Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had Virusburster; Got Rid Of It, But Still Have Spyware (log Included)


  • Please log in to reply
10 replies to this topic

#1 bin shamin

bin shamin

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 December 2006 - 04:47 PM

Hello. My idiot roommate has gotten malware on my computer and I can't get it off. I see "888Bar" and "VS-Add in for Internet Explorer" which I suspect are both adware. I also have some "Errorsafe" popup when I start up my computer. Also sometimes a new tab will open up in Firefox with "WinAntiVirus Pro" which I suspect is more malware.

Logfile of HijackThis v1.99.1
Scan saved at 4:01:37 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\{10BD58CC-073C-1033-0725-030920020001}\Update.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BENSCH~1\LOCALS~1\Temp\Rar$EX00.485\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30BD5~1\888Bar.dll
O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [xrouxac.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xrouxac.dll,hzdwcpf
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

Here is the ewido scan report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:39:34 PM, 12/3/2006
+ Report-Checksum: ECCE5782

+ Scan result:

C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@scot.valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla\Firefox\Profiles\bgsgure1.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Ben Schwenk\Cookies\ben schwenk@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup


::Report End

any help appreciated.

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 December 2006 - 05:12 PM

That is an old Ewido - get its newer version AVG AS 7.5

http://www.ewido.net/en/download/
============================

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
=============================

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 bin shamin

bin shamin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 December 2006 - 05:41 PM

I already ran the Smitfraudfix in safe mode but I will do as you have suggested.

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 December 2006 - 05:53 PM

You need to let us know all of what you have done
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 bin shamin

bin shamin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 December 2006 - 06:12 PM

I included "ran Smitfraudfix" in my subject line, but it is okay, no worries :thumbsup: I am not complaining.

Here is the newest log from smitfraudfix rapport.txt

SmitFraudFix v2.126

Scan done at 17:48:10.76, Sun 12/03/2006
Run from C:\Data\Installation Files\SmitfraudFix\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Combofix log:

Ben Schwenk - 06-12-03 17:53:57.65 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Data\Installation Files"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{30BD58CC-073C-1033-0725-030920020001}
C:\Program Files\Common Files\{10BD58CC-073C-1033-0725-030920020001}


((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))


