Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cws Or Some Variant?


  • Please log in to reply
41 replies to this topic

#1 rxnelson

rxnelson

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 27 December 2006 - 08:32 PM

The PC is not mine. I am doing someone a favor that is taking more time that I thought. The hijack log shows 213.159.117.134 which I read was cws so I took care of it with shredder. The problem is that it keeps coming back. The PC is major leauge infected. I can't access the internet in "regular" windows only safe mode. I scanned it with symantec online and it detected over 2900 infected files. Also I notice all typed in urls are changed. For instance http://www.google.com is changed to
http:///?%20www.google.com So I need some help. I have removed some things from the log but they keep coming back. Evidentally, there are some things I missed that are reloading it.
Help.

Logfile of HijackThis v1.99.1
Scan saved at 8:17:16 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\hijackthis2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Jeff\LOCALS~1\Temp\20061227201418_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Jeff\LOCALS~1\Temp\20061227201418_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/jvm/msjavx86_3805.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...tal/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_In.../dwnldr_ext.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...923/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:47 PM

Posted 27 December 2006 - 10:11 PM

Hello rxnelson and welcome to the BC HijackThis forum. I want to see what other files are present here. Let's use a different scanner and see what it shows us.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 rxnelson

rxnelson
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 27 December 2006 - 10:58 PM

I am in the process of running it. I feel I should warn you some it will surely be older than 30 days as they used the computer until it finally gave up.

#4 rxnelson

rxnelson
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 28 December 2006 - 06:20 AM

