.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.redorbit[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@network.realmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@server.iad.liveperson[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@rotator.adjuggler[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@partypoker[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@partygaming.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adserver[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@interclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@regalinteractive[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@cgi-bin[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@anad.tacoda[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adrevolver[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@indexstats[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@atdmt[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@1072648357[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.winantivirus[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@a.websponsors[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@apmebf[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.jackpotmadness[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-gamespot.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@anat.tacoda[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.fastclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@76464704[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.xctrk[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@hypertracker[2].txt

Adware.QuickLinks
HKLM\Software\jijyL
HKLM\Software\jijyL#t2j3rji
HKLM\Software\jijyL#aRIdm3
HKLM\Software\jijyL#sW4b
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039860.exe

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042128.exe

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039862.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039863.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040944.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041943.exe

Trojan.Windows Overlay Components/SysMon
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#Type
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#Start
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Security
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#DeviceDesc

Adware.MediaMotor
HKCR\mm06ocx.mm06ocxf
HKCR\mm06ocx.mm06ocxf\Clsid
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\Control
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\Implemented Categories
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\InprocServer32
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\InprocServer32#ThreadingModel
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\MiscStatus
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\MiscStatus\1
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\ProgID
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\ToolboxBitmap32
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\TypeLib
HKCR\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A}\VERSION
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}\2.1
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}\2.1\0
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}\2.1\0\win32
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}\2.1\FLAGS
HKCR\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}\2.1\HELPDIR
HKCR\Interface\{41E1565D-B7A8-4251-BD79-E6C5FACB2B5F}
HKCR\Interface\{41E1565D-B7A8-4251-BD79-E6C5FACB2B5F}\Forward
HKCR\Interface\{41E1565D-B7A8-4251-BD79-E6C5FACB2B5F}\ProxyStubClsid
HKCR\Interface\{41E1565D-B7A8-4251-BD79-E6C5FACB2B5F}\ProxyStubClsid32
HKCR\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}
HKCR\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\ProxyStubClsid
HKCR\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\ProxyStubClsid32
HKCR\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\TypeLib
HKCR\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\TypeLib#Version
HKCR\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}
HKCR\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\ProxyStubClsid
HKCR\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\ProxyStubClsid32
HKCR\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\TypeLib
HKCR\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\TypeLib#Version
HKCR\Interface\{DB312456-E762-4369-844A-AED9006B1B2F}
HKCR\Interface\{DB312456-E762-4369-844A-AED9006B1B2F}\Forward
HKCR\Interface\{DB312456-E762-4369-844A-AED9006B1B2F}\ProxyStubClsid
HKCR\Interface\{DB312456-E762-4369-844A-AED9006B1B2F}\ProxyStubClsid32

Trojan.Malware
C:\asdf.txt

Adware.Toolbar888
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#UninstallString
HKU\S-1-5-21-2728033087-609636902-3794616100-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}
HKU\S-1-5-21-2728033087-609636902-3794616100-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{cbcc61fa-0221-4ccc-b409-cee865caca3a} [ a!L e: ]
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039902.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041975.dll

Trojan.WinBo32/Enhance
HKLM\Software\System\sysold
HKLM\Software\System\sysold#ms04004273371
HKLM\Software\System\sysold#ms04004273371.exe
HKU\S-1-5-21-2728033087-609636902-3794616100-1005\Software\System\sysuid

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-2728033087-609636902-3794616100-1005\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Adware.BitLocker
HKCR\ONONE.Theimp
HKCR\ONONE.Theimp\CLSID
HKCR\ONONE.Theimp\CurVer
HKCR\ONONE.Theimp.1
HKCR\ONONE.Theimp.1\CLSID

Adware.SysMon
C:\RECYCLER\S-1-5-21-2728033087-609636902-3794616100-1005\Dc1\sszsxynA.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039853.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039944.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040936.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041935.exe

Trojan.Drop/Gen Variant
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039822.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039825.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039826.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039941.exe

Adware.WebNexus
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039829.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039943.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040922.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040947.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041922.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041934.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042095.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042098.dll

Adware.SurfSideKick
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039831.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039832.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039833.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039866.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039872.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039898.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039899.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039900.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041945.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042107.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042115.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042117.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042144.exe

Trojan.Unknown Origin
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039834.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039835.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039864.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041963.vbs
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041977.vbs
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043223.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043224.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043225.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043250.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP192\A0044100.exe
C:\WINDOWS\tempf.txt
C:\WINDOWS\Uninst2.htm
C:\WINDOWS\Unist1.htm

Adware.Adservs
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039839.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042131.dll

Trojan.AC3
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039854.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040937.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041936.exe

Browser Hijacker.Deskbar
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039855.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039934.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040938.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040963.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041937.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042126.dll

Adware.NicTech Networks
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039861.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039869.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039876.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039904.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039922.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039923.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040926.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040943.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041926.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041942.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042133.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042134.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042135.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042136.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042137.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042138.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042139.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042140.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042141.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042142.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042143.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043245.exe

Adware.TargetSavers
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039867.exe

Adware.UCMore/The Search Accelerator
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039868.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040946.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041946.exe

Adware.UCmore Toolbar
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039893.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039896.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040959.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041969.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041972.dll

Adware.Director
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039901.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041974.exe

Trojan.ZQuest
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039905.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043153.dll

Adware.Mirar/NetNucleus
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039907.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039910.dll

Trojan.YourEnhancement
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039946.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0040953.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042188.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043238.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP190\A0043532.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP190\A0043557.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP190\A0043615.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP191\A0043740.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP192\A0043898.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP192\A0044096.exe
C:\WINDOWS\Setup90.exe

TargetSaver, Inc. Process
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039950.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041960.exe

Trojan.EltProg
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0039951.exe

Trojan.Defender1
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041949.exe

Trojan.WinSysBan
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041950.exe

Trojan.GimmySmilies
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0041951.exe

Adware.Qoologic/QoolAid
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042096.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042100.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP187\A0042103.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043227.exe

Trojan.URLBrowserNew
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043150.exe

Trojan.Downloader-Gen/Win
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043228.exe

Trojan.Unknown Origin/System
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043234.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043235.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043236.dll
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043237.dll

Adware.Elite Media
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043244.ocx

Adware.SearchAssistant
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043246.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043254.exe

Unclassified.Unknown Origin/System
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043247.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043248.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043249.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043251.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043252.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043255.exe

Trojan.ThisELT
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP189\A0043256.exe

Trojan.Downloader-Gen
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP190\A0043348.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP190\A0043349.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP190\A0043473.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP192\A0044098.exe
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP192\A0044103.exe
--------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:29:28 PM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [AVEDESK] "C:\Program Files\avedesk\AVEDESK.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe


So how is it?
Working real fine on my side, no more pop ups :-)

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:12 AM

Posted 22 August 2006 - 12:43 PM

Looks good to me! :thumbsup:

Please read here how to clear old restore points and create a new one.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have. (Note to only use 1 at-the-time)
  • Firewall <= A firewall is definatley a must have. Two good free versions are Kerio Personal Firewall and ZoneLabs. (Note to only use 1 at-the-time)
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place?
Hi there, stranger!

#15 Rkikumy

Rkikumy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 22 August 2006 - 12:52 PM

Thanks a lot, I'll recommend this site for other people and donate everytime(hopefully this is the last lol)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users