2006-12-03 17:48 2,402 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-03 17:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-03 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2006-12-03 15:44 <DIR> d-------- C:\Program Files\ewido anti-malware
2006-12-03 15:40 854,919 ---hs---- C:\WINDOWS\system32\sttss.bak2
2006-12-03 15:39 <DIR> d-------- C:\Program Files\xerox
2006-12-02 16:30 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Application Data\Opera
2006-12-02 15:19 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-02 15:19 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-02 15:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-02 15:19 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-02 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2006-12-02 15:09 88,340 --a------ C:\WINDOWS\system32\temedfdi.exe
2006-12-02 15:09 42,516 --a------ C:\WINDOWS\system32\hkwiblur.dll
2006-12-02 15:09 <DIR> d-------- C:\Program Files\VSAdd-in
2006-12-02 15:09 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Application Data\SearchToolbarCorp
2006-12-02 15:08 850,338 ---hs---- C:\WINDOWS\system32\sttss.bak1
2006-12-02 15:07 274,484 ---hs---- C:\WINDOWS\system32\sstts.dll
2006-12-02 15:02 94,208 --a------ C:\WINDOWS\system32\xrouxac.dll
2006-12-02 15:02 70,656 --a------ C:\WINDOWS\system32\azgslem.dll
2006-12-02 15:02 <DIR> dr-h----- C:\$VAULT$.AVG
2006-12-02 15:01 40,973 ---hs---- C:\WINDOWS\system32\ddcdcda.dll
2006-12-02 15:01 19,456 --a------ C:\WINDOWS\system32\wintuh32.dll
2006-12-02 14:56 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Application Data\Adobe
2006-12-02 14:44 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Application Data\IDMComp
2006-12-02 14:42 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2006-12-02 14:38 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2006-12-02 14:37 <DIR> d-------- C:\Program Files\Microsoft.NET
2006-12-02 14:37 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-12-02 14:36 <DIR> d-------- C:\Program Files\Common Files\DESIGNER
2006-12-02 14:35 <DIR> d-------- C:\WINDOWS\SHELLNEW
2006-12-02 14:35 <DIR> d-------- C:\Program Files\Microsoft Office
2006-12-02 14:21 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-12-02 14:21 <DIR> d-------- C:\WINDOWS\system32\Adobe
2006-12-02 14:16 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-12-02 14:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-12-02 14:14 <DIR> d-------- C:\Program Files\Adobe
2006-12-02 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-12-02 11:02 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Application Data\AVG7
2006-12-02 11:01 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-02 11:01 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-12-02 11:01 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-02 11:01 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-02 11:01 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-02 11:01 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-02 11:01 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-02 11:01 <DIR> d-------- C:\Program Files\Grisoft
2006-12-02 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-12-02 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-12-02 10:48 <DIR> d-------- C:\Program Files\Raxco
2006-12-02 10:48 <DIR> d-------- C:\Program Files\Common Files\Raxco
2006-12-02 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2006-12-02 02:56 <DIR> d-------- C:\Program Files\WinRAR
2006-12-02 02:48 <DIR> d-------- C:\Program Files\Nero
2006-12-02 02:27 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2006-12-02 02:25 974,848 --------- C:\WINDOWS\system32\mfc70.dll
2006-12-02 02:25 344,064 --------- C:\WINDOWS\system32\msvcr70.dll
2006-12-02 02:25 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2006-12-02 02:21 <DIR> d-------- C:\Program Files\Macromedia
2006-12-02 02:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2006-12-02 02:14 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Application Data\J River
2006-12-02 02:13 53,248 --------- C:\WINDOWS\system32\BBInstaller.exe
2006-12-02 02:13 491,520 --------- C:\WINDOWS\system32\AReadyLB.dll
2006-12-02 02:13 376,832 --------- C:\WINDOWS\system32\MC11.exe
2006-12-02 02:13 229,376 --------- C:\WINDOWS\system32\AudDevicePlugin.dll
2006-12-02 02:12 38 --a------ C:\WINDOWS\system32\net32gdilib.dll
2006-12-02 02:12 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-12-02 02:12 <DIR> d-------- C:\Program Files\J River
2006-12-02 02:08 90,112 --------- C:\WINDOWS\Updreg.EXE
2006-12-02 02:08 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL
2006-12-02 02:08 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-12-02 02:08 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL
2006-12-02 02:08 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-12-02 02:08 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL
2006-12-02 02:08 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-12-02 02:08 53,552 --------- C:\WINDOWS\CTCCW.DLL
2006-12-02 02:08 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-12-02 02:08 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL
2006-12-02 02:08 24,976 --------- C:\WINDOWS\CTRES.DLL
2006-12-02 02:08 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL
2006-12-02 02:08 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-12-02 02:08 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL
2006-12-02 02:08 <DIR> d-------- C:\WINDOWS\system32\Defaults
2006-12-02 02:07 998,004 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys
2006-12-02 02:07 94,208 --a------ C:\WINDOWS\DEVREG.DLL
2006-12-02 02:07 837,548 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys
2006-12-02 02:07 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
2006-12-02 02:07 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-12-02 02:07 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2006-12-02 02:07 643,072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL
2006-12-02 02:07 61,440 --a------ C:\WINDOWS\system32\CTAGENT.DLL
2006-12-02 02:07 61,440 --a------ C:\WINDOWS\MIDIDEF.EXE
2006-12-02 02:07 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-12-02 02:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-12-02 02:07 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL
2006-12-02 02:07 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-12-02 02:07 49,152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2006-12-02 02:07 49,152 --a------ C:\WINDOWS\CTDCRES.DLL
2006-12-02 02:07 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-12-02 02:07 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-12-02 02:07 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
2006-12-02 02:07 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2006-12-02 02:07 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL
2006-12-02 02:07 319,488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL
2006-12-02 02:07 28,672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL
2006-12-02 02:07 270,336 --a------ C:\WINDOWS\system32\SFMS32.DLL
2006-12-02 02:07 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2006-12-02 02:07 213,860 --a------ C:\WINDOWS\system32\drivers\ctsfm2k.sys
2006-12-02 02:07 20,480 --a------ C:\WINDOWS\INRES.DLL
2006-12-02 02:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-12-02 02:07 195,432 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2006-12-02 02:07 184,320 --a------ C:\WINDOWS\PSCONV.EXE
2006-12-02 02:07 176,128 --a------ C:\WINDOWS\READREG.EXE
2006-12-02 02:07 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-12-02 02:07 156,604 --a------ C:\WINDOWS\system32\drivers\emupia2k.sys
2006-12-02 02:07 155,648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
2006-12-02 02:07 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-12-02 02:07 135,168 --a------ C:\WINDOWS\system32\OPENAL32.DLL
2006-12-02 02:07 127,948 --a------ C:\WINDOWS\system32\drivers\ctac32k.sys
2006-12-02 02:07 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2006-12-02 02:07 110,592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
