Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware Popup Purityscan Trojan


  • This topic is locked This topic is locked
12 replies to this topic

#1 dragowrx1

dragowrx1

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 31 December 2006 - 02:17 AM

Recently i just got this trojan where ads would randomly pop-up. I ran my 3 of my antispyware and antivirus but still could not get rid of it.. I delted the 888toolbar and certain things but every once in a while the pop up will come up still. Here is my Hijack log Thanks guys!!

Logfile of HijackThis v1.99.1
Scan saved at 11:24:29 PM, on 12/30/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\FNTS~1\spool32.exe
C:\Documents and Settings\Naruto_Kun\Application Data\F?nts\w?aclt.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {D91EE4FF-7C64-2E90-13D4-72F2C62016B5} - C:\WINDOWS\System32\faswbu.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {D91EE4FF-7C64-2E90-13D4-72F2C62016B5} - C:\WINDOWS\System32\faswbu.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [{900FD1A1-0321-1033-0922-000118000001}] "C:\Program Files\Common Files\{900FD1A1-0321-1033-0922-000118000001}\Update.exe" te-110-12-0000213
O4 - HKCU\..\Run: [Aulc] "C:\PROGRA~1\FNTS~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [Opow] C:\Documents and Settings\Naruto_Kun\Application Data\F?nts\w?aclt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120452158733
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000213 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

Edited by dragowrx1, 31 December 2006 - 02:25 AM.


BC AdBot (Login to Remove)

 


#2 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:39 PM

Posted 31 December 2006 - 03:23 AM

Hi dragowrx1 and welcome to the forums :flowers:

You got infections there...

Before we can start the cleaning I need you to do something important.

Please download and install Windows XP Service Pack 1A -> Windows XP SP1a
You may also download and install it via Windows Update

NOTE! Do NOT install Service Pack 2 yet. We'll have to get you cleaned first

Post a fresh HijackThis log when you're ready :thumbsup:
UNITE & ASAP member since 2006
Posted Image
Posted Image

#3 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 31 December 2006 - 09:12 PM

sorry for the wait i just updated to SP1 here is my log file now heh thanks alot man. HAPPY NEW YEARS TO YOU.

Logfile of HijackThis v1.99.1
Scan saved at 6:10:01 PM, on 12/31/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Documents and Settings\Naruto_Kun\Application Data\F?nts\w?aclt.exe
C:\PROGRA~1\MBOLS~1\smss.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R3 - URLSearchHook: (no name) - {D91EE4FF-7C64-2E90-13D4-72F2C62016B5} - C:\WINDOWS\System32\faswbu.dll
R3 - URLSearchHook: (no name) - {44821D28-D4E2-8214-C529-8DCD551983B5} - C:\WINDOWS\System32\ygm.dll
R3 - URLSearchHook: (no name) - {2610EF37-7BF7-7304-897D-78129835E1B1} - C:\WINDOWS\System32\ctazck.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2610EF37-7BF7-7304-897D-78129835E1B1} - C:\WINDOWS\System32\ctazck.dll
O2 - BHO: (no name) - {44821D28-D4E2-8214-C529-8DCD551983B5} - C:\WINDOWS\System32\ygm.dll
O2 - BHO: (no name) - {D91EE4FF-7C64-2E90-13D4-72F2C62016B5} - C:\WINDOWS\System32\faswbu.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [{900FD1A1-0321-1033-0922-000118000001}] "C:\Program Files\Common Files\{900FD1A1-0321-1033-0922-000118000001}\Update.exe" te-110-12-0000213
O4 - HKCU\..\Run: [Aulc] "C:\PROGRA~1\FNTS~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [Opow] C:\Documents and Settings\Naruto_Kun\Application Data\F?nts\w?aclt.exe
O4 - HKCU\..\Run: [Tese] "C:\WINDOWS\System32\DOBE~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [Sfw] C:\WINDOWS\?ymbols\w?auclt.exe
O4 - HKCU\..\Run: [Eats] "C:\PROGRA~1\MBOLS~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Lsfb] C:\WINDOWS\?racle\??anregw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120452158733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167593087889
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000213 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

Edited by dragowrx1, 31 December 2006 - 09:14 PM.


#4 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:39 PM

Posted 01 January 2007 - 02:40 AM

Hi again, we'll begin the cleaning.

Happy New Year to you too :flowers:

You should print these instructions or save these to a text file. Follow these instructions carefully.