WinPFind3 logfile created on: 12/27/2006 10:54:31 PM
WinPFind3U by OldTimer - Version 1.0.3 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
winpfind3u.exe -> C:\Documents and Settings\Administrator\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.3.0 | Size = 303104 bytes | Modified Date = 12/26/2006 9:48:50 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(Iomega Activity Disk2) Iomega Activity Disk2 [Win32_Own | Disabled | Stopped] -> -> File not found
(Iomega App Services) Iomega App Services [Win32_Own | Auto | Stopped] -> C:\Program Files\Iomega\System32\AppServices.exe -> Iomega Corporation [Ver = 2, 0, 2, 4 | Size = 73728 bytes | Modified Date = 7/31/2002 2:15:18 PM | Attr = ]
(iPodService) iPod Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 327680 bytes | Modified Date = 12/18/2004 8:14:42 PM | Attr = ]
(jciatwajgonujux) jciatwajgonujux [Win32_Own | Disabled | Stopped] -> C:\WINDOWS\system32\gonujux\jciatwaj.exe -> File not found
(Pctspk) PCTEL Speaker Phone [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 5:36:54 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> File not found
(STOPzilla Local Service) STOPzilla Local Service [Win32_Own | Auto | Stopped] -> C:\Program Files\STOPzilla!\SZNTSvc.exe -> International Software Systems Solutions [Ver = 3, 2, 1, 0 | Size = 69632 bytes | Modified Date = 8/8/2004 11:41:34 AM | Attr = ]
(SymProxySvc) Norton Internet Security Proxy Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Norton Internet Security\SymProxySvc.exe -> File not found
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Cleanup -> C:\DOCUME~1\Jeff\LOCALS~1\Temp\20061227201418_mcappins.exe -> File not found
msci -> C:\Documents and Settings\Jeff\Local Settings\Temp\20061227201418_mcinfo.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 32 | Size = 319488 bytes | Modified Date = 1/28/2004 4:14:44 PM | Attr = ]
STOPzilla -> C:\Program Files\STOPzilla!\Stopzilla.exe -> International Software Systems Solutions [Ver = 3, 2, 5, 2 | Size = 40960 bytes | Modified Date = 8/9/2004 2:23:10 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< RunOnce [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
gi2003625531 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\giS42JAN.exe -> File not found
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
ISEXEng -> ->
kcsqtoayeeakyq -> ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\
Aaou -> C:\Documents and Settings\Jeff\Application Data\to?lkf.exe -> File not found
aavcaag -> C:\WINDOWS\system32\idhwswc\aavcaag.exe -> File not found
AIM -> C:\Program Files\AIM\aim.exe -cnetwait.odl -> File not found
apakapj -> C:\WINDOWS\system32\ksnvoqno\apakapj.exe -> File not found
api3t -> C:\WINDOWS\system32\api3t.exe -> File not found
astiti -> C:\WINDOWS\system32\samlqcwa\astiti.exe -> File not found
atlfh.exe -> C:\WINDOWS\system32\atlfh.exe -> File not found
ausdtjq -> C:\WINDOWS\system32\etadotbm\ausdtjq.exe -> File not found
Ayivjsjp -> C:\WINDOWS\system32\r?gsvr32.exe -> [Ver = | Size = 11776 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ]
bainlars -> C:\WINDOWS\system32\cgdn\bainlars.exe -> File not found
bcachew -> C:\WINDOWS\system32\bcachew.exe -> File not found
beofkk -> C:\WINDOWS\system32\svlua\beofkk.exe -> File not found
btmc -> C:\WINDOWS\system32\vgqlbs\btmc.exe -> File not found
cbrioa -> C:\WINDOWS\system32\iwnkvl\cbrioa.exe -> File not found
cixac -> C:\WINDOWS\system32\hmbiar\cixac.exe -> File not found
dakdygk -> C:\WINDOWS\System32\lhyicww\dakdygk.exe -> File not found
dbemasn -> C:\WINDOWS\System32\kslq\dbemasn.exe -> File not found
dfbkwhw -> C:\WINDOWS\system32\kcec\dfbkwhw.exe -> File not found
djgiixn -> C:\WINDOWS\system32\gudvckae\djgiixn.exe -> File not found
dvieu -> C:\WINDOWS\system32\ilrxfv\dvieu.exe -> File not found
ebltfswt -> C:\WINDOWS\system32\hdqd\ebltfswt.exe -> File not found
edjsnm -> C:\WINDOWS\system32\vjjdcp\edjsnm.exe -> File not found
eqnmfyuu -> C:\WINDOWS\system32\toyxhc\eqnmfyuu.exe -> File not found
eTrust PestPatrol Active Protection -> C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe -> Computer Associates [Ver = 5, 0, 0, 0 | Size = 106496 bytes | Modified Date = 9/27/2004 6:09:06 AM | Attr = ]
evypqcj -> C:\WINDOWS\system32\sfoqeyfw\evypqcj.exe -> File not found
fhfbw -> C:\WINDOWS\System32\vfknc\fhfbw.exe -> File not found
gcasServ -> C:\Program Files\Microsoft AntiSpyware\gcasServ.exe -> File not found
gfeacdbv -> C:\WINDOWS\system32\qldpmpt\gfeacdbv.exe -> File not found
gfjhpmne -> C:\WINDOWS\System32\dhpvbom\gfjhpmne.exe -> File not found
GoGoTray.exe -> C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe -> File not found
hasqof -> C:\WINDOWS\System32\pjqgcad\hasqof.exe -> File not found
hmksgssj -> C:\WINDOWS\system32\ehyijvcl\hmksgssj.exe -> File not found
hojgxo -> C:\WINDOWS\System32\jbmnj\hojgxo.exe -> File not found
hshnin -> C:\WINDOWS\TEMP\ltilo.exe -> File not found
htqk -> C:\WINDOWS\system32\jjbyllm\htqk.exe -> File not found
hullcua -> C:\WINDOWS\system32\khgie\hullcua.exe -> File not found
iamapp -> C:\Program Files\Norton Internet Security\IAMAPP.EXE -> File not found
ibyt -> C:\WINDOWS\system32\gaosqli\ibyt.exe -> File not found
ielfe -> C:\WINDOWS\system32\nnhklqfk\ielfe.exe -> File not found
ihrp -> C:\WINDOWS\system32\fwya\ihrp.exe -> File not found
inftb32w -> C:\WINDOWS\system32\inftb32w.exe -> File not found
Iomega Automatic Backup -> C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe -> Iomega Corporation [Ver = Build 52 | Size = 3026944 bytes | Modified Date = 10/10/2002 4:25:38 PM | Attr = ]
Iomega Automatic Backup 1.0.1 -> C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe -> Iomega Corporation [Ver = Build 52 | Size = 3026944 bytes | Modified Date = 10/10/2002 4:25:38 PM | Attr = ]
ippy.exe -> C:\WINDOWS\system32\ippy.exe -> File not found
iTunesHelper -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 278528 bytes | Modified Date = 12/18/2004 12:20:14 AM | Attr = ]
jbhkaafj -> C:\WINDOWS\System32\hliojyxy\jbhkaafj.exe -> File not found
jciatwaj -> C:\WINDOWS\system32\gonujux\jciatwaj.exe -> File not found
jlxvlqeb -> C:\WINDOWS\system32\hdtjmm\jlxvlqeb.exe -> File not found
jtotad -> C:\WINDOWS\system32\tlcsmvf\jtotad.exe -> File not found
jwjo -> C:\WINDOWS\system32\qyrlpb\jwjo.exe -> File not found
kbum -> C:\WINDOWS\system32\fxjyt\kbum.exe -> File not found
kcsqtoay -> C:\WINDOWS\system32\eeakyq\kcsqtoay.exe -> File not found
kfpjqk -> C:\WINDOWS\system32\gvjink\kfpjqk.exe -> File not found
khkjcnxa -> C:\WINDOWS\system32\hsrej\khkjcnxa.exe -> File not found
lbjj -> C:\WINDOWS\system32\kbfdpa\lbjj.exe -> File not found
lhhjdj -> C:\WINDOWS\system32\sceyj\lhhjdj.exe -> File not found
llclf -> C:\WINDOWS\System32\niqsbs\llclf.exe -> File not found
lmwjyve -> C:\WINDOWS\system32\iwrddabe\lmwjyve.exe -> File not found
lpxs -> C:\WINDOWS\system32\armbl\lpxs.exe -> File not found
lxvc -> C:\WINDOWS\system32\ibqqqufp\lxvc.exe -> File not found
mayqxwh -> C:\WINDOWS\System32\wqsml\mayqxwh.exe -> File not found
MCAgentExe -> c:\PROGRA~1\mcafee.com\agent\mcagent.exe -> File not found
mcfgx -> C:\WINDOWS\system32\gvifd\mcfgx.exe -> File not found
MCUpdateExe -> C:\PROGRA~1\mcafee.com\agent\mcupdate.exe -> File not found
mecxpbmh -> C:\WINDOWS\system32\ycmxbya\mecxpbmh.exe -> File not found
mgxxycrm -> C:\WINDOWS\System32\rjakoasn\mgxxycrm.exe -> File not found
mhlb -> C:\WINDOWS\system32\rvbn\mhlb.exe -> File not found
Microsoft Works Update Detection -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 9.00.0607.0 | Size = 50688 bytes | Modified Date = 6/7/2003 6:32:32 AM | Attr = ]
MPFExe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> File not found
MPSExe -> C:\Program Files\McAfee.com\MPS\mscifapp.exe -> File not found
MSKAGENTEXE -> C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe -> File not found
MSKDetectorExe -> C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe -> File not found
msnmsgr -> C:\Program Files\MSN Messenger\msnmsgr.exe -> File not found
NAV Agent -> C:\PROGRA~1\NORTON~1\navapw32.exe -> File not found
NeroFilterCheck -> C:\WINDOWS\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
nhbexs -> C:\WINDOWS\system32\roreu\nhbexs.exe -> File not found
njufo -> C:\WINDOWS\system32\govlqxj\njufo.exe -> File not found
nlgskqh -> C:\WINDOWS\System32\rmcge\nlgskqh.exe -> File not found
nnhgwwy -> C:\WINDOWS\system32\avfrdx\nnhgwwy.exe -> File not found
nnnyha -> C:\WINDOWS\system32\nwgdrks\nnnyha.exe -> File not found
nqijxwty -> C:\WINDOWS\system32\auclgi\nqijxwty.exe -> File not found
Nsv -> C:\WINDOWS\system32\nsvsvc\nsvsvc.exe -> File not found
ntqm.exe -> C:\WINDOWS\system32\ntqm.exe -> File not found
ocbgls -> C:\WINDOWS\system32\vchgw\ocbgls.exe -> File not found
ovei -> C:\WINDOWS\system32\lbujre\ovei.exe -> File not found
ovfehcop -> C:\WINDOWS\system32\ecomqjb\ovfehcop.exe -> File not found
pccpxoia -> C:\WINDOWS\system32\trlhoog\pccpxoia.exe -> File not found
pdvvd -> C:\WINDOWS\system32\goqtfc\pdvvd.exe -> File not found
pidqivms -> C:\WINDOWS\system32\ypfaje\pidqivms.exe -> File not found
pourhyqm -> C:\WINDOWS\system32\iilb\pourhyqm.exe -> File not found
ppkunwq -> C:\WINDOWS\system32\cicoksym\ppkunwq.exe -> File not found
qhxxn -> C:\WINDOWS\system32\kkkrwbmi\qhxxn.exe -> File not found
qnsbtl -> C:\WINDOWS\system32\wwcjewsl\qnsbtl.exe -> File not found
qpanx -> C:\WINDOWS\System32\cdqkdw\qpanx.exe -> File not found
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 12/24/2005 7:02:06 PM | Attr = ]
qxor -> C:\WINDOWS\system32\fhjpbuph\qxor.exe -> File not found
rbmkiv -> C:\WINDOWS\system32\nddhonra\rbmkiv.exe -> File not found
rcchgi -> C:\WINDOWS\system32\grxtlyfk\rcchgi.exe -> File not found
refyyyuy -> C:\WINDOWS\system32\kdipam\refyyyuy.exe -> File not found
rnsu -> C:\WINDOWS\System32\qsecgeet\rnsu.exe -> File not found
rqghhh -> C:\WINDOWS\system32\fdrn\rqghhh.exe -> File not found
sarjm -> C:\WINDOWS\system32\nwaueebv\sarjm.exe -> File not found
sgwsamp -> C:\WINDOWS\system32\ypca\sgwsamp.exe -> File not found
shtmlm -> C:\WINDOWS\system32\shtmlm.exe -> File not found
smhqooct -> C:\WINDOWS\system32\liuob\smhqooct.exe -> File not found
sqeki -> C:\WINDOWS\system32\jese\sqeki.exe -> File not found
STOPzilla -> C:\Program Files\STOPzilla!\Stopzilla.exe -> International Software Systems Solutions [Ver = 3, 2, 5, 2 | Size = 40960 bytes | Modified Date = 8/9/2004 2:23:10 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 9/28/2004 8:26:04 PM | Attr = ]
Symantec NetDriver Monitor -> C:\Program Files\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 8/17/2006 8:56:14 AM | Attr = ]
tcvfu -> C:\WINDOWS\System32\lneyoc\tcvfu.exe -> File not found
TkBellExe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 12/12/2004 1:00:58 AM | Attr = ]
tklh -> C:\WINDOWS\system32\lnmjcve\tklh.exe -> File not found
tqiti -> C:\WINDOWS\system32\wdqnmqne\tqiti.exe -> File not found
uckexn -> C:\WINDOWS\system32\poqcnb\uckexn.exe -> File not found
urllkh -> C:\WINDOWS\system32\pwmgv\urllkh.exe -> File not found
UserFaultCheck -> -> File not found
vefnutau -> C:\WINDOWS\system32\wgsi\vefnutau.exe -> File not found
ViewMgr -> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe -> File not found
VirusScan Online -> c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe -> File not found
vjrae -> C:\WINDOWS\System32\olxq\vjrae.exe -> File not found
VSOCheckTask -> c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe -> File not found
vubgxl -> C:\WINDOWS\system32\irgsosu\vubgxl.exe -> File not found
vwpnpcog -> C:\WINDOWS\System32\hjmqduxw\vwpnpcog.exe -> File not found
Weather -> C:\Program Files\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 4, 0, 9 | Size = 1597440 bytes | Modified Date = 9/9/2004 5:35:38 PM | Attr = ]
wljxkbgn -> C:\WINDOWS\system32\xxqpixwm\wljxkbgn.exe -> File not found
wnjxgu -> C:\WINDOWS\System32\ujyiasb\wnjxgu.exe -> File not found
wridyxl -> C:\WINDOWS\system32\fkbfyk\wridyxl.exe -> File not found
wxlcrie -> C:\WINDOWS\system32\dghelvr\wxlcrie.exe -> File not found
xptjn -> C:\WINDOWS\system32\xhklfg\xptjn.exe -> File not found
xyofkviy -> C:\WINDOWS\system32\djoway\xyofkviy.exe -> File not found
Yahoo! Pager -> C:\Program Files\Yahoo!\Messenger\YPager.exe -> [Ver = | Size = 3096576 bytes | Modified Date = 12/8/2005 1:55:10 PM | Attr = ]
ybqo -> C:\WINDOWS\system32\ywqdyoy\ybqo.exe -> File not found
ydggq -> C:\WINDOWS\system32\aaxbg\ydggq.exe -> File not found
yihrfgp -> C:\WINDOWS\system32\nyseepmf\yihrfgp.exe -> File not found
ykgnbmv -> C:\WINDOWS\system32\tfqd\ykgnbmv.exe -> File not found
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 12:02:04 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\program files\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 2, 0, 114, 9 | Size = 720896 bytes | Modified Date = 12/2/2004 1:59:32 PM | Attr = R ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{E3215F20-3212-11D6-9F8B-00D0B743919D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 11/13/2004 8:01:52 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 2, 0, 114, 9 | Size = 720896 bytes | Modified Date = 12/2/2004 1:59:32 PM | Attr = R ]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8193 - Yahoo! Messenger ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8196 - Uninstall BitDefender Online Scanner v8 ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8194 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8195 - Windows Messenger ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 5:50:04 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 1:56:24 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> C:\Program Files\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 6:13:24 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 102400 bytes | Modified Date = 12/18/2004 12:19:16 AM | Attr = ]
{CCA60260-A2C9-11D2-BA62-0020188191B2} [HKLM] -> rrShellX.dll [Registrar Registry Manager SHell Extension] -> File not found
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> C:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.1946 | Size = 49198 bytes | Modified Date = 12/12/2004 1:01:14 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{5aa2ebda-7714-4a88-952e-e5059da9d07e} [HKLM] -> Reg Data - Key not found [kfmqnx] -> File not found