2006-12-02 02:07 110,592 --a------ C:\WINDOWS\system32\COMMONFX.DLL
2006-12-02 02:07 11,068 --a------ C:\WINDOWS\system32\drivers\ctprxy2k.sys
2006-12-02 02:07 106,496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
2006-12-02 02:07 106,496 --a------ C:\WINDOWS\system32\CTASIO.DLL
2006-12-02 02:07 <DIR> d-------- C:\WINDOWS\system32\Data
2006-12-02 02:06 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS
2006-12-02 02:06 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-12-02 02:06 <DIR> d-------- C:\Program Files\Creative
2006-12-02 02:04 <DIR> d-------- C:\Program Files\Viewpoint
2006-12-02 02:04 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Application Data\Aim
2006-12-02 02:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2006-12-02 02:03 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-12-02 02:03 <DIR> d-------- C:\Program Files\AIM
2006-12-02 02:00 <DIR> d--hs---- C:\RECYCLER
2006-12-02 01:58 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-02 01:57 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Application Data\Mozilla
2006-12-02 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-02 01:56 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-12-02 01:55 17,408 --a------ C:\WINDOWS\Shortcut.exe
2006-12-02 01:55 <DIR> d-------- C:\Program Files\RAM Idle LE
2006-12-02 01:54 <DIR> d-------- C:\Program Files\DC++
2006-12-02 01:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2006-12-02 01:50 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-02 01:50 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-12-02 01:50 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-12-02 01:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-12-02 01:50 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-12-02 01:50 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-12-02 01:50 <DIR> d-------- C:\WINDOWS\nview
2006-12-02 01:49 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-12-02 01:49 <DIR> d-------- C:\NVIDIA
2006-12-02 01:27 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Application Data\Macromedia
2006-12-02 01:25 <DIR> dr-h----- C:\Documents and Settings\Ben Schwenk\SendTo
2006-12-02 01:25 <DIR> dr-h----- C:\Documents and Settings\Ben Schwenk\Recent
2006-12-02 01:25 <DIR> dr-h----- C:\Documents and Settings\Ben Schwenk\Application Data\.
2006-12-02 01:25 <DIR> dr-h----- C:\Documents and Settings\Ben Schwenk\Application Data
2006-12-02 01:25 <DIR> dr------- C:\Documents and Settings\Ben Schwenk\Start Menu
2006-12-02 01:25 <DIR> dr------- C:\Documents and Settings\Ben Schwenk\My Documents
2006-12-02 01:25 <DIR> dr------- C:\Documents and Settings\Ben Schwenk\Favorites
2006-12-02 01:25 <DIR> d--h----- C:\Documents and Settings\Ben Schwenk\Templates
2006-12-02 01:25 <DIR> d--h----- C:\Documents and Settings\Ben Schwenk\PrintHood
2006-12-02 01:25 <DIR> d--h----- C:\Documents and Settings\Ben Schwenk\NetHood
2006-12-02 01:25 <DIR> d--h----- C:\Documents and Settings\Ben Schwenk\Local Settings
2006-12-02 01:25 <DIR> d---s---- C:\Documents and Settings\Ben Schwenk\Cookies
2006-12-02 01:25 <DIR> d---s---- C:\Documents and Settings\Ben Schwenk\Application Data\Microsoft
2006-12-02 01:25 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-02 01:25 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Desktop
2006-12-02 01:25 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Application Data\Identities
2006-12-02 01:25 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\Application Data\..
2006-12-02 01:25 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\..
2006-12-02 01:25 <DIR> d-------- C:\Documents and Settings\Ben Schwenk\.
2006-12-02 00:56 <DIR> d-------- C:\Data
2006-12-02 00:55 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-12-02 00:54 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-12-02 00:54 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-12-02 00:47 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-12-02 00:46 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-12-02 00:46 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-02 00:43 0 -rahs---- C:\MSDOS.SYS
2006-12-02 00:43 0 -rahs---- C:\IO.SYS
2006-12-02 00:43 0 --a------ C:\CONFIG.SYS
2006-12-02 00:43 0 --a------ C:\AUTOEXEC.BAT
2006-12-02 00:43 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-12-02 00:43 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-12-02 00:42 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-12-02 00:42 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-12-02 00:41 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-12-02 00:41 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-12-02 00:41 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-12-02 00:41 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-12-02 00:41 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-12-02 00:41 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-12-02 00:40 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-12-02 00:40 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-12-02 00:40 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-12-02 00:40 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-12-02 00:40 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-12-02 00:40 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-12-02 00:40 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-12-02 00:40 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-12-02 00:40 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-12-02 00:40 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-12-02 00:40 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-12-02 00:40 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-12-02 00:40 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-12-02 00:40 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-12-02 00:40 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-12-02 00:40 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-12-02 00:40 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-12-02 00:40 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-12-02 00:40 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-12-02 00:40 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-12-02 00:40 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-12-02 00:40 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-12-02 00:40 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-12-02 00:40 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-12-02 00:40 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-12-02 00:40 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-12-02 00:40 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-12-02 00:40 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-12-02 00:40 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-12-02 00:40 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-12-02 00:40 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-12-02 00:40 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-12-02 00:40 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-12-02 00:40 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-12-02 00:40 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-12-02 00:40 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-12-02 00:40 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-12-02 00:40 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-12-02 00:40 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-12-02 00:40 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-12-02 00:40 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-12-02 00:40 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-12-02 00:40 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-12-02 00:40 <DIR> d---s---- C:\WINDOWS\Tasks
2006-12-02 00:40 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-12-02 00:40 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-12-02 00:40 <DIR> d-------- C:\WINDOWS\srchasst