First install MVPS HOSTS:

Download and unzip hosts.zip from HERE to a folder (hosts).

When you get a chance please read more about what we are doing HERE.

Here's a Tutorial on how to install it, but it's installed like this:

Open up the hosts folder and double-click on the mvps.bat file, it will rename your present HOSTS file to HOSTS.MVP, then it will copy the new HOSTS file to the correct location on your machine. It happens very quickly so don't blink!

You're done with this step.

Next....

Look in your control panels add/remove programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
and any other programs you didn't install or don't recognize - if your not sure please ask first


Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

:thumbsup:

Edited by Mr_JAk3, 01 January 2007 - 02:40 AM.

UNITE & ASAP member since 2006
Posted Image
Posted Image

#5 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 01 January 2007 - 03:39 AM

Heh thanks man :thumbsup: i apreciate ur help!! ok i uninstall everything that look werid which was only outerinfo left using the add/remove program. When i was using open and launch the OIuninstaller.exe it said it was incompelete or corrupted... but outer info is gone for now. Here is my combofix log

Naruto_Kun - 07-01-01 0:32:48.69 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Program Files\Avant Browser\Skins"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{300FD1A1-0321-1033-0922-000118000001}
C:\Program Files\Common Files\{900FD1A1-0321-1033-0922-000118000001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Naruto_Kun\Application Data\FNTS~1
C:\QooBox\Purity\Documents and Settings\Naruto_Kun\Application Data\FNTS~1\w?aclt.exe
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\FNTS~1\F?nts
C:\QooBox\Purity\Program Files\FNTS~1\spool32.exe
C:\QooBox\Purity\Program Files\MBOLS~1\smss.exe
C:\QooBox\Purity\Program Files\MBOLS~1\??mbols
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\YMBOLS~1
C:\QooBox\Purity\WINDOWS\RACLE~1\??anregw.exe
C:\QooBox\Purity\WINDOWS\system32\DOBE~1
C:\QooBox\Purity\WINDOWS\system32\WNSXS~1
C:\QooBox\Purity\WINDOWS\system32\DOBE~1\lsass.exe
C:\QooBox\Purity\WINDOWS\system32\DOBE~1\?dobe
C:\QooBox\Purity\WINDOWS\YMBOLS~1\w?auclt.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))