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> Reg Data - Key not found [Symantec.Norton.Antivirus.IEContextMenu] -> File not found
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> C:\Program Files\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 6:13:24 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> Reg Data - Key not found [Symantec.Norton.Antivirus.IEContextMenu] -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
sv1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{1B82D376-C13E-4EE2-A96E-121B5F5E4086} -> (Linksys Wireless-G PCI Adapter) ->
{2F427322-1F6A-4E09-B95F-E6807465A6B9} -> (Intel® PRO/100 VM Network Connection) ->
{E593EE84-7B86-4B3C-99F9-95C967ED77CA} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
AboutBuster.zip -> C:\AboutBuster.zip -> [Ver = | Size = 39875 bytes | Created Date = 12/26/2006 9:03:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\AboutBuster.zip:Zone.Identifier ->
aswclnr.exe -> C:\aswclnr.exe -> [Ver = 1, 0, 209, 0 | Size = 403072 bytes | Created Date = 12/24/2006 11:59:45 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\aswclnr.exe:Zone.Identifier ->
aswclnr.log -> C:\aswclnr.log -> [Ver = | Size = 1064 bytes | Created Date = 12/25/2006 12:04:02 AM | Attr = ]
ATF-Cleaner.exe -> C:\ATF-Cleaner.exe -> Atribune.org [Ver = 2.00.0008 | Size = 47104 bytes | Created Date = 12/26/2006 9:01:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\ATF-Cleaner.exe:Zone.Identifier ->
avg75free_432a861.exe -> C:\avg75free_432a861.exe -> [Ver = | Size = 17674296 bytes | Created Date = 12/21/2006 11:03:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\avg75free_432a861.exe:Zone.Identifier ->
avgas-setup-7.5.0.50.exe -> C:\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Created Date = 12/21/2006 11:03:27 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
bitdefender.html -> C:\bitdefender.html -> [Ver = | Size = 922262 bytes | Created Date = 12/24/2006 8:11:08 AM | Attr = ]
CWShredder.exe -> C:\CWShredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Created Date = 12/21/2006 10:26:26 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\CWShredder.exe:Zone.Identifier ->
delcwssk.zip -> C:\delcwssk.zip -> [Ver = | Size = 52461 bytes | Created Date = 12/26/2006 9:00:45 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\delcwssk.zip:Zone.Identifier ->
direct.txt -> C:\direct.txt -> [Ver = | Size = 56 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
dllcompare.exe -> C:\dllcompare.exe -> Option^Explicit Software [Ver = 1.00.0127 | Size = 122880 bytes | Created Date = 12/26/2006 8:27:12 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\dllcompare.exe:Zone.Identifier ->
FixBargainbuddy.exe -> C:\FixBargainbuddy.exe -> [Ver = 1.0.4 | Size = 168592 bytes | Created Date = 12/22/2006 7:28:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\FixBargainbuddy.exe:Zone.Identifier ->
FixBargainbuddy.log -> C:\FixBargainbuddy.log -> [Ver = | Size = 109 bytes | Created Date = 12/22/2006 11:43:21 PM | Attr = ]
FixIefts.exe -> C:\FixIefts.exe -> Symantec Corporation [Ver = 1.0.1 | Size = 156296 bytes | Created Date = 12/22/2006 7:30:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\FixIefts.exe:Zone.Identifier ->
FixIefts.log -> C:\FixIefts.log -> [Ver = | Size = 46 bytes | Created Date = 12/22/2006 9:23:23 PM | Attr = ]
Free-Spyware-Scanner-Install.exe -> C:\Free-Spyware-Scanner-Install.exe -> [Ver = | Size = 3441104 bytes | Created Date = 12/24/2006 11:52:44 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Free-Spyware-Scanner-Install.exe:Zone.Identifier ->
HijackThis.exe -> C:\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.97.0007 | Size = 160768 bytes | Created Date = 12/21/2006 10:18:03 AM | Attr = ]
hijackthis.zip -> C:\hijackthis.zip -> [Ver = | Size = 212851 bytes | Created Date = 12/24/2006 11:27:02 AM | Attr = ]
kaper.html -> C:\kaper.html -> [Ver = | Size = 6384834 bytes | Created Date = 12/24/2006 10:12:47 PM | Attr = ]
KillBox.exe -> C:\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Created Date = 12/24/2006 11:45:23 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\KillBox.exe:Zone.Identifier ->
l2mfix.exe -> C:\l2mfix.exe -> [Ver = | Size = 336914 bytes | Created Date = 12/26/2006 9:41:57 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\l2mfix.exe:Zone.Identifier ->
log.txt -> C:\log.txt -> [Ver = | Size = 546 bytes | Created Date = 12/26/2006 9:02:10 PM | Attr = ]
logdllcompare.txt -> C:\logdllcompare.txt -> [Ver = | Size = 546 bytes | Created Date = 12/27/2006 4:52:55 PM | Attr = ]
Look2Me-Destroyer.exe -> C:\Look2Me-Destroyer.exe -> Atribune.org [Ver = 1.00.0012 | Size = 40960 bytes | Created Date = 12/26/2006 9:14:25 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Look2Me-Destroyer.exe:Zone.Identifier ->
Look2Me-Destroyer.txt -> C:\Look2Me-Destroyer.txt -> [Ver = | Size = 510 bytes | Created Date = 12/26/2006 10:44:03 PM | Attr = ]
Look2Me_Remover.exe -> C:\Look2Me_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 678544 bytes | Created Date = 12/26/2006 5:27:51 PM | Attr = ]
LS-Look2Me-Remover.log -> C:\LS-Look2Me-Remover.log -> [Ver = | Size = 377 bytes | Created Date = 12/26/2006 5:28:19 PM | Attr = ]
LS-Virtumonde-Remover.log -> C:\LS-Virtumonde-Remover.log -> [Ver = | Size = 384 bytes | Created Date = 12/26/2006 5:29:58 PM | Attr = ]
LsReCore_L2M.dll -> C:\LsReCore_L2M.dll -> Lavasoft AB [Ver = 1, 0, 0, 1 | Size = 184320 bytes | Created Date = 12/26/2006 5:29:00 PM | Attr = ]
LsReCore_VM.dll -> C:\LsReCore_VM.dll -> Lavasoft AB [Ver = 2, 0, 0, 1 | Size = 184320 bytes | Created Date = 12/26/2006 5:31:00 PM | Attr = ]
nav8.exe -> C:\nav8.exe -> Symantec Corporation [Ver = 1.0.0.387 RELEASE | Size = 35777509 bytes | Created Date = 12/21/2006 3:33:58 PM | Attr = R ]
PkgClnup.log -> C:\PkgClnup.log -> [Ver = | Size = 16846 bytes | Created Date = 12/22/2006 2:12:18 AM | Attr = ]
ppa.zip -> C:\ppa.zip -> [Ver = | Size = 1931689 bytes | Created Date = 12/23/2006 12:16:35 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\ppa.zip:Zone.Identifier ->
rapport.txt -> C:\rapport.txt -> [Ver = | Size = 1070 bytes | Created Date = 12/26/2006 9:06:47 PM | Attr = ]
rdrivrem.zip -> C:\rdrivrem.zip -> [Ver = | Size = 46332 bytes | Created Date = 12/26/2006 9:48:53 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\rdrivrem.zip:Zone.Identifier ->
reglite.exe -> C:\reglite.exe -> Resplendence Software Projects Sp. [Ver = | Size = 2596584 bytes | Created Date = 12/26/2006 8:35:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\reglite.exe:Zone.Identifier ->
Rnav2003.exe -> C:\Rnav2003.exe -> Symantec [Ver = 3, 0, 0, 11 | Size = 356352 bytes | Created Date = 12/27/2006 8:54:47 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Rnav2003.exe:Zone.Identifier ->
RnisUPG.exe -> C:\RnisUPG.exe -> Symantec Corporation [Ver = 6.0.4.0 | Size = 147456 bytes | Created Date = 12/27/2006 8:54:55 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\RnisUPG.exe:Zone.Identifier ->
setupeng.exe -> C:\setupeng.exe -> [Ver = 1, 1, 0, 0 | Size = 12099848 bytes | Created Date = 12/25/2006 12:01:18 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\setupeng.exe:Zone.Identifier ->
Silent Runners.vbs -> C:\Silent Runners.vbs -> [Ver = | Size = 346902 bytes | Created Date = 12/26/2006 8:43:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Silent Runners.vbs:Zone.Identifier ->
SmitfraudFix.exe -> C:\SmitfraudFix.exe -> [Ver = | Size = 731028 bytes | Created Date = 12/26/2006 9:05:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\SmitfraudFix.exe:Zone.Identifier ->
stng260.exe -> C:\stng260.exe -> McAfee Inc. [Ver = 2.6.0. | Size = 1144839 bytes | Created Date = 12/27/2006 4:59:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\stng260.exe:Zone.Identifier ->
stng260.opt -> C:\stng260.opt -> [Ver = | Size = 17 bytes | Created Date = 12/27/2006 5:46:56 PM | Attr = ]
symantec.txt -> C:\symantec.txt -> [Ver = | Size = 5399 bytes | Created Date = 12/23/2006 2:18:51 PM | Attr = ]
SYMCLN.EXE -> C:\SYMCLN.EXE -> [Ver = | Size = 206665 bytes | Created Date = 12/27/2006 8:55:03 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\SYMCLN.EXE:Zone.Identifier ->
Virtumonde_Remover.exe -> C:\Virtumonde_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 663040 bytes | Created Date = 12/26/2006 5:29:34 PM | Attr = ]
VirtumundoBeGone.exe -> C:\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 12/26/2006 9:14:07 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\VirtumundoBeGone.exe:Zone.Identifier ->
VundoFix.exe -> C:\VundoFix.exe -> Atribune.org [Ver = 6.02.0013 | Size = 88064 bytes | Created Date = 12/26/2006 9:12:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\VundoFix.exe:Zone.Identifier ->
VundoFix.txt -> C:\VundoFix.txt -> [Ver = | Size = 411 bytes | Created Date = 12/26/2006 9:12:59 PM | Attr = ]
Win32_Pipeline_Remover.exe -> C:\Win32_Pipeline_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 657552 bytes | Created Date = 12/26/2006 5:29:29 PM | Attr = ]
WindowsDefender.msi -> C:\WindowsDefender.msi -> [Ver = | Size = 5186048 bytes | Created Date = 12/20/2006 11:43:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\WindowsDefender.msi:Zone.Identifier ->
winpfind3u.exe -> C:\winpfind3u.exe -> [Ver = | Size = 337280 bytes | Created Date = 12/27/2006 10:49:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\winpfind3u.exe:Zone.Identifier ->
zlsSetup_65_737_000_en.exe -> C:\zlsSetup_65_737_000_en.exe -> [Ver = | Size = 13714856 bytes | Created Date = 12/27/2006 5:01:01 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\zlsSetup_65_737_000_en.exe:Zone.Identifier ->
_NavCClt.Log -> C:\_NavCClt.Log -> [Ver = | Size = 6364 bytes | Created Date = 12/22/2006 2:12:15 AM | Attr = H ]
apiri32.dll -> C:\WINDOWS\apiri32.dll -> [Ver = | Size = 0 bytes | Created Date = 12/8/2006 7:33:19 PM | Attr = ]
ffpjq.log -> C:\WINDOWS\ffpjq.log -> [Ver = | Size = 0 bytes | Created Date = 12/2/2006 12:41:29 PM | Attr = ]
javavp.exe -> C:\WINDOWS\javavp.exe -> [Ver = | Size = 0 bytes | Created Date = 12/3/2006 12:42:33 PM | Attr = ]
msrtb.dat -> C:\WINDOWS\msrtb.dat -> [Ver = | Size = 0 bytes | Created Date = 12/13/2006 6:19:34 PM | Attr = ]
nettb.exe -> C:\WINDOWS\nettb.exe -> [Ver = | Size = 0 bytes | Created Date = 11/29/2006 10:07:56 AM | Attr = ]
odjnj.dll -> C:\WINDOWS\odjnj.dll -> [Ver = | Size = 0 bytes | Created Date = 12/13/2006 9:22:31 AM | Attr = ]
ogtej.dll -> C:\WINDOWS\ogtej.dll -> [Ver = | Size = 0 bytes | Created Date = 12/8/2006 5:49:34 PM | Attr = ]
pytcc.txt -> C:\WINDOWS\pytcc.txt -> [Ver = | Size = 0 bytes | Created Date = 12/9/2006 12:04:59 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\pytcc.txt:xuumy ->
pyxlj.dll -> C:\WINDOWS\pyxlj.dll -> [Ver = | Size = 0 bytes | Created Date = 11/29/2006 1:11:08 AM | Attr = ]
usyoz.txt -> C:\WINDOWS\usyoz.txt -> [Ver = | Size = 0 bytes | Created Date = 12/6/2006 8:48:02 AM | Attr = ]
vuwaa.log -> C:\WINDOWS\vuwaa.log -> [Ver = | Size = 0 bytes | Created Date = 12/6/2006 8:37:12 PM | Attr = ]
Zdkdipbxll.hkh -> C:\WINDOWS\Zdkdipbxll.hkh -> [Ver = | Size = 8409 bytes | Created Date = 11/28/2006 4:14:47 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Zdkdipbxll.hkh:uwerfb ->
_default.pif -> C:\WINDOWS\_default.pif -> [Ver = | Size = 0 bytes | Created Date = 12/12/2006 5:02:31 PM | Attr = ]
addtg32.exe -> C:\WINDOWS\System32\addtg32.exe -> [Ver = | Size = 0 bytes | Created Date = 12/3/2006 12:38:23 AM | Attr = ]
asfiles.txt -> C:\WINDOWS\System32\asfiles.txt -> [Ver = | Size = 0 bytes | Created Date = 12/21/2006 10:10:53 PM | Attr = ]
asuninst.exe -> C:\WINDOWS\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 12/21/2006 10:08:24 PM | Attr = ]
AUTOEXEC.NT -> C:\WINDOWS\System32\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 12/26/2006 8:28:17 PM | Attr = ]
bidma.dat -> C:\WINDOWS\System32\bidma.dat -> [Ver = | Size = 0 bytes | Created Date = 11/29/2006 11:50:49 PM | Attr = ]
brojf.txt -> C:\WINDOWS\System32\brojf.txt -> [Ver = | Size = 0 bytes | Created Date = 12/15/2006 12:44:55 AM | Attr = ]
dbplu.log -> C:\WINDOWS\System32\dbplu.log -> [Ver = | Size = 0 bytes | Created Date = 11/29/2006 3:44:01 PM | Attr = ]
Help.ico -> C:\WINDOWS\System32\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 12/21/2006 10:07:55 PM | Attr = ]
javaus32.dll -> C:\WINDOWS\System32\javaus32.dll -> [Ver = | Size = 0 bytes | Created Date = 12/9/2006 8:40:38 PM | Attr = ]
locate.com -> C:\WINDOWS\System32\locate.com -> [Ver = | Size = 11254 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
Ntrights.exe -> C:\WINDOWS\System32\Ntrights.exe -> [Ver = | Size = 39184 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
pavas.ico -> C:\WINDOWS\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 12/21/2006 10:07:54 PM | Attr = ]
restart.exe -> C:\WINDOWS\System32\restart.exe -> WareSoft Software [Ver = 1.00 | Size = 16384 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
rrSpy.sys -> C:\WINDOWS\System32\rrSpy.sys -> Resplendence [Ver = 2.00 built by: WinDDK | Size = 21888 bytes | Created Date = 12/26/2006 8:37:05 PM | Attr = ]
strings.exe -> C:\WINDOWS\System32\strings.exe -> [Ver = | Size = 175616 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
tkhvs.dll -> C:\WINDOWS\System32\tkhvs.dll -> [Ver = | Size = 0 bytes | Created Date = 11/29/2006 6:36:10 PM | Attr = ]
tmp.reg -> C:\WINDOWS\System32\tmp.reg -> [Ver = | Size = 2210 bytes | Created Date = 12/26/2006 9:06:50 PM | Attr = ]
tmp.txt -> C:\WINDOWS\System32\tmp.txt -> [Ver = | Size = 0 bytes | Created Date = 12/26/2006 9:06:50 PM | Attr = ]
Uninstall.ico -> C:\WINDOWS\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 12/21/2006 10:07:55 PM | Attr = ]
winnm.exe -> C:\WINDOWS\System32\winnm.exe -> [Ver = | Size = 0 bytes | Created Date = 12/4/2006 2:27:38 PM | Attr = ]
zip.exe -> C:\WINDOWS\System32\zip.exe -> [Ver = | Size = 126976 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
ZPORT4AS.dll -> C:\WINDOWS\System32\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 12/21/2006 10:08:24 PM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 12/21/2006 10:44:42 AM | Attr = ]
RKL77.tmp.sys -> C:\WINDOWS\System32\drivers\RKL77.tmp.sys -> Lavasoft AB [Ver = 1.0.0.0 | Size = 7680 bytes | Created Date = 12/26/2006 5:37:22 PM | Attr = ]
tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 12/24/2006 12:08:32 AM | Attr = ]