2006-12-02 00:40 <DIR> d-------- C:\Program Files\Outlook Express
2006-12-02 00:40 <DIR> d-------- C:\Program Files\NetMeeting
2006-12-02 00:40 <DIR> d-------- C:\Program Files\Movie Maker
2006-12-02 00:40 <DIR> d-------- C:\Program Files\Internet Explorer
2006-12-02 00:40 <DIR> d-------- C:\Program Files\Common Files\System
2006-12-02 00:40 <DIR> d-------- C:\Program Files\Common Files\Services
2006-12-02 00:40 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-12-02 00:39 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-12-02 00:39 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-12-02 00:39 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-12-02 00:39 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-12-02 00:39 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-12-02 00:39 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-12-02 00:39 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-12-02 00:39 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-12-02 00:39 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-12-02 00:39 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-12-02 00:39 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-12-02 00:39 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-12-02 00:39 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-12-02 00:39 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-12-02 00:39 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-12-02 00:39 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-02 00:39 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-12-02 00:39 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-12-02 00:39 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-12-02 00:39 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-12-02 00:39 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-12-02 00:39 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-12-02 00:39 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-12-02 00:39 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-12-02 00:39 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-12-02 00:39 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-12-02 00:39 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-12-02 00:39 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-12-02 00:39 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-12-02 00:39 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-12-02 00:39 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-12-02 00:39 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-12-02 00:39 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-12-02 00:39 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-12-02 00:39 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-12-02 00:39 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-12-02 00:39 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-12-02 00:39 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-12-02 00:39 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-12-02 00:39 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-12-02 00:39 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-12-02 00:39 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-12-02 00:39 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-12-02 00:39 <DIR> d-------- C:\WINDOWS\Registration
2006-12-02 00:39 <DIR> d-------- C:\Program Files\Windows NT
2006-12-02 00:39 <DIR> d-------- C:\Program Files\Windows Media Player
2006-12-02 00:39 <DIR> d-------- C:\Program Files\Online Services
2006-12-02 00:39 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-12-02 00:39 <DIR> d-------- C:\Program Files\MSN
2006-12-02 00:39 <DIR> d-------- C:\Program Files\Messenger
2006-12-02 00:38 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-12-02 00:38 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-12-02 00:38 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-12-02 00:38 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-12-02 00:38 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-12-02 00:38 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-12-02 00:38 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-12-02 00:38 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-12-02 00:38 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-12-02 00:38 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-12-02 00:38 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-12-02 00:38 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-12-02 00:38 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-12-02 00:38 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-12-02 00:38 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-12-02 00:38 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-12-02 00:38 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-12-02 00:38 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-12-02 00:38 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-12-02 00:38 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-12-02 00:38 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-12-02 00:38 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-12-02 00:38 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-12-02 00:38 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-12-02 00:38 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-12-02 00:38 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-12-02 00:38 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-12-02 00:38 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-12-02 00:38 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-12-02 00:38 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-12-02 00:38 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-12-02 00:38 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-02 00:38 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-12-02 00:38 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-12-02 00:38 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-12-02 00:38 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-12-02 00:38 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-12-02 00:38 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-12-02 00:38 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-12-02 00:38 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-12-02 00:38 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-12-02 00:38 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-12-02 00:38 <DIR> d-------- C:\WINDOWS\system32\Com
2006-12-01 16:02 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-12-01 16:01 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-12-01 16:01 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2006-12-01 16:01 4,527,488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-12-01 16:01 3,994,624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-12-01 16:00 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-12-01 16:00 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2006-12-01 16:00 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2006-12-01 16:00 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2006-12-01 16:00 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-12-01 15:58 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-12-01 15:58 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-12-01 15:58 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-12-01 15:58 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-12-01 15:58 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-12-01 15:58 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-12-01 15:58 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-12-01 15:58 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-12-01 15:58 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-12-01 15:58 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-12-01 15:58 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-12-01 15:58 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-12-01 15:58 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-12-01 