2006-12-31 16:59 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-12-31 16:53 29,696 --------- C:\WINDOWS\system32\asr_pfu.exe
2006-12-31 16:53 17,792 --------- C:\WINDOWS\system32\drivers\irbus.sys
2006-12-31 16:53 10,752 --------- C:\WINDOWS\system32\spiisupd.exe
2006-12-31 16:53 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2006-12-31 16:53 <DIR> d-------- C:\WINDOWS\ehome
2006-12-31 16:52 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2006-12-31 16:52 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-12-31 16:52 67,200 --a------ C:\WINDOWS\system32\drivers\mqac.sys
2006-12-31 16:52 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-12-31 16:52 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-12-31 16:52 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-12-31 16:52 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2006-12-31 16:52 5,120 --------- C:\WINDOWS\system32\hccoin.dll
2006-12-31 16:52 450,176 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-31 16:52 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2006-12-31 16:52 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-12-31 16:52 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-12-31 16:52 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-12-31 16:52 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-12-31 16:52 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-12-31 16:52 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2006-12-31 16:52 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-12-31 16:52 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-12-31 16:52 218,112 --------- C:\WINDOWS\system32\sbe.dll
2006-12-31 16:52 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-12-31 16:52 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-12-31 16:52 19,328 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-12-31 16:52 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-12-31 16:52 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-12-31 16:52 172,032 --------- C:\WINDOWS\system32\mssap.dll
2006-12-31 16:52 156,544 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-12-31 16:52 155,648 --------- C:\WINDOWS\system32\encdec.dll
2006-12-31 16:52 13,056 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-12-31 16:52 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-12-31 16:52 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2006-12-31 16:52 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-12-31 16:52 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-12-31 16:52 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-12-31 16:51 89,088 --a------ C:\WINDOWS\system32\mqsec.dll
2006-12-31 16:51 73,728 --a------ C:\WINDOWS\system32\tlntsess.exe
2006-12-31 16:51 7,168 --a------ C:\WINDOWS\system32\tlntsvrp.dll
2006-12-31 16:51 67,584 --a------ C:\WINDOWS\system32\tlntsvr.exe
2006-12-31 16:51 67,584 --a------ C:\WINDOWS\system32\fdeploy.dll
2006-12-31 16:51 613,888 --a------ C:\WINDOWS\system32\mqqm.dll
2006-12-31 16:51 57,856 --a------ C:\WINDOWS\system32\tlntadmn.exe
2006-12-31 16:51 57,344 --a------ C:\WINDOWS\system32\nwwks.dll
2006-12-31 16:51 545,792 --a------ C:\WINDOWS\system32\wsecedit.dll
2006-12-31 16:51 478,720 --a------ C:\WINDOWS\system32\mqsnap.dll
2006-12-31 16:51 469,504 --a------ C:\WINDOWS\system32\mqutil.dll
2006-12-31 16:51 277,504 --a------ C:\WINDOWS\system32\appmgr.dll
2006-12-31 16:51 231,936 --a------ C:\WINDOWS\system32\tracerpt.exe
2006-12-31 16:51 183,296 --a------ C:\WINDOWS\system32\gptext.dll
2006-12-31 16:51 164,864 --a------ C:\WINDOWS\system32\mqrt.dll
2006-12-31 16:51 164,352 --a------ C:\WINDOWS\system32\mqtrig.dll
2006-12-31 16:51 156,672 --a------ C:\WINDOWS\system32\appmgmts.dll
2006-12-31 16:51 14,848 --a------ C:\WINDOWS\system32\mqise.dll
2006-12-31 16:51 130,048 --a------ C:\WINDOWS\system32\mqad.dll
2006-12-31 16:51 113,664 --a------ C:\WINDOWS\system32\schtasks.exe
2006-12-31 16:51 113,152 --a------ C:\WINDOWS\system32\gpresult.exe
2006-12-31 16:51 103,936 --a------ C:\WINDOWS\system32\rsnotify.exe
2006-12-31 16:49 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-12-31 16:49 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2006-12-31 16:49 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-12-31 16:49 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-12-31 16:49 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-12-31 16:49 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-12-31 16:49 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-12-31 16:49 74,810 --a------ C:\WINDOWS\system32\atl.dll
2006-12-31 16:49 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-12-31 16:49 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2006-12-31 16:49 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-12-31 16:49 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2006-12-31 16:49 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-12-31 16:49 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-12-31 16:49 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-12-31 16:49 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-12-31 16:49 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-12-31 16:49 55,296 --a------ C:\WINDOWS\system32\digest.dll
2006-12-31 16:49 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2006-12-31 16:49 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-12-31 16:49 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-12-31 16:49 49,152 --a------ C:\WINDOWS\system32\browser.dll
2006-12-31 16:49 471,040 --a------ C:\WINDOWS\system32\cryptui.dll
2006-12-31 16:49 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-12-31 16:49 41,984 --a------ C:\WINDOWS\system32\alg.exe
2006-12-31 16:49 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-12-31 16:49 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-12-31 16:49 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-12-31 16:49 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-12-31 16:49 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-12-31 16:49 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2006-12-31 16:49 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-12-31 16:49 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-12-31 16:49 263,680 --a------ C:\WINDOWS\system32\duser.dll
2006-12-31 16:49 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2006-12-31 16:49 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-12-31 16:49 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-12-31 16:49 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-12-31 16:49 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-12-31 16:49 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-12-31 16:49 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2006-12-31 16:49 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-12-31 16:49 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-12-31 16:49 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-12-31 16:49 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2006-12-31 16:49 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2006-12-31 16:49 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-12-31 16:49 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-12-31 16:49 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-12-31 16:49 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-12-31 16:49 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2006-12-31 16:49 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-12-31 16:49 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2006-12-31 16:49 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
2006-12-31 16:49 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-12-31 16:49 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-12-31 16:49 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-12-31 16:48 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
2006-12-31 16:48 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-12-31 16:48 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-12-31 16:48 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-12-31 16:48 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-12-31 16:48 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-12-31 16:48 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2006-12-31 16:48 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-12-31 16:48 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2006-12-31 16:48 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2006-12-31 16:48 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-12-31 16:48 64,512 --a------ C:\WINDOWS\system32\msiexec.exe