[Files - Modified Wihin 30 days]
AboutBuster.zip -> C:\AboutBuster.zip -> [Ver = | Size = 39875 bytes | Modified Date = 12/26/2006 9:03:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\AboutBuster.zip:Zone.Identifier ->
aswclnr.exe -> C:\aswclnr.exe -> [Ver = 1, 0, 209, 0 | Size = 403072 bytes | Modified Date = 12/25/2006 12:00:48 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\aswclnr.exe:Zone.Identifier ->
aswclnr.log -> C:\aswclnr.log -> [Ver = | Size = 1064 bytes | Modified Date = 12/25/2006 12:29:50 AM | Attr = ]
ATF-Cleaner.exe -> C:\ATF-Cleaner.exe -> Atribune.org [Ver = 2.00.0008 | Size = 47104 bytes | Modified Date = 12/26/2006 9:02:02 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\ATF-Cleaner.exe:Zone.Identifier ->
avg75free_432a861.exe -> C:\avg75free_432a861.exe -> [Ver = | Size = 17674296 bytes | Modified Date = 12/21/2006 11:04:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\avg75free_432a861.exe:Zone.Identifier ->
avgas-setup-7.5.0.50.exe -> C:\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Modified Date = 12/21/2006 11:05:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
bitdefender.html -> C:\bitdefender.html -> [Ver = | Size = 922262 bytes | Modified Date = 12/24/2006 7:55:08 AM | Attr = ]
boot.ini -> C:\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/20/2006 10:23:28 PM | Attr = RHS]
CWShredder.exe -> C:\CWShredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 12/24/2006 1:12:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\CWShredder.exe:Zone.Identifier ->
delcwssk.zip -> C:\delcwssk.zip -> [Ver = | Size = 52461 bytes | Modified Date = 12/26/2006 9:01:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\delcwssk.zip:Zone.Identifier ->
direct.txt -> C:\direct.txt -> [Ver = | Size = 56 bytes | Modified Date = 12/26/2006 9:44:38 PM | Attr = ]
dllcompare.exe -> C:\dllcompare.exe -> Option^Explicit Software [Ver = 1.00.0127 | Size = 122880 bytes | Modified Date = 12/26/2006 8:28:06 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\dllcompare.exe:Zone.Identifier ->
FixBargainbuddy.exe -> C:\FixBargainbuddy.exe -> [Ver = 1.0.4 | Size = 168592 bytes | Modified Date = 12/22/2006 7:28:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\FixBargainbuddy.exe:Zone.Identifier ->
FixBargainbuddy.log -> C:\FixBargainbuddy.log -> [Ver = | Size = 109 bytes | Modified Date = 12/23/2006 12:01:36 AM | Attr = ]
FixIefts.exe -> C:\FixIefts.exe -> Symantec Corporation [Ver = 1.0.1 | Size = 156296 bytes | Modified Date = 12/22/2006 9:16:18 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\FixIefts.exe:Zone.Identifier ->
FixIefts.log -> C:\FixIefts.log -> [Ver = | Size = 46 bytes | Modified Date = 12/22/2006 10:48:44 PM | Attr = ]
Free-Spyware-Scanner-Install.exe -> C:\Free-Spyware-Scanner-Install.exe -> [Ver = | Size = 3441104 bytes | Modified Date = 12/24/2006 11:53:04 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Free-Spyware-Scanner-Install.exe:Zone.Identifier ->
hijackthis.zip -> C:\hijackthis.zip -> [Ver = | Size = 212851 bytes | Modified Date = 12/24/2006 11:27:04 AM | Attr = ]
kaper.html -> C:\kaper.html -> [Ver = | Size = 6384834 bytes | Modified Date = 12/24/2006 10:12:52 PM | Attr = ]
KillBox.exe -> C:\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Modified Date = 12/24/2006 11:45:36 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\KillBox.exe:Zone.Identifier ->
l2mfix.exe -> C:\l2mfix.exe -> [Ver = | Size = 336914 bytes | Modified Date = 12/26/2006 9:42:12 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\l2mfix.exe:Zone.Identifier ->
log.txt -> C:\log.txt -> [Ver = | Size = 546 bytes | Modified Date = 12/27/2006 4:52:44 PM | Attr = ]
logdllcompare.txt -> C:\logdllcompare.txt -> [Ver = | Size = 546 bytes | Modified Date = 12/27/2006 4:52:56 PM | Attr = ]
Look2Me-Destroyer.exe -> C:\Look2Me-Destroyer.exe -> Atribune.org [Ver = 1.00.0012 | Size = 40960 bytes | Modified Date = 12/26/2006 9:14:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Look2Me-Destroyer.exe:Zone.Identifier ->
Look2Me-Destroyer.txt -> C:\Look2Me-Destroyer.txt -> [Ver = | Size = 510 bytes | Modified Date = 12/26/2006 11:28:54 PM | Attr = ]
Look2Me_Remover.exe -> C:\Look2Me_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 678544 bytes | Modified Date = 12/26/2006 5:18:32 PM | Attr = ]
LS-Look2Me-Remover.log -> C:\LS-Look2Me-Remover.log -> [Ver = | Size = 377 bytes | Modified Date = 12/26/2006 5:29:18 PM | Attr = ]
LS-Virtumonde-Remover.log -> C:\LS-Virtumonde-Remover.log -> [Ver = | Size = 384 bytes | Modified Date = 12/26/2006 5:31:28 PM | Attr = ]
LsReCore_L2M.dll -> C:\LsReCore_L2M.dll -> Lavasoft AB [Ver = 1, 0, 0, 1 | Size = 184320 bytes | Modified Date = 12/26/2006 5:29:02 PM | Attr = ]
LsReCore_VM.dll -> C:\LsReCore_VM.dll -> Lavasoft AB [Ver = 2, 0, 0, 1 | Size = 184320 bytes | Modified Date = 12/26/2006 5:31:02 PM | Attr = ]
PkgClnup.log -> C:\PkgClnup.log -> [Ver = | Size = 16846 bytes | Modified Date = 12/22/2006 2:13:36 AM | Attr = ]
ppa.zip -> C:\ppa.zip -> [Ver = | Size = 1931689 bytes | Modified Date = 12/23/2006 12:17:04 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\ppa.zip:Zone.Identifier ->
rapport.txt -> C:\rapport.txt -> [Ver = | Size = 1070 bytes | Modified Date = 12/26/2006 10:03:58 PM | Attr = ]
rdrivrem.zip -> C:\rdrivrem.zip -> [Ver = | Size = 46332 bytes | Modified Date = 12/26/2006 9:49:00 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\rdrivrem.zip:Zone.Identifier ->
reglite.exe -> C:\reglite.exe -> Resplendence Software Projects Sp. [Ver = | Size = 2596584 bytes | Modified Date = 12/26/2006 8:36:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\reglite.exe:Zone.Identifier ->
Rnav2003.exe -> C:\Rnav2003.exe -> Symantec [Ver = 3, 0, 0, 11 | Size = 356352 bytes | Modified Date = 12/27/2006 8:55:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Rnav2003.exe:Zone.Identifier ->
RnisUPG.exe -> C:\RnisUPG.exe -> Symantec Corporation [Ver = 6.0.4.0 | Size = 147456 bytes | Modified Date = 12/27/2006 8:55:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\RnisUPG.exe:Zone.Identifier ->
setupeng.exe -> C:\setupeng.exe -> [Ver = 1, 1, 0, 0 | Size = 12099848 bytes | Modified Date = 12/25/2006 12:02:06 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\setupeng.exe:Zone.Identifier ->
Silent Runners.vbs -> C:\Silent Runners.vbs -> [Ver = | Size = 346902 bytes | Modified Date = 12/26/2006 8:43:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Silent Runners.vbs:Zone.Identifier ->
SmitfraudFix.exe -> C:\SmitfraudFix.exe -> [Ver = | Size = 731028 bytes | Modified Date = 12/26/2006 9:06:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\SmitfraudFix.exe:Zone.Identifier ->
stng260.exe -> C:\stng260.exe -> McAfee Inc. [Ver = 2.6.0. | Size = 1144839 bytes | Modified Date = 12/27/2006 4:59:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\stng260.exe:Zone.Identifier ->
stng260.opt -> C:\stng260.opt -> [Ver = | Size = 17 bytes | Modified Date = 12/27/2006 5:46:58 PM | Attr = ]
symantec.txt -> C:\symantec.txt -> [Ver = | Size = 5399 bytes | Modified Date = 12/23/2006 2:18:52 PM | Attr = ]
SYMCLN.EXE -> C:\SYMCLN.EXE -> [Ver = | Size = 206665 bytes | Modified Date = 12/27/2006 8:56:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\SYMCLN.EXE:Zone.Identifier ->
Virtumonde_Remover.exe -> C:\Virtumonde_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 663040 bytes | Modified Date = 12/26/2006 5:19:44 PM | Attr = ]
VirtumundoBeGone.exe -> C:\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 12/26/2006 9:14:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\VirtumundoBeGone.exe:Zone.Identifier ->
VundoFix.exe -> C:\VundoFix.exe -> Atribune.org [Ver = 6.02.0013 | Size = 88064 bytes | Modified Date = 12/26/2006 9:12:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\VundoFix.exe:Zone.Identifier ->
VundoFix.txt -> C:\VundoFix.txt -> [Ver = | Size = 411 bytes | Modified Date = 12/26/2006 10:42:28 PM | Attr = ]
Win32_Pipeline_Remover.exe -> C:\Win32_Pipeline_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 657552 bytes | Modified Date = 12/26/2006 5:19:24 PM | Attr = ]
WindowsDefender.msi -> C:\WindowsDefender.msi -> [Ver = | Size = 5186048 bytes | Modified Date = 12/20/2006 11:43:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\WindowsDefender.msi:Zone.Identifier ->
winpfind3u.exe -> C:\winpfind3u.exe -> [Ver = | Size = 337280 bytes | Modified Date = 12/27/2006 10:49:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\winpfind3u.exe:Zone.Identifier ->
zlsSetup_65_737_000_en.exe -> C:\zlsSetup_65_737_000_en.exe -> [Ver = | Size = 13714856 bytes | Modified Date = 12/27/2006 5:01:36 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\zlsSetup_65_737_000_en.exe:Zone.Identifier ->
_NavCClt.Log -> C:\_NavCClt.Log -> [Ver = | Size = 6364 bytes | Modified Date = 12/22/2006 2:13:54 AM | Attr = H ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/27/2006 9:00:02 PM | Attr = ]
apiri32.dll -> C:\WINDOWS\apiri32.dll -> [Ver = | Size = 0 bytes | Modified Date = 12/8/2006 7:33:20 PM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/27/2006 8:59:42 PM | Attr = ]
ffpjq.log -> C:\WINDOWS\ffpjq.log -> [Ver = | Size = 0 bytes | Modified Date = 12/2/2006 12:41:30 PM | Attr = ]
javavp.exe -> C:\WINDOWS\javavp.exe -> [Ver = | Size = 0 bytes | Modified Date = 12/3/2006 12:42:34 PM | Attr = ]
msrtb.dat -> C:\WINDOWS\msrtb.dat -> [Ver = | Size = 0 bytes | Modified Date = 12/13/2006 6:19:36 PM | Attr = ]
nettb.exe -> C:\WINDOWS\nettb.exe -> [Ver = | Size = 0 bytes | Modified Date = 11/29/2006 10:07:58 AM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 1024096 bytes | Modified Date = 12/27/2006 8:59:58 PM | Attr = ]
odjnj.dll -> C:\WINDOWS\odjnj.dll -> [Ver = | Size = 0 bytes | Modified Date = 12/13/2006 9:22:32 AM | Attr = ]
ogtej.dll -> C:\WINDOWS\ogtej.dll -> [Ver = | Size = 0 bytes | Modified Date = 12/8/2006 5:49:36 PM | Attr = ]
pytcc.txt -> C:\WINDOWS\pytcc.txt -> [Ver = | Size = 0 bytes | Modified Date = 12/9/2006 12:05:00 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\pytcc.txt:xuumy ->
pyxlj.dll -> C:\WINDOWS\pyxlj.dll -> [Ver = | Size = 0 bytes | Modified Date = 11/29/2006 1:11:10 AM | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 32250 bytes | Modified Date = 12/27/2006 8:23:10 PM | Attr = ]
setupact.log -> C:\WINDOWS\setupact.log -> [Ver = | Size = 204009 bytes | Modified Date = 12/27/2006 4:50:02 PM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 426050 bytes | Modified Date = 12/27/2006 8:14:22 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\setupapi.log:fwvryr ->
system.ini -> C:\WINDOWS\system.ini -> [Ver = | Size = 451 bytes | Modified Date = 12/27/2006 7:51:36 PM | Attr = ]
usyoz.txt -> C:\WINDOWS\usyoz.txt -> [Ver = | Size = 0 bytes | Modified Date = 12/6/2006 8:48:04 AM | Attr = ]
vuwaa.log -> C:\WINDOWS\vuwaa.log -> [Ver = | Size = 0 bytes | Modified Date = 12/6/2006 8:37:14 PM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 216 bytes | Modified Date = 12/27/2006 8:23:06 PM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/27/2006 8:23:06 PM | Attr = ]
win.ini -> C:\WINDOWS\win.ini -> [Ver = | Size = 697 bytes | Modified Date = 12/21/2006 10:10:50 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 1122475 bytes | Modified Date = 12/27/2006 8:58:54 PM | Attr = ]
Zdkdipbxll.hkh -> C:\WINDOWS\Zdkdipbxll.hkh -> [Ver = | Size = 8409 bytes | Modified Date = 11

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:47 PM

Posted 28 December 2006 - 08:49 AM

Hi rxnelson. The report was too big to fit into a single post. I need the rest of it. It stopped at the following line:

Zdkdipbxll.hkh -> C:\WINDOWS\Zdkdipbxll.hkh -> [Ver = | Size = 8409 bytes | Modified Date = 11

Start there and copy the rest into an additional post.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 rxnelson

rxnelson
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 28 December 2006 - 08:52 AM

Ha! I was just logging in to check on it. I clicked on the check post length button and I thought it said it was fine. I will not be able to post the rest until this afternoon.
Thanks.

#7 rxnelson

rxnelson
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 28 December 2006 - 08:19 PM