15:58 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-12-01 15:58 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-12-01 15:58 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-12-01 15:58 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-12-01 15:58 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-12-01 15:58 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-12-01 15:58 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-12-01 15:58 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-12-01 15:58 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-12-01 15:58 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-12-01 15:58 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-12-01 15:58 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-12-01 15:58 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-12-01 15:58 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-12-01 15:58 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-12-01 15:58 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-12-01 15:58 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-12-01 15:58 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-12-01 15:58 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-12-01 15:58 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-12-01 15:58 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-12-01 15:58 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-12-01 15:58 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-12-01 15:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-12-01 15:58 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-12-01 15:58 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-12-01 15:58 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-12-01 15:58 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-12-01 15:58 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-12-01 15:58 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-12-01 15:58 <DIR> dr------- C:\Program Files\Common Files\..
2006-12-01 15:58 <DIR> dr------- C:\Program Files\.
2006-12-01 15:58 <DIR> dr------- C:\Program Files
2006-12-01 15:58 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-12-01 15:58 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-12-01 15:58 <DIR> d--hs---- C:\WINDOWS\Installer
2006-12-01 15:58 <DIR> d--hs---- C:\Program Files\..
2006-12-01 15:58 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-12-01 15:58 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-12-01 15:58 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-12-01 15:58 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-12-01 15:58 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-12-01 15:58 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-12-01 15:58 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-01 15:58 <DIR> d-------- C:\Program Files\Common Files\.
2006-12-01 15:58 <DIR> d-------- C:\Program Files\Common Files
2006-12-01 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-12-01 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-12-01 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-12-01 15:57 <DIR> d--hs---- C:\System Volume Information
2006-12-01 15:57 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-12-01 15:57 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-12-01 15:57 <DIR> d-------- C:\Documents and Settings
2006-12-01 15:52 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-12-01 15:52 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-12-01 15:52 <DIR> dr------- C:\WINDOWS\Web
2006-12-01 15:52 <DIR> d--hs---- C:\WINDOWS\..
2006-12-01 15:52 <DIR> d--h----- C:\WINDOWS\inf
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\WinSxS
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\twain_32
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\Temp
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\wins
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\spool
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\ras
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\npp
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\mui
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\IME
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\ias
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\export
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\config
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\3076
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\2052
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\1054
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\1042
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\1041
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\1037
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\1033
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\1031
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\1028
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\1025
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\..
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32\.
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system32
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system\..
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system\.
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\system
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\security
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\Resources
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\repair
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\Provisioning
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\PeerNet
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\pchealth
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\mui
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\msapps
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\msagent
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\Media
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\java
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\ime
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\Help
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\ehome
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\Debug
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\Cursors
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\Config
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\AppPatch
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\addins
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS\.
2006-12-01 15:52 <DIR> d-------- C:\WINDOWS
2006-11-29 09:30 189,952 --a------ C:\WINDOWS\system32\WISPTIS.EXE
2006-11-29 09:29 94,208 --a------ C:\WINDOWS\system32\MSSTKPRP.DLL
2006-11-29 09:29 397,312 --a------ C:\WINDOWS\system32\MSRDO20.DLL
2006-11-29 09:29 204,800 --a------ C:\WINDOWS\system32\INKED.DLL
2006-11-29 09:29 151,552 --a------ C:\WINDOWS\system32\RDOCURS.DLL
2006-11-29 09:29 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2006-11-29 09:29 1,146,320 --a------ C:\WINDOWS\system32\FM20.DLL
2006-11-29 08:10 53,248 --a------ C:\WINDOWS\system32\MFC42ENU.DLL
2006-11-29 08:10 40,960 --a------ C:\WINDOWS\system32\VBAME.DLL
2006-11-29 08:10 32,584 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2006-11-29 08:10 15,872 --a------ C:\WINDOWS\system32\SCP32.DLL
2006-11-28 12:52 99,856 --a------ C:\WINDOWS\system32\PDBoot.exe
2006-11-15 08:00 65,304 --a------ C:\WINDOWS\system32\drivers\DefragFs.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RAM Idle Professional"="C:\\Program Files\\RAM Idle LE\\RAM_XP.exe"
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"xrouxac.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\xrouxac.dll,hzdwcpf"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,72,03,00,00,23,00,00,00,fc,00,00,00,f2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstts
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintuh32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-03 17:58:32.03
C:\ComboFix.txt ... 06-12-03 17:58