2006-12-31 16:48 60,928 --a------ C:\WINDOWS\system32\ipv6.exe
2006-12-31 16:48 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2006-12-31 16:48 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-12-31 16:48 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-12-31 16:48 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-12-31 16:48 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-12-31 16:48 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-12-31 16:48 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-12-31 16:48 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2006-12-31 16:48 435,200 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-12-31 16:48 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-12-31 16:48 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-12-31 16:48 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-12-31 16:48 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-12-31 16:48 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-12-31 16:48 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2006-12-31 16:48 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-12-31 16:48 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-12-31 16:48 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
2006-12-31 16:48 305,664 --a------ C:\WINDOWS\system32\msihnd.dll
2006-12-31 16:48 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-12-31 16:48 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-12-31 16:48 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-12-31 16:48 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2006-12-31 16:48 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2006-12-31 16:48 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-12-31 16:48 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-12-31 16:48 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
2006-12-31 16:48 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-12-31 16:48 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2006-12-31 16:48 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-12-31 16:48 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-12-31 16:48 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-12-31 16:48 2,086,400 --a------ C:\WINDOWS\system32\msi.dll
2006-12-31 16:48 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-12-31 16:48 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-12-31 16:48 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-12-31 16:48 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2006-12-31 16:48 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-12-31 16:48 165,376 --a------ C:\WINDOWS\system32\els.dll
2006-12-31 16:48 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-12-31 16:48 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-12-31 16:48 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2006-12-31 16:48 134,144 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-12-31 16:48 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-12-31 16:48 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-12-31 16:48 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-12-31 16:48 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2006-12-31 16:48 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-12-31 16:48 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-12-31 16:48 114,176 --a------ C:\WINDOWS\system32\input.dll
2006-12-31 16:48 113,152 --a------ C:\WINDOWS\system32\idq.dll
2006-12-31 16:48 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2006-12-31 16:48 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-12-31 16:48 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-12-31 16:47 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-12-31 16:47 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-12-31 16:47 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-12-31 16:47 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2006-12-31 16:47 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-12-31 16:47 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-12-31 16:47 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2006-12-31 16:47 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-12-31 16:47 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-12-31 16:47 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2006-12-31 16:47 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2006-12-31 16:47 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-12-31 16:47 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-12-31 16:47 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-12-31 16:47 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-12-31 16:47 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-12-31 16:47 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2006-12-31 16:47 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-12-31 16:47 548,864 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-12-31 16:47 530,432 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-12-31 16:47 53,248 --a------ C:\WINDOWS\system32\packager.exe
2006-12-31 16:47 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-12-31 16:47 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-12-31 16:47 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-12-31 16:47 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-12-31 16:47 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-12-31 16:47 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2006-12-31 16:47 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-12-31 16:47 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-12-31 16:47 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2006-12-31 16:47 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-12-31 16:47 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-12-31 16:47 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-12-31 16:47 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-12-31 16:47 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-12-31 16:47 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-12-31 16:47 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-31 16:47 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2006-12-31 16:47 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-12-31 16:47 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-12-31 16:47 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-12-31 16:47 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2006-12-31 16:47 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2006-12-31 16:47 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-12-31 16:47 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-12-31 16:47 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-12-31 16:47 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-12-31 16:47 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-12-31 16:47 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2006-12-31 16:47 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-12-31 16:47 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2006-12-31 16:47 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-12-31 16:47 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-12-31 16:47 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-12-31 16:47 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-12-31 16:47 154,112 --a------ C:\WINDOWS\system32\netman.dll
2006-12-31 16:47 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-12-31 16:47 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-12-31 16:47 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-12-31 16:47 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-12-31 16:47 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-12-31 16:47 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-12-31 16:47 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-12-31 16:47 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-12-31 16:47 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-12-31 16:47 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-12-31 16:47 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-12-31 16:47 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-12-31 16:47 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2006-12-31 16:47 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2006-12-31 16:47 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-12-31 16:47 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2006-12-31 16:47 1,169,920 --a------ C:\WINDOWS\system32\ole32.dll