Zdkdipbxll.hkh -> C:\WINDOWS\Zdkdipbxll.hkh -> [Ver = | Size = 8409 bytes | Modified Date = 11/28/2006 4:14:48 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Zdkdipbxll.hkh:uwerfb ->
_default.pif -> C:\WINDOWS\_default.pif -> [Ver = | Size = 0 bytes | Modified Date = 12/12/2006 5:02:32 PM | Attr = ]
addtg32.exe -> C:\WINDOWS\System32\addtg32.exe -> [Ver = | Size = 0 bytes | Modified Date = 12/3/2006 12:38:24 AM | Attr = ]
asfiles.txt -> C:\WINDOWS\System32\asfiles.txt -> [Ver = | Size = 0 bytes | Modified Date = 12/21/2006 10:10:54 PM | Attr = ]
AUTOEXEC.NT -> C:\WINDOWS\System32\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Modified Date = 12/26/2006 8:28:18 PM | Attr = ]
bidma.dat -> C:\WINDOWS\System32\bidma.dat -> [Ver = | Size = 0 bytes | Modified Date = 11/29/2006 11:50:50 PM | Attr = ]
brojf.txt -> C:\WINDOWS\System32\brojf.txt -> [Ver = | Size = 0 bytes | Modified Date = 12/15/2006 12:44:56 AM | Attr = ]
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 12/27/2006 8:08:56 PM | Attr = ]
dbplu.log -> C:\WINDOWS\System32\dbplu.log -> [Ver = | Size = 0 bytes | Modified Date = 11/29/2006 3:44:02 PM | Attr = ]
Help.ico -> C:\WINDOWS\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 12/21/2006 10:07:56 PM | Attr = ]
javaus32.dll -> C:\WINDOWS\System32\javaus32.dll -> [Ver = | Size = 0 bytes | Modified Date = 12/9/2006 8:40:40 PM | Attr = ]
pavas.ico -> C:\WINDOWS\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 12/21/2006 10:07:56 PM | Attr = ]
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [Ver = | Size = 40196 bytes | Modified Date = 12/10/2006 12:45:28 AM | Attr = ]
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [Ver = | Size = 311934 bytes | Modified Date = 12/10/2006 12:45:28 AM | Attr = ]
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [Ver = | Size = 356126 bytes | Modified Date = 12/10/2006 12:45:28 AM | Attr = ]
Status.MPF -> C:\WINDOWS\System32\Status.MPF -> [Ver = | Size = 71552 bytes | Modified Date = 12/20/2006 10:29:46 AM | Attr = ]
tkhvs.dll -> C:\WINDOWS\System32\tkhvs.dll -> [Ver = | Size = 0 bytes | Modified Date = 11/29/2006 6:36:12 PM | Attr = ]
tmp.reg -> C:\WINDOWS\System32\tmp.reg -> [Ver = | Size = 2210 bytes | Modified Date = 12/26/2006 9:58:44 PM | Attr = ]
tmp.txt -> C:\WINDOWS\System32\tmp.txt -> [Ver = | Size = 0 bytes | Modified Date = 12/26/2006 9:58:44 PM | Attr = ]
Uninstall.ico -> C:\WINDOWS\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 12/21/2006 10:07:56 PM | Attr = ]
winnm.exe -> C:\WINDOWS\System32\winnm.exe -> [Ver = | Size = 0 bytes | Modified Date = 12/4/2006 2:27:40 PM | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 12/20/2006 11:43:16 PM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 12/23/2006 4:11:54 PM | Attr = ]
RKL77.tmp.sys -> C:\WINDOWS\System32\drivers\RKL77.tmp.sys -> Lavasoft AB [Ver = 1.0.0.0 | Size = 7680 bytes | Modified Date = 12/26/2006 5:37:24 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> C:\aswclnr.exe -> [Ver = 1, 0, 209, 0 | Size = 403072 bytes | Modified Date = 12/25/2006 12:00:48 AM | Attr = ]
UPX! , UPX0 , -> C:\ATF-Cleaner.exe -> Atribune.org [Ver = 2.00.0008 | Size = 47104 bytes | Modified Date = 12/26/2006 9:02:02 PM | Attr = ]
qoologic , urllogic , urllogic , -> C:\CWShredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 12/24/2006 1:12:20 AM | Attr = ]
UPX! , -> C:\dllcompare.exe -> Option^Explicit Software [Ver = 1.00.0127 | Size = 122880 bytes | Modified Date = 12/26/2006 8:28:06 PM | Attr = ]
UPX! , UPX0 , -> C:\FixBargainbuddy.exe -> [Ver = 1.0.4 | Size = 168592 bytes | Modified Date = 12/22/2006 7:28:40 PM | Attr = ]
UPX! , UPX0 , -> C:\FixIefts.exe -> Symantec Corporation [Ver = 1.0.1 | Size = 156296 bytes | Modified Date = 12/22/2006 9:16:18 PM | Attr = ]
UPX! , UPX0 , -> C:\Free-Spyware-Scanner-Install.exe -> [Ver = | Size = 3441104 bytes | Modified Date = 12/24/2006 11:53:04 AM | Attr = ]
UPX! , UPX0 , -> C:\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.97.0007 | Size = 160768 bytes | Modified Date = 11/18/2003 3:00:50 PM | Attr = ]
UPX! , UPX0 , -> C:\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Modified Date = 12/24/2006 11:45:36 AM | Attr = ]
UPX! , UPX0 , -> C:\l2mfix.exe -> [Ver = | Size = 336914 bytes | Modified Date = 12/26/2006 9:42:12 PM | Attr = ]
UPX! , UPX0 , -> C:\Look2Me-Destroyer.exe -> Atribune.org [Ver = 1.00.0012 | Size = 40960 bytes | Modified Date = 12/26/2006 9:14:28 PM | Attr = ]
UPX! , UPX0 , -> C:\Look2Me_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 678544 bytes | Modified Date = 12/26/2006 5:18:32 PM | Attr = ]
WinShutDown , -> C:\LsReCore_L2M.dll -> Lavasoft AB [Ver = 1, 0, 0, 1 | Size = 184320 bytes | Modified Date = 12/26/2006 5:29:02 PM | Attr = ]
WSUD , -> C:\nav8.exe -> Symantec Corporation [Ver = 1.0.0.387 RELEASE | Size = 35777509 bytes | Modified Date = 1/2/2003 5:22:24 PM | Attr = R ]
UPX! , UPX0 , -> C:\setupeng.exe -> [Ver = 1, 1, 0, 0 | Size = 12099848 bytes | Modified Date = 12/25/2006 12:02:06 AM | Attr = ]
UPX! , UPX0 , -> C:\SmitfraudFix.exe -> [Ver = | Size = 731028 bytes | Modified Date = 12/26/2006 9:06:24 PM | Attr = ]
UPX! , UPX0 , -> C:\stng260.exe -> McAfee Inc. [Ver = 2.6.0. | Size = 1144839 bytes | Modified Date = 12/27/2006 4:59:40 PM | Attr = ]
UPX0 , -> C:\tmp.txt -> [Ver = | Size = 566535 bytes | Modified Date = 11/20/2004 10:27:06 AM | Attr = ]
UPX! , UPX0 , -> C:\Virtumonde_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 663040 bytes | Modified Date = 12/26/2006 5:19:44 PM | Attr = ]
UPX! , UPX0 , -> C:\VundoFix.exe -> Atribune.org [Ver = 6.02.0013 | Size = 88064 bytes | Modified Date = 12/26/2006 9:12:56 PM | Attr = ]
UPX! , UPX0 , -> C:\Win32_Pipeline_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 657552 bytes | Modified Date = 12/26/2006 5:19:24 PM | Attr = ]
PTech , -> C:\WindowsDefender.msi -> [Ver = | Size = 5186048 bytes | Modified Date = 12/20/2006 11:43:50 PM | Attr = ]
PEC2 , PECompact2 , -> C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe -> Adobe Systems [Ver = 2.0.0.43 | Size = 414208 bytes | Modified Date = 11/12/2004 10:36:04 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 9/29/2004 11:36:24 AM | Attr = ]
PTech , -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\1033\WkCalLng.dll -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 196608 bytes | Modified Date = 4/16/2003 6:14:56 PM | Attr = R ]
UPX! , WSUD , UPX0 , -> C:\WINDOWS\del.tmp -> [Ver = | Size = 255700 bytes | Modified Date = 11/21/2004 12:44:08 PM | Attr = ]
aspack , PTech , -> C:\WINDOWS\Eqcofffqo.mbc -> [Ver = | Size = 1343999 bytes | Modified Date = 11/16/2004 8:34:00 AM | Attr = ]
PTech , -> C:\WINDOWS\Flqtttns.nnl -> [Ver = | Size = 1626626 bytes | Modified Date = 6/6/2005 8:52:42 AM | Attr = ]
PTech , -> C:\WINDOWS\Fvwujlsjnvf.lcv -> [Ver = | Size = 483851 bytes | Modified Date = 5/25/2005 7:46:54 AM | Attr = ]
PEC2 , -> C:\WINDOWS\Rabcwkqymi.oul -> [Ver = | Size = 184535 bytes | Modified Date = 3/24/2005 6:50:02 PM | Attr = ]
UPX! , WSUD , UPX0 , -> C:\WINDOWS\searchen.dat -> [Ver = | Size = 240811 bytes | Modified Date = 12/28/2004 10:30:32 PM | Attr = ]
PTech , -> C:\WINDOWS\Spuyfzcm.tue -> [Ver = | Size = 1073501 bytes | Modified Date = 3/4/2005 5:21:24 AM | Attr = ]
PEC2 , -> C:\WINDOWS\Sqhrkkb.nqp -> [Ver = | Size = 193869 bytes | Modified Date = 4/5/2005 12:52:16 AM | Attr = ]
qoologic , abetterinternet.com , -> C:\WINDOWS\thcgno.dll -> [Ver = | Size = 3281 bytes | Modified Date = 12/18/2004 11:42:44 PM | Attr = ]
SAHAgent , -> C:\WINDOWS\System32\bln02nqv.ini -> [Ver = | Size = 35 bytes | Modified Date = 4/8/2005 2:53:38 PM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = ]
SAHAgent , -> C:\WINDOWS\System32\gah95on6.ini -> [Ver = | Size = 3168 bytes | Modified Date = 9/3/2005 2:52:56 PM | Attr = ]
UPX! , -> C:\WINDOWS\System32\locate.com -> [Ver = | Size = 11254 bytes | Modified Date = 1/13/2005 9:41:48 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\msdjgk.dll -> [Ver = | Size = 86030 bytes | Modified Date = 8/22/2001 7:00:00 PM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 3:04:34 PM | Attr = ]
UPX! , WSUD , UPX0 , -> C:\WINDOWS\System32\strings.exe -> [Ver = | Size = 175616 bytes | Modified Date = 1/20/2005 1:47:50 PM | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 11/19/2003 2:59:36 PM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 5.0.117.0 | Size = 427864 bytes | Modified Date = 6/14/2004 2:56:26 PM | Attr = ]
PTech , -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:47 PM

Posted 29 December 2006 - 12:04 AM

Hi rxnelson. What a mess lol. Let's start with the following. Please print these directions because you will need to boot into Safe Mode during the fix and this page will not be available. Then proceed with the following steps in order.

Step #1

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step #2

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #3

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Cleanup -> C:\DOCUME~1\Jeff\LOCALS~1\Temp\20061227201418_mcappins.exe
YY -> msci -> C:\Documents and Settings\Jeff\Local Settings\Temp\20061227201418_mcinfo.exe
< RunOnce [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YY -> gi2003625531 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\giS42JAN.exe
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
YN -> ISEXEng ->
YN -> kcsqtoayeeakyq ->
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\
YN -> Aaou -> C:\Documents and Settings\Jeff\Application Data\to?lkf.exe
YN -> aavcaag -> C:\WINDOWS\system32\idhwswc\aavcaag.exe
YN -> apakapj -> C:\WINDOWS\system32\ksnvoqno\apakapj.exe
YN -> api3t -> C:\WINDOWS\system32\api3t.exe
YN -> astiti -> C:\WINDOWS\system32\samlqcwa\astiti.exe
YN -> atlfh.exe -> C:\WINDOWS\system32\atlfh.exe
YN -> ausdtjq -> C:\WINDOWS\system32\etadotbm\ausdtjq.exe
YN -> Ayivjsjp -> C:\WINDOWS\system32\r?gsvr32.exe
YN -> bainlars -> C:\WINDOWS\system32\cgdn\bainlars.exe
YN -> bcachew -> C:\WINDOWS\system32\bcachew.exe
YN -> beofkk -> C:\WINDOWS\system32\svlua\beofkk.exe
YN -> btmc -> C:\WINDOWS\system32\vgqlbs\btmc.exe
YN -> cbrioa -> C:\WINDOWS\system32\iwnkvl\cbrioa.exe
YN -> cixac -> C:\WINDOWS\system32\hmbiar\cixac.exe
YN -> dakdygk -> C:\WINDOWS\System32\lhyicww\dakdygk.exe
YN -> dbemasn -> C:\WINDOWS\System32\kslq\dbemasn.exe
YN -> dfbkwhw -> C:\WINDOWS\system32\kcec\dfbkwhw.exe
YN -> djgiixn -> C:\WINDOWS\system32\gudvckae\djgiixn.exe
YN -> dvieu -> C:\WINDOWS\system32\ilrxfv\dvieu.exe
YN -> ebltfswt -> C:\WINDOWS\system32\hdqd\ebltfswt.exe
YN -> edjsnm -> C:\WINDOWS\system32\vjjdcp\edjsnm.exe
YN -> eqnmfyuu -> C:\WINDOWS\system32\toyxhc\eqnmfyuu.exe
YN -> evypqcj -> C:\WINDOWS\system32\sfoqeyfw\evypqcj.exe
YN -> fhfbw -> C:\WINDOWS\System32\vfknc\fhfbw.exe
YN -> gcasServ -> C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
YN -> gfeacdbv -> C:\WINDOWS\system32\qldpmpt\gfeacdbv.exe
YN -> gfjhpmne -> C:\WINDOWS\System32\dhpvbom\gfjhpmne.exe
YN -> GoGoTray.exe -> C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
YN -> hasqof -> C:\WINDOWS\System32\pjqgcad\hasqof.exe
YN -> hmksgssj -> C:\WINDOWS\system32\ehyijvcl\hmksgssj.exe
YN -> hojgxo -> C:\WINDOWS\System32\jbmnj\hojgxo.exe
YN -> hshnin -> C:\WINDOWS\TEMP\ltilo.exe
YN -> htqk -> C:\WINDOWS\system32\jjbyllm\htqk.exe
YN -> hullcua -> C:\WINDOWS\system32\khgie\hullcua.exe
YN -> iamapp -> C:\Program Files\Norton Internet Security\IAMAPP.EXE
YN -> ibyt -> C:\WINDOWS\system32\gaosqli\ibyt.exe
YN -> ielfe -> C:\WINDOWS\system32\nnhklqfk\ielfe.exe
YN -> ihrp -> C:\WINDOWS\system32\fwya\ihrp.exe
YN -> inftb32w -> C:\WINDOWS\system32\inftb32w.exe
YN -> ippy.exe -> C:\WINDOWS\system32\ippy.exe
YN -> jbhkaafj -> C:\WINDOWS\System32\hliojyxy\jbhkaafj.exe
YN -> jciatwaj -> C:\WINDOWS\system32\gonujux\jciatwaj.exe
YN -> jlxvlqeb -> C:\WINDOWS\system32\hdtjmm\jlxvlqeb.exe
YN -> jtotad -> C:\WINDOWS\system32\tlcsmvf\jtotad.exe
YN -> jwjo -> C:\WINDOWS\system32\qyrlpb\jwjo.exe
YN -> kbum -> C:\WINDOWS\system32\fxjyt\kbum.exe
YN -> kcsqtoay -> C:\WINDOWS\system32\eeakyq\kcsqtoay.exe
YN -> kfpjqk -> C:\WINDOWS\system32\gvjink\kfpjqk.exe
YN -> khkjcnxa -> C:\WINDOWS\system32\hsrej\khkjcnxa.exe
YN -> lbjj -> C:\WINDOWS\system32\kbfdpa\lbjj.exe
YN -> lhhjdj -> C:\WINDOWS\system32\sceyj\lhhjdj.exe
YN -> llclf -> C:\WINDOWS\System32\niqsbs\llclf.exe
YN -> lmwjyve -> C:\WINDOWS\system32\iwrddabe\lmwjyve.exe
YN -> lpxs -> C:\WINDOWS\system32\armbl\lpxs.exe
YN -> lxvc -> C:\WINDOWS\system32\ibqqqufp\lxvc.exe
YN -> mayqxwh -> C:\WINDOWS\System32\wqsml\mayqxwh.exe
YN -> MCAgentExe -> c:\PROGRA~1\mcafee.com\agent\mcagent.exe
YN -> mcfgx -> C:\WINDOWS\system32\gvifd\mcfgx.exe
YN -> MCUpdateExe -> C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
YN -> mecxpbmh -> C:\WINDOWS\system32\ycmxbya\mecxpbmh.exe
YN -> mgxxycrm -> C:\WINDOWS\System32\rjakoasn\mgxxycrm.exe
YN -> mhlb -> C:\WINDOWS\system32\rvbn\mhlb.exe
YN -> MPFExe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
YN -> MPSExe -> C:\Program Files\McAfee.com\MPS\mscifapp.exe
YN -> MSKAGENTEXE -> C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
YN -> MSKDetectorExe -> C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe
YN -> msnmsgr -> C:\Program Files\MSN Messenger\msnmsgr.exe
YN -> NAV Agent -> C:\PROGRA~1\NORTON~1\navapw32.exe
YN -> nhbexs -> C:\WINDOWS\system32\roreu\nhbexs.exe
YN -> njufo -> C:\WINDOWS\system32\govlqxj\njufo.exe
YN -> nlgskqh -> C:\WINDOWS\System32\rmcge\nlgskqh.exe
YN -> nnhgwwy -> C:\WINDOWS\system32\avfrdx\nnhgwwy.exe
YN -> nnnyha -> C:\WINDOWS\system32\nwgdrks\nnnyha.exe
YN -> nqijxwty -> C:\WINDOWS\system32\auclgi\nqijxwty.exe
YN -> Nsv -> C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
YN -> ntqm.exe -> C:\WINDOWS\system32\ntqm.exe
YN -> ocbgls -> C:\WINDOWS\system32\vchgw\ocbgls.exe
YN -> ovei -> C:\WINDOWS\system32\lbujre\ovei.exe
YN -> ovfehcop -> C:\WINDOWS\system32\ecomqjb\ovfehcop.exe
YN -> pccpxoia -> C:\WINDOWS\system32\trlhoog\pccpxoia.exe
YN -> pdvvd -> C:\WINDOWS\system32\goqtfc\pdvvd.exe
YN -> pidqivms -> C:\WINDOWS\system32\ypfaje\pidqivms.exe
YN -> pourhyqm -> C:\WINDOWS\system32\iilb\pourhyqm.exe
YN -> ppkunwq -> C:\WINDOWS\system32\cicoksym\ppkunwq.exe
YN -> qhxxn -> C:\WINDOWS\system32\kkkrwbmi\qhxxn.exe
YN -> qnsbtl -> C:\WINDOWS\system32\wwcjewsl\qnsbtl.exe
YN -> qpanx -> C:\WINDOWS\System32\cdqkdw\qpanx.exe
YN -> qxor -> C:\WINDOWS\system32\fhjpbuph\qxor.exe
YN -> rbmkiv -> C:\WINDOWS\system32\nddhonra\rbmkiv.exe
YN -> rcchgi -> C:\WINDOWS\system32\grxtlyfk\rcchgi.exe
YN -> refyyyuy -> C:\WINDOWS\system32\kdipam\refyyyuy.exe
YN -> rnsu -> C:\WINDOWS\System32\qsecgeet\rnsu.exe
YN -> rqghhh -> C:\WINDOWS\system32\fdrn\rqghhh.exe
YN -> sarjm -> C:\WINDOWS\system32\nwaueebv\sarjm.exe
YN -> sgwsamp -> C:\WINDOWS\system32\ypca\sgwsamp.exe
YN -> shtmlm -> C:\WINDOWS\system32\shtmlm.exe
YN -> smhqooct -> C:\WINDOWS\system32\liuob\smhqooct.exe
YN -> sqeki -> C:\WINDOWS\system32\jese\sqeki.exe
YN -> tcvfu -> C:\WINDOWS\System32\lneyoc\tcvfu.exe
YN -> tklh -> C:\WINDOWS\system32\lnmjcve\tklh.exe
YN -> tqiti -> C:\WINDOWS\system32\wdqnmqne\tqiti.exe
YN -> uckexn -> C:\WINDOWS\system32\poqcnb\uckexn.exe
YN -> urllkh -> C:\WINDOWS\system32\pwmgv\urllkh.exe
YN -> UserFaultCheck ->
YN -> vefnutau -> C:\WINDOWS\system32\wgsi\vefnutau.exe
YN -> ViewMgr -> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
YN -> VirusScan Online -> c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
YN -> vjrae -> C:\WINDOWS\System32\olxq\vjrae.exe
YN -> VSOCheckTask -> c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
YN -> vubgxl -> C:\WINDOWS\system32\irgsosu\vubgxl.exe
YN -> vwpnpcog -> C:\WINDOWS\System32\hjmqduxw\vwpnpcog.exe
YN -> wljxkbgn -> C:\WINDOWS\system32\xxqpixwm\wljxkbgn.exe
YN -> wnjxgu -> C:\WINDOWS\System32\ujyiasb\wnjxgu.exe
YN -> wridyxl -> C:\WINDOWS\system32\fkbfyk\wridyxl.exe
YN -> wxlcrie -> C:\WINDOWS\system32\dghelvr\wxlcrie.exe
YN -> xptjn -> C:\WINDOWS\system32\xhklfg\xptjn.exe
YN -> xyofkviy -> C:\WINDOWS\system32\djoway\xyofkviy.exe
YN -> ybqo -> C:\WINDOWS\system32\ywqdyoy\ybqo.exe
YN -> ydggq -> C:\WINDOWS\system32\aaxbg\ydggq.exe
YN -> yihrfgp -> C:\WINDOWS\system32\nyseepmf\yihrfgp.exe
YN -> ykgnbmv -> C:\WINDOWS\system32\tfqd\ykgnbmv.exe
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {E3215F20-3212-11D6-9F8B-00D0B743919D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
YN -> {5aa2ebda-7714-4a88-952e-e5059da9d07e} [HKLM] -> Reg Data - Key not found [kfmqnx]
[Files - Created Wihin 30 days]
NY -> apiri32.dll -> C:\WINDOWS\apiri32.dll
NY -> ffpjq.log -> C:\WINDOWS\ffpjq.log
NY -> javavp.exe -> C:\WINDOWS\javavp.exe
NY -> msrtb.dat -> C:\WINDOWS\msrtb.dat
NY -> nettb.exe -> C:\WINDOWS\nettb.exe
NY -> odjnj.dll -> C:\WINDOWS\odjnj.dll
NY -> ogtej.dll -> C:\WINDOWS\ogtej.dll
NY -> pytcc.txt -> C:\WINDOWS\pytcc.txt
NY -> pyxlj.dll -> C:\WINDOWS\pyxlj.dll
NY -> usyoz.txt -> C:\WINDOWS\usyoz.txt
NY -> vuwaa.log -> C:\WINDOWS\vuwaa.log
NY -> Zdkdipbxll.hkh -> C:\WINDOWS\Zdkdipbxll.hkh
NY -> _default.pif -> C:\WINDOWS\_default.pif
NY -> addtg32.exe -> C:\WINDOWS\System32\addtg32.exe
NY -> asfiles.txt -> C:\WINDOWS\System32\asfiles.txt
NY -> bidma.dat -> C:\WINDOWS\System32\bidma.dat
NY -> brojf.txt -> C:\WINDOWS\System32\brojf.txt
NY -> dbplu.log -> C:\WINDOWS\System32\dbplu.log
NY -> javaus32.dll -> C:\WINDOWS\System32\javaus32.dll
NY -> tkhvs.dll -> C:\WINDOWS\System32\tkhvs.dll
NY -> tmp.reg -> C:\WINDOWS\System32\tmp.reg
NY -> tmp.txt -> C:\WINDOWS\System32\tmp.txt
NY -> winnm.exe -> C:\WINDOWS\System32\winnm.exe
[Files - Modified Wihin 30 days]
NY -> 0.log -> C:\WINDOWS\0.log
NY -> apiri32.dll -> C:\WINDOWS\apiri32.dll
NY -> ffpjq.log -> C:\WINDOWS\ffpjq.log
NY -> javavp.exe -> C:\WINDOWS\javavp.exe
NY -> msrtb.dat -> C:\WINDOWS\msrtb.dat
NY -> nettb.exe -> C:\WINDOWS\nettb.exe
NY -> odjnj.dll -> C:\WINDOWS\odjnj.dll
NY -> ogtej.dll -> C:\WINDOWS\ogtej.dll
NY -> pytcc.txt -> C:\WINDOWS\pytcc.txt
NY -> pyxlj.dll -> C:\WINDOWS\pyxlj.dll
NY -> usyoz.txt -> C:\WINDOWS\usyoz.txt
NY -> vuwaa.log -> C:\WINDOWS\vuwaa.log
NY -> wiadebug.log -> C:\WINDOWS\wiadebug.log
NY -> Zdkdipbxll.hkh -> C:\WINDOWS\Zdkdipbxll.hkh
NY -> _default.pif -> C:\WINDOWS\_default.pif
NY -> addtg32.exe -> C:\WINDOWS\System32\addtg32.exe
NY -> asfiles.txt -> C:\WINDOWS\System32\asfiles.txt
NY -> bidma.dat -> C:\WINDOWS\System32\bidma.dat
NY -> brojf.txt -> C:\WINDOWS\System32\brojf.txt
NY -> dbplu.log -> C:\WINDOWS\System32\dbplu.log
NY -> javaus32.dll -> C:\WINDOWS\System32\javaus32.dll
NY -> tkhvs.dll -> C:\WINDOWS\System32\tkhvs.dll
NY -> tmp.reg -> C:\WINDOWS\System32\tmp.reg
NY -> tmp.txt -> C:\WINDOWS\System32\tmp.txt
NY -> winnm.exe -> C:\WINDOWS\System32\winnm.exe
[File String Scan - Non-Microsoft Only]
NY -> UPX0 , -> C:\tmp.txt
NY -> UPX! , WSUD , UPX0 , -> C:\WINDOWS\del.tmp
NY -> aspack , PTech , -> C:\WINDOWS\Eqcofffqo.mbc
NY -> PTech , -> C:\WINDOWS\Flqtttns.nnl
NY -> PTech , -> C:\WINDOWS\Fvwujlsjnvf.lcv
NY -> PEC2 , -> C:\WINDOWS\Rabcwkqymi.oul
NY -> UPX! , WSUD , UPX0 , -> C:\WINDOWS\searchen.dat
NY -> PTech , -> C:\WINDOWS\Spuyfzcm.tue
NY -> PEC2 , -> C:\WINDOWS\Sqhrkkb.nqp
NY -> qoologic , abetterinternet.com , -> C:\WINDOWS\thcgno.dll
NY -> SAHAgent , -> C:\WINDOWS\System32\bln02nqv.ini
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\msdjgk.dll
[Reboot]