And finally newest hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:05:21 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Data\Installation Files\Anti-Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [xrouxac.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xrouxac.dll,hzdwcpf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Dpttfduwbpwp - GRISOFT, s.r.o. - C:\WINDOWS\system32\drivers\avg7rsw.sys
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe



#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 December 2006 - 06:22 PM

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
=====================

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)

O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [xrouxac.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xrouxac.dll,hzdwcpf

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\xrouxac.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 bin shamin

bin shamin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 December 2006 - 07:25 PM

I did everything you commanded and here is my newest hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:15:14 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Data\Installation Files\Anti-Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\hkwiblur.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {502B5687-F8E4-933B-CAAD-0AB567C9FCDD} - C:\WINDOWS\system32\azgslem.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {B76B4032-CBED-4100-B4E7-A36781A3ADD6} - C:\WINDOWS\system32\sstts.dll (file missing)
O2 - BHO: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Dpttfduwbpwp - GRISOFT, s.r.o. - C:\WINDOWS\system32\drivers\avg7rsw.sys
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe


Here is the log from Vundo:

VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 6:46:28 PM 12/3/2006

Listing files found while scanning....

C:\WINDOWS\system32\wintuh32.dll
C:\WINDOWS\system32\xrouxac.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\wintuh32.dll
C:\WINDOWS\system32\wintuh32.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xrouxac.dll
C:\WINDOWS\system32\xrouxac.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\wintuh32.dll
C:\WINDOWS\system32\wintuh32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!

Performing Repairs to the registry.
Done!


The following programs still show up in my add/remove programs list:

888Bar
VSAdd-in for Internet Explorer

Both of these programs are not wanted and were not installed by me... any tips to rid my system of them?

Also, the following hijackthis entries concern me:

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\hkwiblur.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {502B5687-F8E4-933B-CAAD-0AB567C9FCDD} - C:\WINDOWS\system32\azgslem.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {B76B4032-CBED-4100-B4E7-A36781A3ADD6} - C:\WINDOWS\system32\sstts.dll (file missing)
O2 - BHO: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

Should they or are they harmless? I know BHOs aren't always a good thing...

My system does appear to be functioning normally again but I am still concerned about the programs in the add/remove programs list and any that might be hidden and not displayed there.

#8 bin shamin

bin shamin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 December 2006 - 09:45 PM

hoping for a response. :thumbsup:

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 04 December 2006 - 04:47 PM

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries

It also has a button for add/remove that will remove those fom add/remove programs

=================

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\hkwiblur.dll

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)

O2 - BHO: (no name) - {502B5687-F8E4-933B-CAAD-0AB567C9FCDD} - C:\WINDOWS\system32\azgslem.dll

O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)

O2 - BHO: (no name) - {B76B4032-CBED-4100-B4E7-A36781A3ADD6} - C:\WINDOWS\system32\sstts.dll (file missing)

O2 - BHO: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\hkwiblur.dll
C:\WINDOWS\system32\azgslem.dll


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 bin shamin

bin shamin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 04 December 2006 - 08:06 PM

Thanks for all your help.

My computer appears to be clean now.

The VSAdd-in for IE still shows up in my add/remove programs list and it won't uninstall, but I deleted the folder in safe mode C:\Program Files\VSAdd-In. It had been set to Read-Only. Even though it shows up I don't think it does anything now.

The 888Bar is gone and all traces of spyware/malware seem to be gone!

My system is performing much better. It's amazing how those things can slow you down!

Much thanks for the help! :thumbsup:

Edited by bin shamin, 04 December 2006 - 08:07 PM.


#11 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 05 December 2006 - 10:26 AM

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users