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes and reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #5

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 rxnelson

rxnelson
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 29 December 2006 - 02:16 AM

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes and reboot into Safe Mode by doing the following:


The fix has the computer tied up 100% for the last 10 minutes. Is this normal?

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:47 PM

Posted 29 December 2006 - 09:04 AM

Hi rxnelson. With that quantity of files it might. Or it might be that some of them do not want to go away. If it is still trying to work after 30 minutes then just kill it and move on to the AVG AS step.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 rxnelson

rxnelson
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 29 December 2006 - 05:44 PM

WinPFind3 logfile created on: 12/29/2006 1:12:53 PM
WinPFind3U by OldTimer - Version 1.0.3 Folder = C:\Documents and Settings\Jeff\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
avgas.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
avgas.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Jeff\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.3.0 | Size = 303104 bytes | Modified Date = 12/26/2006 9:48:50 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(Iomega Activity Disk2) Iomega Activity Disk2 [Win32_Own | Disabled | Stopped] -> -> File not found
(Iomega App Services) Iomega App Services [Win32_Own | Auto | Stopped] -> C:\Program Files\Iomega\System32\AppServices.exe -> Iomega Corporation [Ver = 2, 0, 2, 4 | Size = 73728 bytes | Modified Date = 7/31/2002 2:15:18 PM | Attr = ]
(iPodService) iPod Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 327680 bytes | Modified Date = 12/18/2004 8:14:42 PM | Attr = ]
(jciatwajgonujux) jciatwajgonujux [Win32_Own | Disabled | Stopped] -> C:\WINDOWS\system32\gonujux\jciatwaj.exe -> File not found
(Pctspk) PCTEL Speaker Phone [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 5:36:54 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> File not found
(STOPzilla Local Service) STOPzilla Local Service [Win32_Own | Auto | Stopped] -> C:\Program Files\STOPzilla!\SZNTSvc.exe -> International Software Systems Solutions [Ver = 3, 2, 1, 0 | Size = 69632 bytes | Modified Date = 8/8/2004 11:41:34 AM | Attr = ]
(SymProxySvc) Norton Internet Security Proxy Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Norton Internet Security\SymProxySvc.exe -> File not found
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
STOPzilla -> C:\Program Files\STOPzilla!\Stopzilla.exe -> International Software Systems Solutions [Ver = 3, 2, 5, 2 | Size = 40960 bytes | Modified Date = 8/9/2004 2:23:10 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup -> C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe -> Iomega Corporation [Ver = Build 52 | Size = 3026944 bytes | Modified Date = 10/10/2002 4:25:38 PM | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\
Aaou -> C:\Documents and Settings\Jeff\Application Data\to?lkf.exe -> File not found
aavcaag -> C:\WINDOWS\system32\idhwswc\aavcaag.exe -> File not found
AIM -> C:\Program Files\AIM\aim.exe -cnetwait.odl -> File not found
apakapj -> C:\WINDOWS\system32\ksnvoqno\apakapj.exe -> File not found
api3t -> C:\WINDOWS\system32\api3t.exe -> File not found
astiti -> C:\WINDOWS\system32\samlqcwa\astiti.exe -> File not found
atlfh.exe -> C:\WINDOWS\system32\atlfh.exe -> File not found
ausdtjq -> C:\WINDOWS\system32\etadotbm\ausdtjq.exe -> File not found
Ayivjsjp -> C:\WINDOWS\system32\r?gsvr32.exe -> [Ver = | Size = 11776 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ]
bainlars -> C:\WINDOWS\system32\cgdn\bainlars.exe -> File not found
bcachew -> C:\WINDOWS\system32\bcachew.exe -> File not found
beofkk -> C:\WINDOWS\system32\svlua\beofkk.exe -> File not found
btmc -> C:\WINDOWS\system32\vgqlbs\btmc.exe -> File not found
cbrioa -> C:\WINDOWS\system32\iwnkvl\cbrioa.exe -> File not found
cixac -> C:\WINDOWS\system32\hmbiar\cixac.exe -> File not found
dakdygk -> C:\WINDOWS\System32\lhyicww\dakdygk.exe -> File not found
dbemasn -> C:\WINDOWS\System32\kslq\dbemasn.exe -> File not found
dfbkwhw -> C:\WINDOWS\system32\kcec\dfbkwhw.exe -> File not found
djgiixn -> C:\WINDOWS\system32\gudvckae\djgiixn.exe -> File not found
dvieu -> C:\WINDOWS\system32\ilrxfv\dvieu.exe -> File not found
ebltfswt -> C:\WINDOWS\system32\hdqd\ebltfswt.exe -> File not found
edjsnm -> C:\WINDOWS\system32\vjjdcp\edjsnm.exe -> File not found
eqnmfyuu -> C:\WINDOWS\system32\toyxhc\eqnmfyuu.exe -> File not found
eTrust PestPatrol Active Protection -> C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe -> Computer Associates [Ver = 5, 0, 0, 0 | Size = 106496 bytes | Modified Date = 9/27/2004 6:09:06 AM | Attr = ]
evypqcj -> C:\WINDOWS\system32\sfoqeyfw\evypqcj.exe -> File not found
fhfbw -> C:\WINDOWS\System32\vfknc\fhfbw.exe -> File not found
gcasServ -> C:\Program Files\Microsoft AntiSpyware\gcasServ.exe -> File not found
gfeacdbv -> C:\WINDOWS\system32\qldpmpt\gfeacdbv.exe -> File not found
gfjhpmne -> C:\WINDOWS\System32\dhpvbom\gfjhpmne.exe -> File not found
GoGoTray.exe -> C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe -> File not found
hasqof -> C:\WINDOWS\System32\pjqgcad\hasqof.exe -> File not found
hmksgssj -> C:\WINDOWS\system32\ehyijvcl\hmksgssj.exe -> File not found
hojgxo -> C:\WINDOWS\System32\jbmnj\hojgxo.exe -> File not found
hshnin -> C:\WINDOWS\TEMP\ltilo.exe -> File not found
htqk -> C:\WINDOWS\system32\jjbyllm\htqk.exe -> File not found
hullcua -> C:\WINDOWS\system32\khgie\hullcua.exe -> File not found
iamapp -> C:\Program Files\Norton Internet Security\IAMAPP.EXE -> File not found
ibyt -> C:\WINDOWS\system32\gaosqli\ibyt.exe -> File not found
ielfe -> C:\WINDOWS\system32\nnhklqfk\ielfe.exe -> File not found
ihrp -> C:\WINDOWS\system32\fwya\ihrp.exe -> File not found
inftb32w -> C:\WINDOWS\system32\inftb32w.exe -> File not found
Iomega Automatic Backup -> C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe -> Iomega Corporation [Ver = Build 52 | Size = 3026944 bytes | Modified Date = 10/10/2002 4:25:38 PM | Attr = ]
Iomega Automatic Backup 1.0.1 -> C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe -> Iomega Corporation [Ver = Build 52 | Size = 3026944 bytes | Modified Date = 10/10/2002 4:25:38 PM | Attr = ]
ippy.exe -> C:\WINDOWS\system32\ippy.exe -> File not found
iTunesHelper -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 278528 bytes | Modified Date = 12/18/2004 12:20:14 AM | Attr = ]
jbhkaafj -> C:\WINDOWS\System32\hliojyxy\jbhkaafj.exe -> File not found
jciatwaj -> C:\WINDOWS\system32\gonujux\jciatwaj.exe -> File not found
jlxvlqeb -> C:\WINDOWS\system32\hdtjmm\jlxvlqeb.exe -> File not found
jtotad -> C:\WINDOWS\system32\tlcsmvf\jtotad.exe -> File not found
jwjo -> C:\WINDOWS\system32\qyrlpb\jwjo.exe -> File not found
kbum -> C:\WINDOWS\system32\fxjyt\kbum.exe -> File not found
kcsqtoay -> C:\WINDOWS\system32\eeakyq\kcsqtoay.exe -> File not found
kfpjqk -> C:\WINDOWS\system32\gvjink\kfpjqk.exe -> File not found
khkjcnxa -> C:\WINDOWS\system32\hsrej\khkjcnxa.exe -> File not found
lbjj -> C:\WINDOWS\system32\kbfdpa\lbjj.exe -> File not found
lhhjdj -> C:\WINDOWS\system32\sceyj\lhhjdj.exe -> File not found
llclf -> C:\WINDOWS\System32\niqsbs\llclf.exe -> File not found
lmwjyve -> C:\WINDOWS\system32\iwrddabe\lmwjyve.exe -> File not found
lpxs -> C:\WINDOWS\system32\armbl\lpxs.exe -> File not found
lxvc -> C:\WINDOWS\system32\ibqqqufp\lxvc.exe -> File not found
mayqxwh -> C:\WINDOWS\System32\wqsml\mayqxwh.exe -> File not found
MCAgentExe -> c:\PROGRA~1\mcafee.com\agent\mcagent.exe -> File not found
mcfgx -> C:\WINDOWS\system32\gvifd\mcfgx.exe -> File not found
MCUpdateExe -> C:\PROGRA~1\mcafee.com\agent\mcupdate.exe -> File not found
mecxpbmh -> C:\WINDOWS\system32\ycmxbya\mecxpbmh.exe -> File not found
mgxxycrm -> C:\WINDOWS\System32\rjakoasn\mgxxycrm.exe -> File not found
mhlb -> C:\WINDOWS\system32\rvbn\mhlb.exe -> File not found
Microsoft Works Update Detection -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 9.00.0607.0 | Size = 50688 bytes | Modified Date = 6/7/2003 6:32:32 AM | Attr = ]
MPFExe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> File not found
MPSExe -> C:\Program Files\McAfee.com\MPS\mscifapp.exe -> File not found
MSKAGENTEXE -> C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe -> File not found
MSKDetectorExe -> C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe -> File not found
msnmsgr -> C:\Program Files\MSN Messenger\msnmsgr.exe -> File not found
NAV Agent -> C:\PROGRA~1\NORTON~1\navapw32.exe -> File not found
NeroFilterCheck -> C:\WINDOWS\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
nhbexs -> C:\WINDOWS\system32\roreu\nhbexs.exe -> File not found
njufo -> C:\WINDOWS\system32\govlqxj\njufo.exe -> File not found
nlgskqh -> C:\WINDOWS\System32\rmcge\nlgskqh.exe -> File not found
nnhgwwy -> C:\WINDOWS\system32\avfrdx\nnhgwwy.exe -> File not found
nnnyha -> C:\WINDOWS\system32\nwgdrks\nnnyha.exe -> File not found
nqijxwty -> C:\WINDOWS\system32\auclgi\nqijxwty.exe -> File not found
Nsv -> C:\WINDOWS\system32\nsvsvc\nsvsvc.exe -> File not found
ntqm.exe -> C:\WINDOWS\system32\ntqm.exe -> File not found
ocbgls -> C:\WINDOWS\system32\vchgw\ocbgls.exe -> File not found
ovei -> C:\WINDOWS\system32\lbujre\ovei.exe -> File not found
ovfehcop -> C:\WINDOWS\system32\ecomqjb\ovfehcop.exe -> File not found
pccpxoia -> C:\WINDOWS\system32\trlhoog\pccpxoia.exe -> File not found
pdvvd -> C:\WINDOWS\system32\goqtfc\pdvvd.exe -> File not found
pidqivms -> C:\WINDOWS\system32\ypfaje\pidqivms.exe -> File not found
pourhyqm -> C:\WINDOWS\system32\iilb\pourhyqm.exe -> File not found
ppkunwq -> C:\WINDOWS\system32\cicoksym\ppkunwq.exe -> File not found
qhxxn -> C:\WINDOWS\system32\kkkrwbmi\qhxxn.exe -> File not found
qnsbtl -> C:\WINDOWS\system32\wwcjewsl\qnsbtl.exe -> File not found
qpanx -> C:\WINDOWS\System32\cdqkdw\qpanx.exe -> File not found
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 12/24/2005 7:02:06 PM | Attr = ]
qxor -> C:\WINDOWS\system32\fhjpbuph\qxor.exe -> File not found
rbmkiv -> C:\WINDOWS\system32\nddhonra\rbmkiv.exe -> File not found
rcchgi -> C:\WINDOWS\system32\grxtlyfk\rcchgi.exe -> File not found
refyyyuy -> C:\WINDOWS\system32\kdipam\refyyyuy.exe -> File not found
rnsu -> C:\WINDOWS\System32\qsecgeet\rnsu.exe -> File not found
rqghhh -> C:\WINDOWS\system32\fdrn\rqghhh.exe -> File not found
sarjm -> C:\WINDOWS\system32\nwaueebv\sarjm.exe -> File not found
sgwsamp -> C:\WINDOWS\system32\ypca\sgwsamp.exe -> File not found
shtmlm -> C:\WINDOWS\system32\shtmlm.exe -> File not found
smhqooct -> C:\WINDOWS\system32\liuob\smhqooct.exe -> File not found
sqeki -> C:\WINDOWS\system32\jese\sqeki.exe -> File not found
STOPzilla -> C:\Program Files\STOPzilla!\Stopzilla.exe -> International Software Systems Solutions [Ver = 3, 2, 5, 2 | Size = 40960 bytes | Modified Date = 8/9/2004 2:23:10 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 9/28/2004 8:26:04 PM | Attr = ]
Symantec NetDriver Monitor -> C:\Program Files\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 8/17/2006 8:56:14 AM | Attr = ]
tcvfu -> C:\WINDOWS\System32\lneyoc\tcvfu.exe -> File not found
TkBellExe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 12/12/2004 1:00:58 AM | Attr = ]
tklh -> C:\WINDOWS\system32\lnmjcve\tklh.exe -> File not found
tqiti -> C:\WINDOWS\system32\wdqnmqne\tqiti.exe -> File not found
uckexn -> C:\WINDOWS\system32\poqcnb\uckexn.exe -> File not found
urllkh -> C:\WINDOWS\system32\pwmgv\urllkh.exe -> File not found
UserFaultCheck -> -> File not found
vefnutau -> C:\WINDOWS\system32\wgsi\vefnutau.exe -> File not found
ViewMgr -> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe -> File not found
VirusScan Online -> c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe -> File not found
vjrae -> C:\WINDOWS\System32\olxq\vjrae.exe -> File not found
VSOCheckTask -> c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe -> File not found
vubgxl -> C:\WINDOWS\system32\irgsosu\vubgxl.exe -> File not found
vwpnpcog -> C:\WINDOWS\System32\hjmqduxw\vwpnpcog.exe -> File not found
Weather -> C:\Program Files\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 4, 0, 9 | Size = 1597440 bytes | Modified Date = 9/9/2004 5:35:38 PM | Attr = ]
wljxkbgn -> C:\WINDOWS\system32\xxqpixwm\wljxkbgn.exe -> File not found
wnjxgu -> C:\WINDOWS\System32\ujyiasb\wnjxgu.exe -> File not found
wridyxl -> C:\WINDOWS\system32\fkbfyk\wridyxl.exe -> File not found
wxlcrie -> C:\WINDOWS\system32\dghelvr\wxlcrie.exe -> File not found
xptjn -> C:\WINDOWS\system32\xhklfg\xptjn.exe -> File not found
xyofkviy -> C:\WINDOWS\system32\djoway\xyofkviy.exe -> File not found
Yahoo! Pager -> C:\Program Files\Yahoo!\Messenger\YPager.exe -> [Ver = | Size = 3096576 bytes | Modified Date = 12/8/2005 1:55:10 PM | Attr = ]
ybqo -> C:\WINDOWS\system32\ywqdyoy\ybqo.exe -> File not found
ydggq -> C:\WINDOWS\system32\aaxbg\ydggq.exe -> File not found
yihrfgp -> C:\WINDOWS\system32\nyseepmf\yihrfgp.exe -> File not found
ykgnbmv -> C:\WINDOWS\system32\tfqd\ykgnbmv.exe -> File not found
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://213.159.117.134/index.php ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 12:02:04 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\program files\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 2, 0, 114, 9 | Size = 720896 bytes | Modified Date = 12/2/2004 1:59:32 PM | Attr = R ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 11/13/2004 8:01:52 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 2, 0, 114, 9 | Size = 720896 bytes | Modified Date = 12/2/2004 1:59:32 PM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 2, 0, 114, 9 | Size = 720896 bytes | Modified Date = 12/2/2004 1:59:32 PM | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8197 - Sun Java Console ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8194 - Yahoo! Messenger ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8199 - Uninstall BitDefender Online Scanner v8 ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8195 - Reg Data - Value does not exist ->
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -> 8198 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8196 - Windows Messenger ->
NextId -> 8200 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 5:50:04 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AIM Search -> C:\Program Files\AIM Toolbar\AIMBar.dll\aimsearch.htm -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 1:56:24 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> C:\Program Files\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 6:13:24 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 102400 bytes | Modified Date = 12/18/2004 12:19:16 AM | Attr = ]
{CCA60260-A2C9-11D2-BA62-0020188191B2} [HKLM] -> rrShellX.dll [Registrar Registry Manager SHell Extension] -> File not found
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> C:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.1946 | Size = 49198 bytes | Modified Date = 12/12/2004 1:01:14 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> Reg Data - Key not found [Symantec.Norton.Antivirus.IEContextMenu] -> File not found
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> C:\Program Files\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 6:13:24 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> Reg Data - Key not found [Symantec.Norton.Antivirus.IEContextMenu] -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
sv1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{1B82D376-C13E-4EE2-A96E-121B5F5E4086} -> (Linksys Wireless-G PCI Adapter) ->
{2F427322-1F6A-4E09-B95F-E6807465A6B9} -> (Intel® PRO/100 VM Network Connection) ->
{E593EE84-7B86-4B3C-99F9-95C967ED77CA} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
AboutBuster.zip -> C:\AboutBuster.zip -> [Ver = | Size = 39875 bytes | Created Date = 12/26/2006 9:03:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\AboutBuster.zip:Zone.Identifier ->
aswclnr.exe -> C:\aswclnr.exe -> [Ver = 1, 0, 209, 0 | Size = 403072 bytes | Created Date = 12/24/2006 11:59:45 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\aswclnr.exe:Zone.Identifier ->
aswclnr.log -> C:\aswclnr.log -> [Ver = | Size = 1064 bytes | Created Date = 12/25/2006 12:04:02 AM | Attr = ]
ATF-Cleaner.exe -> C:\ATF-Cleaner.exe -> Atribune.org [Ver = 2.00.0008 | Size = 47104 bytes | Created Date = 12/26/2006 9:01:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\ATF-Cleaner.exe:Zone.Identifier ->
avg75free_432a861.exe -> C:\avg75free_432a861.exe -> [Ver = | Size = 17674296 bytes | Created Date = 12/21/2006 11:03:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\avg75free_432a861.exe:Zone.Identifier ->
avgas-setup-7.5.0.50.exe -> C:\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Created Date = 12/21/2006 11:03:27 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
bitdefender.html -> C:\bitdefender.html -> [Ver = | Size = 922262 bytes | Created Date = 12/24/2006 8:11:08 AM | Attr = ]
bleep.txt -> C:\bleep.txt -> [Ver = | Size = 11484 bytes | Created Date = 12/29/2006 2:05:11 AM | Attr = ]
CWShredder.exe -> C:\CWShredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Created Date = 12/21/2006 10:26:26 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\CWShredder.exe:Zone.Identifier ->
delcwssk.zip -> C:\delcwssk.zip -> [Ver = | Size = 52461 bytes | Created Date = 12/26/2006 9:00:45 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\delcwssk.zip:Zone.Identifier ->
direct.txt -> C:\direct.txt -> [Ver = | Size = 56 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
dllcompare.exe -> C:\dllcompare.exe -> Option^Explicit Software [Ver = 1.00.0127 | Size = 122880 bytes | Created Date = 12/26/2006 8:27:12 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\dllcompare.exe:Zone.Identifier ->
FixBargainbuddy.exe -> C:\FixBargainbuddy.exe -> [Ver = 1.0.4 | Size = 168592 bytes | Created Date = 12/22/2006 7:28:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\FixBargainbuddy.exe:Zone.Identifier ->
FixBargainbuddy.log -> C:\FixBargainbuddy.log -> [Ver = | Size = 109 bytes | Created Date = 12/22/2006 11:43:21 PM | Attr = ]
FixIefts.exe -> C:\FixIefts.exe -> Symantec Corporation [Ver = 1.0.1 | Size = 156296 bytes | Created Date = 12/22/2006 7:30:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\FixIefts.exe:Zone.Identifier ->
FixIefts.log -> C:\FixIefts.log -> [Ver = | Size = 46 bytes | Created Date = 12/22/2006 9:23:23 PM | Attr = ]
Free-Spyware-Scanner-Install.exe -> C:\Free-Spyware-Scanner-Install.exe -> [Ver = | Size = 3441104 bytes | Created Date = 12/24/2006 11:52:44 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Free-Spyware-Scanner-Install.exe:Zone.Identifier ->
HijackThis.exe -> C:\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.97.0007 | Size = 160768 bytes | Created Date = 12/21/2006 10:18:03 AM | Attr = ]
hijackthis.zip -> C:\hijackthis.zip -> [Ver = | Size = 212851 bytes | Created Date = 12/24/2006 11:27:02 AM | Attr = ]
kaper.html -> C:\kaper.html -> [Ver = | Size = 6384834 bytes | Created Date = 12/24/2006 10:12:47 PM | Attr = ]
KillBox.exe -> C:\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Created Date = 12/24/2006 11:45:23 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\KillBox.exe:Zone.Identifier ->
l2mfix.exe -> C:\l2mfix.exe -> [Ver = | Size = 336914 bytes | Created Date = 12/26/2006 9:41:57 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\l2mfix.exe:Zone.Identifier ->
log.txt -> C:\log.txt -> [Ver = | Size = 546 bytes | Created Date = 12/26/2006 9:02:10 PM | Attr = ]
logdllcompare.txt -> C:\logdllcompare.txt -> [Ver = | Size = 546 bytes | Created Date = 12/27/2006 4:52:55 PM | Attr = ]
Look2Me-Destroyer.exe -> C:\Look2Me-Destroyer.exe -> Atribune.org [Ver = 1.00.0012 | Size = 40960 bytes | Created Date = 12/26/2006 9:14:25 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Look2Me-Destroyer.exe:Zone.Identifier ->
Look2Me-Destroyer.txt -> C:\Look2Me-Destroyer.txt -> [Ver = | Size = 510 bytes | Created Date = 12/26/2006 10:44:03 PM | Attr = ]
Look2Me_Remover.exe -> C:\Look2Me_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 678544 bytes | Created Date = 12/26/2006 5:27:51 PM | Attr = ]
LS-Look2Me-Remover.log -> C:\LS-Look2Me-Remover.log -> [Ver = | Size = 377 bytes | Created Date = 12/26/2006 5:28:19 PM | Attr = ]
LS-Virtumonde-Remover.log -> C:\LS-Virtumonde-Remover.log -> [Ver = | Size = 384 bytes | Created Date = 12/26/2006 5:29:58 PM | Attr = ]
LsReCore_L2M.dll -> C:\LsReCore_L2M.dll -> Lavasoft AB [Ver = 1, 0, 0, 1 | Size = 184320 bytes | Created Date = 12/26/2006 5:29:00 PM | Attr = ]
LsReCore_VM.dll -> C:\LsReCore_VM.dll -> Lavasoft AB [Ver = 2, 0, 0, 1 | Size = 184320 bytes | Created Date = 12/26/2006 5:31:00 PM | Attr = ]
nav8.exe -> C:\nav8.exe -> Symantec Corporation [Ver = 1.0.0.387 RELEASE | Size = 35777509 bytes | Created Date = 12/21/2006 3:33:58 PM | Attr = R ]
PkgClnup.log -> C:\PkgClnup.log -> [Ver = | Size = 16846 bytes | Created Date = 12/22/2006 2:12:18 AM | Attr = ]
ppa.zip -> C:\ppa.zip -> [Ver = | Size = 1931689 bytes | Created Date = 12/23/2006 12:16:35 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\ppa.zip:Zone.Identifier ->
rapport.txt -> C:\rapport.txt -> [Ver = | Size = 1070 bytes | Created Date = 12/26/2006 9:06:47 PM | Attr = ]
rdrivrem.zip -> C:\rdrivrem.zip -> [Ver = | Size = 46332 bytes | Created Date = 12/26/2006 9:48:53 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\rdrivrem.zip:Zone.Identifier ->
reglite.exe -> C:\reglite.exe -> Resplendence Software Projects Sp. [Ver = | Size = 2596584 bytes | Created Date = 12/26/2006 8:35:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\reglite.exe:Zone.Identifier ->
Report-Scan-20061229-105014.txt -> C:\Report-Scan-20061229-105014.txt -> [Ver = | Size = 506 bytes | Created Date = 12/29/2006 1:11:25 PM | Attr = ]
Rnav2003.exe -> C:\Rnav2003.exe -> Symantec [Ver = 3, 0, 0, 11 | Size = 356352 bytes | Created Date = 12/27/2006 8:54:47 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Rnav2003.exe:Zone.Identifier ->
RnisUPG.exe -> C:\RnisUPG.exe -> Symantec Corporation [Ver = 6.0.4.0 | Size = 147456 bytes | Created Date = 12/27/2006 8:54:55 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\RnisUPG.exe:Zone.Identifier ->
setupeng.exe -> C:\setupeng.exe -> [Ver = 1, 1, 0, 0 | Size = 12099848 bytes | Created Date = 12/25/2006 12:01:18 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\setupeng.exe:Zone.Identifier ->
Silent Runners.vbs -> C:\Silent Runners.vbs -> [Ver = | Size = 346902 bytes | Created Date = 12/26/2006 8:43:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Silent Runners.vbs:Zone.Identifier ->
SmitfraudFix.exe -> C:\SmitfraudFix.exe -> [Ver = | Size = 731028 bytes | Created Date = 12/26/2006 9:05:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\SmitfraudFix.exe:Zone.Identifier ->
stng260.exe -> C:\stng260.exe -> McAfee Inc. [Ver = 2.6.0. | Size = 1144839 bytes | Created Date = 12/27/2006 4:59:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\stng260.exe:Zone.Identifier ->
stng260.opt -> C:\stng260.opt -> [Ver = | Size = 17 bytes | Created Date = 12/27/2006 5:46:56 PM | Attr = ]
symantec.txt -> C:\symantec.txt -> [Ver = | Size = 5399 bytes | Created Date = 12/23/2006 2:18:51 PM | Attr = ]
SYMCLN.EXE -> C:\SYMCLN.EXE -> [Ver = | Size = 206665 bytes | Created Date = 12/27/2006 8:55:03 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\SYMCLN.EXE:Zone.Identifier ->
Virtumonde_Remover.exe -> C:\Virtumonde_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 663040 bytes | Created Date = 12/26/2006 5:29:34 PM | Attr = ]
VirtumundoBeGone.exe -> C:\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 12/26/2006 9:14:07 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\VirtumundoBeGone.exe:Zone.Identifier ->
VundoFix.exe -> C:\VundoFix.exe -> Atribune.org [Ver = 6.02.0013 | Size = 88064 bytes | Created Date = 12/26/2006 9:12:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\VundoFix.exe:Zone.Identifier ->
VundoFix.txt -> C:\VundoFix.txt -> [Ver = | Size = 411 bytes | Created Date = 12/26/2006 9:12:59 PM | Attr = ]
Win32_Pipeline_Remover.exe -> C:\Win32_Pipeline_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 657552 bytes | Created Date = 12/26/2006 5:29:29 PM | Attr = ]
WindowsDefender.msi -> C:\WindowsDefender.msi -> [Ver = | Size = 5186048 bytes | Created Date = 12/20/2006 11:43:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\WindowsDefender.msi:Zone.Identifier ->
winpfind3u.exe -> C:\winpfind3u.exe -> [Ver = | Size = 337280 bytes | Created Date = 12/27/2006 10:49:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\winpfind3u.exe:Zone.Identifier ->
zlsSetup_65_737_000_en.exe -> C:\zlsSetup_65_737_000_en.exe -> [Ver = | Size = 13714856 bytes | Created Date = 12/27/2006 5:01:01 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\zlsSetup_65_737_000_en.exe:Zone.Identifier ->
_NavCClt.Log -> C:\_NavCClt.Log -> [Ver = | Size = 6364 bytes | Created Date = 12/22/2006 2:12:15 AM | Attr = H ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Created Date = 12/29/2006 10:04:31 AM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 216 bytes | Created Date = 12/29/2006 2:06:46 AM | Attr = ]
asuninst.exe -> C:\WINDOWS\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 12/21/2006 10:08:24 PM | Attr = ]
AUTOEXEC.NT -> C:\WINDOWS\System32\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 12/26/2006 8:28:17 PM | Attr = ]
Help.ico -> C:\WINDOWS\System32\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 12/21/2006 10:07:55 PM | Attr = ]
locate.com -> C:\WINDOWS\System32\locate.com -> [Ver = | Size = 11254 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
Ntrights.exe -> C:\WINDOWS\System32\Ntrights.exe -> [Ver = | Size = 39184 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
pavas.ico -> C:\WINDOWS\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 12/21/2006 10:07:54 PM | Attr = ]
restart.exe -> C:\WINDOWS\System32\restart.exe -> WareSoft Software [Ver = 1.00 | Size = 16384 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
rrSpy.sys -> C:\WINDOWS\System32\rrSpy.sys -> Resplendence [Ver = 2.00 built by: WinDDK | Size = 21888 bytes | Created Date = 12/26/2006 8:37:05 PM | Attr = ]
strings.exe -> C:\WINDOWS\System32\strings.exe -> [Ver = | Size = 175616 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
Uninstall.ico -> C:\WINDOWS\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 12/21/2006 10:07:55 PM | Attr = ]
zip.exe -> C:\WINDOWS\System32\zip.exe -> [Ver = | Size = 126976 bytes | Created Date = 12/26/2006 9:42:37 PM | Attr = ]
ZPORT4AS.dll -> C:\WINDOWS\System32\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 12/21/2006 10:08:24 PM | Attr = ]
AvgAsCln.sys -> C:\WINDOWS\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 12/29/2006 1:46:27 AM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 12/21/2006 10:44:42 AM | Attr = ]
RKL77.tmp.sys -> C:\WINDOWS\System32\drivers\RKL77.tmp.sys -> Lavasoft AB [Ver = 1.0.0.0 | Size = 7680 bytes | Created Date = 12/26/2006 5:37:22 PM | Attr = ]
tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 12/24/2006 12:08:32 AM | Attr = ]

[Files - Modified Wihin 30 days]
AboutBuster.zip -> C:\AboutBuster.zip -> [Ver = | Size = 39875 bytes | Modified Date = 12/26/2006 9:03:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\AboutBuster.zip:Zone.Identifier ->
aswclnr.exe -> C:\aswclnr.exe -> [Ver = 1, 0, 209, 0 | Size = 403072 bytes | Modified Date = 12/25/2006 12:00:48 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\aswclnr.exe:Zone.Identifier ->
aswclnr.log -> C:\aswclnr.log -> [Ver = | Size = 1064 bytes | Modified Date = 12/25/2006 12:29:50 AM | Attr = ]
ATF-Cleaner.exe -> C:\ATF-Cleaner.exe -> Atribune.org [Ver = 2.00.0008 | Size = 47104 bytes | Modified Date = 12/26/2006 9:02:02 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\ATF-Cleaner.exe:Zone.Identifier ->
avg75free_432a861.exe -> C:\avg75free_432a861.exe -> [Ver = | Size = 17674296 bytes | Modified Date = 12/21/2006 11:04:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\avg75free_432a861.exe:Zone.Identifier ->
avgas-setup-7.5.0.50.exe -> C:\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Modified Date = 12/29/2006 1:46:14 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
bitdefender.html -> C:\bitdefender.html -> [Ver = | Size = 922262 bytes | Modified Date = 12/24/2006 7:55:08 AM | Attr = ]
bleep.txt -> C:\bleep.txt -> [Ver = | Size = 11484 bytes | Modified Date = 12/29/2006 2:05:14 AM | Attr = ]
boot.ini -> C:\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/20/2006 10:23:28 PM | Attr = RHS]
CWShredder.exe -> C:\CWShredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 12/24/2006 1:12:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\CWShredder.exe:Zone.Identifier ->
delcwssk.zip -> C:\delcwssk.zip -> [Ver = | Size = 52461 bytes | Modified Date = 12/26/2006 9:01:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\delcwssk.zip:Zone.Identifier ->
direct.txt -> C:\direct.txt -> [Ver = | Size = 56 bytes | Modified Date = 12/26/2006 9:44:38 PM | Attr = ]
dllcompare.exe -> C:\dllcompare.exe -> Option^Explicit Software [Ver = 1.00.0127 | Size = 122880 bytes | Modified Date = 12/26/2006 8:28:06 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\dllcompare.exe:Zone.Identifier ->
FixBargainbuddy.exe -> C:\FixBargainbuddy.exe -> [Ver = 1.0.4 | Size = 168592 bytes | Modified Date = 12/22/2006 7:28:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\FixBargainbuddy.exe:Zone.Identifier ->
FixBargainbuddy.log -> C:\FixBargainbuddy.log -> [Ver = | Size = 109 bytes | Modified Date = 12/23/2006 12:01:36 AM | Attr = ]
FixIefts.exe -> C:\FixIefts.exe -> Symantec Corporation [Ver = 1.0.1 | Size = 156296 bytes | Modified Date = 12/22/2006 9:16:18 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\FixIefts.exe:Zone.Identifier ->
FixIefts.log -> C:\FixIefts.log -> [Ver = | Size = 46 bytes | Modified Date = 12/22/2006 10:48:44 PM | Attr = ]
Free-Spyware-Scanner-Install.exe -> C:\Free-Spyware-Scanner-Install.exe -> [Ver = | Size = 3441104 bytes | Modified Date = 12/24/2006 11:53:04 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Free-Spyware-Scanner-Install.exe:Zone.Identifier ->
hijackthis.zip -> C:\hijackthis.zip -> [Ver = | Size = 212851 bytes | Modified Date = 12/24/2006 11:27:04 AM | Attr = ]
kaper.html -> C:\kaper.html -> [Ver = | Size = 6384834 bytes | Modified Date = 12/24/2006 10:12:52 PM | Attr = ]
KillBox.exe -> C:\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Modified Date = 12/24/2006 11:45:36 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\KillBox.exe:Zone.Identifier ->
l2mfix.exe -> C:\l2mfix.exe -> [Ver = | Size = 336914 bytes | Modified Date = 12/26/2006 9:42:12 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\l2mfix.exe:Zone.Identifier ->
log.txt -> C:\log.txt -> [Ver = | Size = 546 bytes | Modified Date = 12/27/2006 4:52:44 PM | Attr = ]
logdllcompare.txt -> C:\logdllcompare.txt -> [Ver = | Size = 546 bytes | Modified Date = 12/27/2006 4:52:56 PM | Attr = ]
Look2Me-Destroyer.exe -> C:\Look2Me-Destroyer.exe -> Atribune.org [Ver = 1.00.0012 | Size = 40960 bytes | Modified Date = 12/26/2006 9:14:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Look2Me-Destroyer.exe:Zone.Identifier ->
Look2Me-Destroyer.txt -> C:\Look2Me-Destroyer.txt -> [Ver = | Size = 510 bytes | Modified Date = 12/26/2006 11:28:54 PM | Attr = ]
Look2Me_Remover.exe -> C:\Look2Me_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 678544 bytes | Modified Date = 12/26/2006 5:18:32 PM | Attr = ]
LS-Look2Me-Remover.log -> C:\LS-Look2Me-Remover.log -> [Ver = | Size = 377 bytes | Modified Date = 12/26/2006 5:29:18 PM | Attr = ]
LS-Virtumonde-Remover.log -> C:\LS-Virtumonde-Remover.log -> [Ver = | Size = 384 bytes | Modified Date = 12/26/2006 5:31:28 PM | Attr = ]
LsReCore_L2M.dll -> C:\LsReCore_L2M.dll -> Lavasoft AB [Ver = 1, 0, 0, 1 | Size = 184320 bytes | Modified Date = 12/26/2006 5:29:02 PM | Attr = ]
LsReCore_VM.dll -> C:\LsReCore_VM.dll -> Lavasoft AB [Ver = 2, 0, 0, 1 | Size = 184320 bytes | Modified Date = 12/26/2006 5:31:02 PM | Attr = ]
PkgClnup.log -> C:\PkgClnup.log -> [Ver = | Size = 16846 bytes | Modified Date = 12/22/2006 2:13:36 AM | Attr = ]
ppa.zip -> C:\ppa.zip -> [Ver = | Size = 1931689 bytes | Modified Date = 12/23/2006 12:17:04 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\ppa.zip:Zone.Identifier ->
rapport.txt -> C:\rapport.txt -> [Ver = | Size = 1070 bytes | Modified Date = 12/26/2006 10:03:58 PM | Attr = ]
rdrivrem.zip -> C:\rdrivrem.zip -> [Ver = | Size = 46332 bytes | Modified Date = 12/26/2006 9:49:00 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\rdrivrem.zip:Zone.Identifier ->
reglite.exe -> C:\reglite.exe -> Resplendence Software Projects Sp. [Ver = | Size = 2596584 bytes | Modified Date = 12/26/2006 8:36:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\reglite.exe:Zone.Identifier ->
Report-Scan-20061229-105014.txt -> C:\Report-Scan-20061229-105014.txt -> [Ver = | Size = 506 bytes | Modified Date = 12/29/2006 1:11:26 PM | Attr = ]
Rnav2003.exe -> C:\Rnav2003.exe -> Symantec [Ver = 3, 0, 0, 11 | Size = 356352 bytes | Modified Date = 12/27/2006 8:55:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Rnav2003.exe:Zone.Identifier ->
RnisUPG.exe -> C:\RnisUPG.exe -> Symantec Corporation [Ver = 6.0.4.0 | Size = 147456 bytes | Modified Date = 12/27/2006 8:55:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\RnisUPG.exe:Zone.Identifier ->
setupeng.exe -> C:\setupeng.exe -> [Ver = 1, 1, 0, 0 | Size = 12099848 bytes | Modified Date = 12/25/2006 12:02:06 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\setupeng.exe:Zone.Identifier ->
Silent Runners.vbs -> C:\Silent Runners.vbs -> [Ver = | Size = 346902 bytes | Modified Date = 12/26/2006 8:43:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\Silent Runners.vbs:Zone.Identifier ->
SmitfraudFix.exe -> C:\SmitfraudFix.exe -> [Ver = | Size = 731028 bytes | Modified Date = 12/26/2006 9:06:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\SmitfraudFix.exe:Zone.Identifier ->
stng260.exe -> C:\stng260.exe -> McAfee Inc. [Ver = 2.6.0. | Size = 1144839 bytes | Modified Date = 12/27/2006 4:59:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\stng260.exe:Zone.Identifier ->
stng260.opt -> C:\stng260.opt -> [Ver = | Size = 17 bytes | Modified Date = 12/27/2006 5:46:58 PM | Attr = ]
symantec.txt -> C:\symantec.txt -> [Ver = | Size = 5399 bytes | Modified Date = 12/23/2006 2:18:52 PM | Attr = ]
SYMCLN.EXE -> C:\SYMCLN.EXE -> [Ver = | Size = 206665 bytes | Modified Date = 12/27/2006 8:56:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\SYMCLN.EXE:Zone.Identifier ->
Virtumonde_Remover.exe -> C:\Virtumonde_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 663040 bytes | Modified Date = 12/26/2006 5:19:44 PM | Attr = ]
VirtumundoBeGone.exe -> C:\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 12/26/2006 9:14:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\VirtumundoBeGone.exe:Zone.Identifier ->
VundoFix.exe -> C:\VundoFix.exe -> Atribune.org [Ver = 6.02.0013 | Size = 88064 bytes | Modified Date = 12/26/2006 9:12:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\VundoFix.exe:Zone.Identifier ->
VundoFix.txt -> C:\VundoFix.txt -> [Ver = | Size = 411 bytes | Modified Date = 12/26/2006 10:42:28 PM | Attr = ]
Win32_Pipeline_Remover.exe -> C:\Win32_Pipeline_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 657552 bytes | Modified Date = 12/26/2006 5:19:24 PM | Attr = ]
WindowsDefender.msi -> C:\WindowsDefender.msi -> [Ver = | Size = 5186048 bytes | Modified Date = 12/20/2006 11:43:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\WindowsDefender.msi:Zone.Identifier ->
winpfind3u.exe -> C:\winpfind3u.exe -> [Ver = | Size = 337280 bytes | Modified Date = 12/27/2006 10:49:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\winpfind3u.exe:Zone.Identifier ->
zlsSetup_65_737_000_en.exe -> C:\zlsSetup_65_737_000_en.exe -> [Ver = | Size = 13714856 bytes | Modified Date = 12/27/2006 5:01:36 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\zlsSetup_65_737_000_en.exe:Zone.Identifier ->
_NavCClt.Log -> C:\_NavCClt.Log -> [Ver = | Size = 6364 bytes | Modified Date = 12/22/2006 2:13:54 AM | Attr = H ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/29/2006 10:04:32 AM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/29/2006 10:04:14 AM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 1132064 bytes | Modified Date = 12/29/2006 10:05:50 AM | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 32488 bytes | Modified Date = 12/29/2006 10:02:20 AM | Attr = ]
setupact.log -> C:\WINDOWS\setupact.log -> [Ver = | Size = 204009 bytes | Modified Date = 12/27/2006 4:50:02 PM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 426685 bytes | Modified Date = 12/29/2006 10:05:50 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\setupapi.log:fwvryr ->
system.ini -> C:\WINDOWS\system.ini -> [Ver = | Size = 451 bytes | Modified Date = 12/27/2006 7:51:36 PM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 216 bytes | Modified Date = 12/29/2006 10:02:18 AM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/29/2006 2:06:46 AM | Attr = ]
win.ini -> C:\WINDOWS\win.ini -> [Ver = | Size = 697 bytes | Modified Date = 12/21/2006 10:10:50 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 1312066 bytes | Modified Date = 12/29/2006 10:01:44 AM | Attr = ]
AUTOEXEC.NT -> C:\WINDOWS\System32\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Modified Date = 12/26/2006 8:28:18 PM | Attr = ]
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 12/27/2006 8:08:56 PM | Attr = ]
Help.ico -> C:\WINDOWS\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 12/21/2006 10:07:56 PM | Attr = ]
LegitCheckControl.DLL -> C:\WINDOWS\System32\LegitCheckControl.DLL -> Microsoft Corporation [Ver = 1.5.0723.1 | Size = 1474864 bytes | Modified Date = 12/12/2006 10:45:04 AM | Attr = ]
pavas.ico -> C:\WINDOWS\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 12/21/2006 10:07:56 PM | Attr = ]
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [Ver = | Size = 40196 bytes | Modified Date = 12/10/2006 12:45:28 AM | Attr = ]
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [Ver = | Size = 311934 bytes | Modified Date = 12/10/2006 12:45:28 AM | Attr = ]
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [Ver = | Size = 356126 bytes | Modified Date = 12/10/2006 12:45:28 AM | Attr = ]
Status.MPF -> C:\WINDOWS\System32\Status.MPF -> [Ver = | Size = 71552 bytes | Modified Date = 12/20/2006 10:29:46 AM | Attr = ]
Uninstall.ico -> C:\WINDOWS\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 12/21/2006 10:07:56 PM | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 12/20/2006 11:43:16 PM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 12/23/2006 4:11:54 PM | Attr = ]
RKL77.tmp.sys -> C:\WINDOWS\System32\drivers\RKL77.tmp.sys -> Lavasoft AB [Ver = 1.0.0.0 | Size = 7680 bytes | Modified Date = 12/26/2006 5:37:24 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> C:\aswclnr.exe -> [Ver = 1, 0, 209, 0 | Size = 403072 bytes | Modified Date = 12/25/2006 12:00:48 AM

#12 rxnelson

rxnelson
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 29 December 2006 - 05:48 PM

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> C:\aswclnr.exe -> [Ver = 1, 0, 209, 0 | Size = 403072 bytes | Modified Date = 12/25/2006 12:00:48 AM | Attr = ]
UPX! , UPX0 , -> C:\ATF-Cleaner.exe -> Atribune.org [Ver = 2.00.0008 | Size = 47104 bytes | Modified Date = 12/26/2006 9:02:02 PM | Attr = ]
UPX! , PEC2 , qoologic , aspack , PTech , SAHAgent , abetterinternet.com , WSUD , UPX0 , -> C:\bleep.txt -> [Ver = | Size = 11484 bytes | Modified Date = 12/29/2006 2:05:14 AM | Attr = ]
qoologic , urllogic , urllogic , -> C:\CWShredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 12/24/2006 1:12:20 AM | Attr = ]
UPX! , -> C:\dllcompare.exe -> Option^Explicit Software [Ver = 1.00.0127 | Size = 122880 bytes | Modified Date = 12/26/2006 8:28:06 PM | Attr = ]
UPX! , UPX0 , -> C:\FixBargainbuddy.exe -> [Ver = 1.0.4 | Size = 168592 bytes | Modified Date = 12/22/2006 7:28:40 PM | Attr = ]
UPX! , UPX0 , -> C:\FixIefts.exe -> Symantec Corporation [Ver = 1.0.1 | Size = 156296 bytes | Modified Date = 12/22/2006 9:16:18 PM | Attr = ]
UPX! , UPX0 , -> C:\Free-Spyware-Scanner-Install.exe -> [Ver = | Size = 3441104 bytes | Modified Date = 12/24/2006 11:53:04 AM | Attr = ]
UPX! , UPX0 , -> C:\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.97.0007 | Size = 160768 bytes | Modified Date = 11/18/2003 3:00:50 PM | Attr = ]
UPX! , UPX0 , -> C:\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Modified Date = 12/24/2006 11:45:36 AM | Attr = ]
UPX! , UPX0 , -> C:\l2mfix.exe -> [Ver = | Size = 336914 bytes | Modified Date = 12/26/2006 9:42:12 PM | Attr = ]
UPX! , UPX0 , -> C:\Look2Me-Destroyer.exe -> Atribune.org [Ver = 1.00.0012 | Size = 40960 bytes | Modified Date = 12/26/2006 9:14:28 PM | Attr = ]
UPX! , UPX0 , -> C:\Look2Me_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 678544 bytes | Modified Date = 12/26/2006 5:18:32 PM | Attr = ]
WinShutDown , -> C:\LsReCore_L2M.dll -> Lavasoft AB [Ver = 1, 0, 0, 1 | Size = 184320 bytes | Modified Date = 12/26/2006 5:29:02 PM | Attr = ]
WSUD , -> C:\nav8.exe -> Symantec Corporation [Ver = 1.0.0.387 RELEASE | Size = 35777509 bytes | Modified Date = 1/2/2003 5:22:24 PM | Attr = R ]
UPX! , UPX0 , -> C:\setupeng.exe -> [Ver = 1, 1, 0, 0 | Size = 12099848 bytes | Modified Date = 12/25/2006 12:02:06 AM | Attr = ]
UPX! , UPX0 , -> C:\SmitfraudFix.exe -> [Ver = | Size = 731028 bytes | Modified Date = 12/26/2006 9:06:24 PM | Attr = ]
UPX! , UPX0 , -> C:\stng260.exe -> McAfee Inc. [Ver = 2.6.0. | Size = 1144839 bytes | Modified Date = 12/27/2006 4:59:40 PM | Attr = ]
UPX! , UPX0 , -> C:\Virtumonde_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 663040 bytes | Modified Date = 12/26/2006 5:19:44 PM | Attr = ]
UPX! , UPX0 , -> C:\VundoFix.exe -> Atribune.org [Ver = 6.02.0013 | Size = 88064 bytes | Modified Date = 12/26/2006 9:12:56 PM | Attr = ]
UPX! , UPX0 , -> C:\Win32_Pipeline_Remover.exe -> Lavasoft AB [Ver = 1.0.0.0 | Size = 657552 bytes | Modified Date = 12/26/2006 5:19:24 PM | Attr = ]
PTech , -> C:\WindowsDefender.msi -> [Ver = | Size = 5186048 bytes | Modified Date = 12/20/2006 11:43:50 PM | Attr = ]
PEC2 , PECompact2 , -> C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe -> Adobe Systems [Ver = 2.0.0.43 | Size = 414208 bytes | Modified Date = 11/12/2004 10:36:04 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 9/29/2004 11:36:24 AM | Attr = ]
PTech , -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\1033\WkCalLng.dll -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 196608 bytes | Modified Date = 4/16/2003 6:14:56 PM | Attr = R ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = ]
SAHAgent , -> C:\WINDOWS\System32\gah95on6.ini -> [Ver = | Size = 3168 bytes | Modified Date = 9/3/2005 2:52:56 PM | Attr = ]
UPX! , -> C:\WINDOWS\System32\locate.com -> [Ver = | Size = 11254 bytes | Modified Date = 1/13/2005 9:41:48 PM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 3:04:34 PM | Attr = ]
UPX! , WSUD , UPX0 , -> C:\WINDOWS\System32\strings.exe -> [Ver = | Size = 175616 bytes | Modified Date = 1/20/2005 1:47:50 PM | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 11/19/2003 2:59:36 PM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 5.0.117.0 | Size = 427864 bytes | Modified Date = 6/14/2004 2:56:26 PM | Attr = ]
PTech , -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:50:14 AM 12/29/2006

+ Scan result:



Nothing found.


::Report end



Explorer killed successfully
[Registry - Non-Microsoft Only]
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Cleanup .
File C:\DOCUME~1\Jeff\LOCALS~1\Temp\20061227201418_mcappins.exe not found!
< End of log >
Created on 12/29/2006 09:44:03

#13 rxnelson

rxnelson
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 29 December 2006 - 05:50 PM

It appears that in safe mode the one user account is still pointing to the CWS url

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:47 PM

Posted 30 December 2006 - 06:56 PM

Hi rxnelson. The log looks pretty good. No active files, just a few dead entries to take care of. The fix log does not look like it has hardly any information in it. I wonder about that.

There is a new version of WinPFind3u out that will disply the fix log when the fix is complete. Please delete any current WinPFind3u files/folders on your desktop and download the new version below.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Win32 Services - Non-Microsoft Only]
YY -> (jciatwajgonujux) jciatwajgonujux [Win32_Own | Disabled | Stopped] -> C:\WINDOWS\system32\gonujux\jciatwaj.exe
[Registry - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\
YN -> Aaou -> C:\Documents and Settings\Jeff\Application Data\to?lkf.exe
YN -> aavcaag -> C:\WINDOWS\system32\idhwswc\aavcaag.exe
YN -> apakapj -> C:\WINDOWS\system32\ksnvoqno\apakapj.exe
YN -> api3t -> C:\WINDOWS\system32\api3t.exe
YN -> astiti -> C:\WINDOWS\system32\samlqcwa\astiti.exe
YN -> atlfh.exe -> C:\WINDOWS\system32\atlfh.exe
YN -> ausdtjq -> C:\WINDOWS\system32\etadotbm\ausdtjq.exe
YN -> Ayivjsjp -> C:\WINDOWS\system32\r?gsvr32.exe
YN -> bainlars -> C:\WINDOWS\system32\cgdn\bainlars.exe
YN -> bcachew -> C:\WINDOWS\system32\bcachew.exe
YN -> beofkk -> C:\WINDOWS\system32\svlua\beofkk.exe
YN -> btmc -> C:\WINDOWS\system32\vgqlbs\btmc.exe
YN -> cbrioa -> C:\WINDOWS\system32\iwnkvl\cbrioa.exe
YN -> cixac -> C:\WINDOWS\system32\hmbiar\cixac.exe
YN -> dakdygk -> C:\WINDOWS\System32\lhyicww\dakdygk.exe
YN -> dbemasn -> C:\WINDOWS\System32\kslq\dbemasn.exe
YN -> dfbkwhw -> C:\WINDOWS\system32\kcec\dfbkwhw.exe
YN -> djgiixn -> C:\WINDOWS\system32\gudvckae\djgiixn.exe
YN -> dvieu -> C:\WINDOWS\system32\ilrxfv\dvieu.exe
YN -> ebltfswt -> C:\WINDOWS\system32\hdqd\ebltfswt.exe
YN -> edjsnm -> C:\WINDOWS\system32\vjjdcp\edjsnm.exe
YN -> eqnmfyuu -> C:\WINDOWS\system32\toyxhc\eqnmfyuu.exe
YN -> eTrust PestPatrol Active Protection -> C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
YN -> evypqcj -> C:\WINDOWS\system32\sfoqeyfw\evypqcj.exe
YN -> fhfbw -> C:\WINDOWS\System32\vfknc\fhfbw.exe
YN -> gcasServ -> C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
YN -> gfeacdbv -> C:\WINDOWS\system32\qldpmpt\gfeacdbv.exe
YN -> gfjhpmne -> C:\WINDOWS\System32\dhpvbom\gfjhpmne.exe
YN -> GoGoTray.exe -> C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
YN -> hasqof -> C:\WINDOWS\System32\pjqgcad\hasqof.exe
YN -> hmksgssj -> C:\WINDOWS\system32\ehyijvcl\hmksgssj.exe
YN -> hojgxo -> C:\WINDOWS\System32\jbmnj\hojgxo.exe
YN -> hshnin -> C:\WINDOWS\TEMP\ltilo.exe
YN -> htqk -> C:\WINDOWS\system32\jjbyllm\htqk.exe
YN -> hullcua -> C:\WINDOWS\system32\khgie\hullcua.exe
YN -> iamapp -> C:\Program Files\Norton Internet Security\IAMAPP.EXE
YN -> ibyt -> C:\WINDOWS\system32\gaosqli\ibyt.exe
YN -> ielfe -> C:\WINDOWS\system32\nnhklqfk\ielfe.exe
YN -> ihrp -> C:\WINDOWS\system32\fwya\ihrp.exe
YN -> inftb32w -> C:\WINDOWS\system32\inftb32w.exe
YN -> ippy.exe -> C:\WINDOWS\system32\ippy.exe
YN -> jbhkaafj -> C:\WINDOWS\System32\hliojyxy\jbhkaafj.exe
YN -> jciatwaj -> C:\WINDOWS\system32\gonujux\jciatwaj.exe
YN -> jlxvlqeb -> C:\WINDOWS\system32\hdtjmm\jlxvlqeb.exe
YN -> jtotad -> C:\WINDOWS\system32\tlcsmvf\jtotad.exe
YN -> jwjo -> C:\WINDOWS\system32\qyrlpb\jwjo.exe
YN -> kbum -> C:\WINDOWS\system32\fxjyt\kbum.exe
YN -> kcsqtoay -> C:\WINDOWS\system32\eeakyq\kcsqtoay.exe
YN -> kfpjqk -> C:\WINDOWS\system32\gvjink\kfpjqk.exe
YN -> khkjcnxa -> C:\WINDOWS\system32\hsrej\khkjcnxa.exe
YN -> lbjj -> C:\WINDOWS\system32\kbfdpa\lbjj.exe
YN -> lhhjdj -> C:\WINDOWS\system32\sceyj\lhhjdj.exe
YN -> llclf -> C:\WINDOWS\System32\niqsbs\llclf.exe
YN -> lmwjyve -> C:\WINDOWS\system32\iwrddabe\lmwjyve.exe
YN -> lpxs -> C:\WINDOWS\system32\armbl\lpxs.exe
YN -> lxvc -> C:\WINDOWS\system32\ibqqqufp\lxvc.exe
YN -> mayqxwh -> C:\WINDOWS\System32\wqsml\mayqxwh.exe
YN -> MCAgentExe -> c:\PROGRA~1\mcafee.com\agent\mcagent.exe
YN -> mcfgx -> C:\WINDOWS\system32\gvifd\mcfgx.exe
YN -> MCUpdateExe -> C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
YN -> mecxpbmh -> C:\WINDOWS\system32\ycmxbya\mecxpbmh.exe
YN -> mgxxycrm -> C:\WINDOWS\System32\rjakoasn\mgxxycrm.exe
YN -> mhlb -> C:\WINDOWS\system32\rvbn\mhlb.exe
YN -> MPFExe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
YN -> MPSExe -> C:\Program Files\McAfee.com\MPS\mscifapp.exe
YN -> MSKAGENTEXE -> C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
YN -> MSKDetectorExe -> C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe
YN -> msnmsgr -> C:\Program Files\MSN Messenger\msnmsgr.exe
YN -> NAV Agent -> C:\PROGRA~1\NORTON~1\navapw32.exe
YN -> nhbexs -> C:\WINDOWS\system32\roreu\nhbexs.exe
YN -> njufo -> C:\WINDOWS\system32\govlqxj\njufo.exe
YN -> nlgskqh -> C:\WINDOWS\System32\rmcge\nlgskqh.exe
YN -> nnhgwwy -> C:\WINDOWS\system32\avfrdx\nnhgwwy.exe
YN -> nnnyha -> C:\WINDOWS\system32\nwgdrks\nnnyha.exe
YN -> nqijxwty -> C:\WINDOWS\system32\auclgi\nqijxwty.exe
YN -> Nsv -> C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
YN -> ntqm.exe -> C:\WINDOWS\system32\ntqm.exe
YN -> ocbgls -> C:\WINDOWS\system32\vchgw\ocbgls.exe
YN -> ovei -> C:\WINDOWS\system32\lbujre\ovei.exe
YN -> ovfehcop -> C:\WINDOWS\system32\ecomqjb\ovfehcop.exe
YN -> pccpxoia -> C:\WINDOWS\system32\trlhoog\pccpxoia.exe
YN -> pdvvd -> C:\WINDOWS\system32\goqtfc\pdvvd.exe
YN -> pidqivms -> C:\WINDOWS\system32\ypfaje\pidqivms.exe
YN -> pourhyqm -> C:\WINDOWS\system32\iilb\pourhyqm.exe
YN -> ppkunwq -> C:\WINDOWS\system32\cicoksym\ppkunwq.exe
YN -> qhxxn -> C:\WINDOWS\system32\kkkrwbmi\qhxxn.exe
YN -> qnsbtl -> C:\WINDOWS\system32\wwcjewsl\qnsbtl.exe
YN -> qpanx -> C:\WINDOWS\System32\cdqkdw\qpanx.exe
YN -> qxor -> C:\WINDOWS\system32\fhjpbuph\qxor.exe
YN -> rbmkiv -> C:\WINDOWS\system32\nddhonra\rbmkiv.exe
YN -> rcchgi -> C:\WINDOWS\system32\grxtlyfk\rcchgi.exe
YN -> refyyyuy -> C:\WINDOWS\system32\kdipam\refyyyuy.exe
YN -> rnsu -> C:\WINDOWS\System32\qsecgeet\rnsu.exe
YN -> rqghhh -> C:\WINDOWS\system32\fdrn\rqghhh.exe
YN -> sarjm -> C:\WINDOWS\system32\nwaueebv\sarjm.exe
YN -> sgwsamp -> C:\WINDOWS\system32\ypca\sgwsamp.exe
YN -> shtmlm -> C:\WINDOWS\system32\shtmlm.exe
YN -> smhqooct -> C:\WINDOWS\system32\liuob\smhqooct.exe
YN -> sqeki -> C:\WINDOWS\system32\jese\sqeki.exe
YN -> tcvfu -> C:\WINDOWS\System32\lneyoc\tcvfu.exe
YN -> tklh -> C:\WINDOWS\system32\lnmjcve\tklh.exe
YN -> tqiti -> C:\WINDOWS\system32\wdqnmqne\tqiti.exe
YN -> uckexn -> C:\WINDOWS\system32\poqcnb\uckexn.exe
YN -> urllkh -> C:\WINDOWS\system32\pwmgv\urllkh.exe
YN -> UserFaultCheck ->
YN -> vefnutau -> C:\WINDOWS\system32\wgsi\vefnutau.exe
YN -> ViewMgr -> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
YN -> VirusScan Online -> c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
YN -> vjrae -> C:\WINDOWS\System32\olxq\vjrae.exe
YN -> VSOCheckTask -> c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
YN -> vubgxl -> C:\WINDOWS\system32\irgsosu\vubgxl.exe
YN -> vwpnpcog -> C:\WINDOWS\System32\hjmqduxw\vwpnpcog.exe
YN -> wljxkbgn -> C:\WINDOWS\system32\xxqpixwm\wljxkbgn.exe
YN -> wnjxgu -> C:\WINDOWS\System32\ujyiasb\wnjxgu.exe
YN -> wridyxl -> C:\WINDOWS\system32\fkbfyk\wridyxl.exe
YN -> wxlcrie -> C:\WINDOWS\system32\dghelvr\wxlcrie.exe
YN -> xptjn -> C:\WINDOWS\system32\xhklfg\xptjn.exe
YN -> xyofkviy -> C:\WINDOWS\system32\djoway\xyofkviy.exe
YN -> ybqo -> C:\WINDOWS\system32\ywqdyoy\ybqo.exe
YN -> ydggq -> C:\WINDOWS\system32\aaxbg\ydggq.exe
YN -> yihrfgp -> C:\WINDOWS\system32\nyseepmf\yihrfgp.exe
YN -> ykgnbmv -> C:\WINDOWS\system32\tfqd\ykgnbmv.exe
< Internet Explorer Settings > ->
YN -> HKCU: Start Page -> http://213.159.117.134/index.php
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]


The fix should only take a very short time. When it is complete a message will pop up saying that the fix has finished. Click on the Ok button and Notepad will open with a log file of everything that occurred during the fix. Please post that log file back here.

I will review the information when it comes back in.

One other thing. It looks like Norton Anti-Virus was installed but is no longer on the machine. If that is true then I highly recommend getting an anti-virus installed and running. If you need an anti-virus program here are a couple of good free versions:Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 rxnelson

rxnelson
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 31 December 2006 - 09:26 PM

[Win32 Services - Non-Microsoft Only]
Service jciatwajgonujux stopped successfully.
Service jciatwajgonujux deleted successfully.
File C:\WINDOWS\system32\gonujux\jciatwaj.exe not found!
[Registry - Non-Microsoft Only]
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\Aaou .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\aavcaag .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\apakapj .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\api3t .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\astiti .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\atlfh.exe .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ausdtjq .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\Ayivjsjp .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\bainlars .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\bcachew .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\beofkk .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\btmc .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\cbrioa .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\cixac .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\dakdygk .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\dbemasn .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\dfbkwhw .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\djgiixn .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\dvieu .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ebltfswt .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\edjsnm .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\eqnmfyuu .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\eTrust PestPatrol Active Protection .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\evypqcj .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\fhfbw .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\gcasServ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\gfeacdbv .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\gfjhpmne .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\GoGoTray.exe .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\hasqof .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\hmksgssj .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\hojgxo .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\hshnin .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\htqk .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\hullcua .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\iamapp .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ibyt .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ielfe .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ihrp .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\inftb32w .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ippy.exe .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\jbhkaafj .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\jciatwaj .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\jlxvlqeb .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\jtotad .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\jwjo .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\kbum .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\kcsqtoay .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\kfpjqk .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\khkjcnxa .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\lbjj .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\lhhjdj .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\llclf .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\lmwjyve .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\lpxs .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\lxvc .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\mayqxwh .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\MCAgentExe .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\mcfgx .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\MCUpdateExe .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\mecxpbmh .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\mgxxycrm .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\mhlb .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\MPFExe .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\MPSExe .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\MSKAGENTEXE .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\MSKDetectorExe .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\msnmsgr .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\NAV Agent .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\nhbexs .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\njufo .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\nlgskqh .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\nnhgwwy .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\nnnyha .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\nqijxwty .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\Nsv .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ntqm.exe .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ocbgls .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ovei .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ovfehcop .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\pccpxoia .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\pdvvd .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\pidqivms .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\pourhyqm .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ppkunwq .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\qhxxn .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\qnsbtl .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\qpanx .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\qxor .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\rbmkiv .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\rcchgi .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\refyyyuy .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\rnsu .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\rqghhh .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\sarjm .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\sgwsamp .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\shtmlm .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\smhqooct .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\sqeki .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\tcvfu .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\tklh .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\tqiti .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\uckexn .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\urllkh .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\UserFaultCheck .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\vefnutau .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ViewMgr .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\VirusScan Online .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\vjrae .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\VSOCheckTask .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\vubgxl .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\vwpnpcog .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\wljxkbgn .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\wnjxgu .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\wridyxl .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\wxlcrie .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\xptjn .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\xyofkviy .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ybqo .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ydggq .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\yihrfgp .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\ykgnbmv .
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
< End of log >
Created on 12/31/2006 21:23:46




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users