2006-12-31 16:47 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2006-12-31 16:46 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-12-31 16:46 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-12-31 16:46 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2006-12-31 16:46 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-12-31 16:46 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-12-31 16:46 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-12-31 16:46 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-12-31 16:46 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-12-31 16:46 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-12-31 16:46 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-12-31 16:46 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2006-12-31 16:46 61,952 --a------ C:\WINDOWS\system32\sti.dll
2006-12-31 16:46 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2006-12-31 16:46 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-12-31 16:46 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-12-31 16:46 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-12-31 16:46 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-12-31 16:46 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-12-31 16:46 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-12-31 16:46 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2006-12-31 16:46 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-12-31 16:46 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-12-31 16:46 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-12-31 16:46 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-12-31 16:46 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-12-31 16:46 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-12-31 16:46 36,352 --a------ C:\WINDOWS\system32\sens.dll
2006-12-31 16:46 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-12-31 16:46 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-12-31 16:46 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-12-31 16:46 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2006-12-31 16:46 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2006-12-31 16:46 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-12-31 16:46 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-12-31 16:46 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-12-31 16:46 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-12-31 16:46 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-12-31 16:46 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-12-31 16:46 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-12-31 16:46 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-12-31 16:46 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-12-31 16:46 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-12-31 16:46 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-12-31 16:46 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-12-31 16:46 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-12-31 16:46 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2006-12-31 16:46 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-12-31 16:46 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-12-31 16:46 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-12-31 16:46 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2006-12-31 16:46 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2006-12-31 16:46 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-12-31 16:46 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-12-31 16:46 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-12-31 16:46 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-12-31 16:46 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-12-31 16:46 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-12-31 16:46 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-12-31 16:46 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2006-12-31 16:46 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2006-12-31 16:46 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-12-31 16:46 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-31 16:46 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-12-31 16:46 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-12-31 16:46 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-12-31 16:46 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-12-31 16:46 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-12-31 16:45 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-12-31 16:45 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-12-31 16:45 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-12-31 16:45 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-12-31 16:45 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2006-12-31 16:45 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-12-31 16:45 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-12-31 16:45 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-12-31 16:45 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2006-12-31 16:45 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-12-31 16:45 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-12-31 16:45 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-12-31 16:45 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-31 16:45 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-12-31 16:45 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2006-12-31 16:45 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-12-31 16:45 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2006-12-31 16:45 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-12-31 16:45 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-12-31 16:45 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2006-12-31 16:45 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2006-12-31 16:45 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2006-12-31 16:45 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-12-31 16:45 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2006-12-31 16:45 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-12-31 16:21 <DIR> d-------- C:\68d3a67382cdbd72b03171b
2006-12-31 16:17 57,856 --a------ C:\WINDOWS\system32\ctazck.dll
2006-12-31 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-31 14:43 <DIR> dr-h----- C:\Documents and Settings\Naruto_Kun\Recent
2006-12-31 11:33 <DIR> d-------- C:\WINDOWS\pss
2006-12-31 11:32 57,856 --a------ C:\WINDOWS\system32\ygm.dll
2006-12-31 11:32 2 --a------ C:\WINDOWS\system32\wcpsu.exe
2006-12-31 11:32 <DIR> d-------- C:\Program Files\Outerinfo
2006-12-31 10:26 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-31 10:26 <DIR> d-------- C:\WINDOWS\LogFiles
2006-12-30 23:09 <DIR> d-------- C:\Program Files\HijackThis
2006-12-30 21:50 <DIR> d-------- C:\Program Files\Enigma Software Group
2006-12-30 21:23 2,116 --a------ C:\58822311.exe
2006-12-29 11:54 57,344 --a------ C:\WINDOWS\system32\faswbu.dll
2006-12-28 21:34 <DIR> d-------- C:\Program Files\XoftSpySE
2006-12-27 08:58 <DIR> d-------- C:\Program Files\Common Files\Ódobe
2006-12-18 23:03 <DIR> d-------- C:\Program Files\CCleaner
2006-12-17 11:48 <DIR> d-------- C:\WINDOWS\kzfi
2006-12-17 11:48 <DIR> d-------- C:\Program Files\Common Files\kzfi
2006-12-17 00:27 69 --a-s---- C:\WINDOWS\test.bat
2006-12-14 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2006-12-11 21:32 30,208 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-01 00:34 -------- d-------- C:\Program Files\Common Files
2007-01-01 00:32 -------- d-------- C:\Program Files\Downloaded programs
2006-12-31 16:59 -------- d-------- C:\Program Files\Messenger
2006-12-31 16:51 -------- d-------- C:\Program Files\NetMeeting
2006-12-31 16:51 -------- d-------- C:\Program Files\Movie Maker
2006-12-31 16:51 -------- d-------- C:\Program Files\Internet Explorer
2006-12-31 16:50 -------- d-------- C:\Program Files\Windows Media Player
2006-12-31 16:50 -------- d-------- C:\Program Files\Outlook Express
2006-12-31 16:50 -------- d-------- C:\Program Files\Common Files\System
2006-12-27 08:58 -------- d-------- C:\Program Files\Common Files\Ódobe
2006-12-24 17:14 -------- d-------- C:\Program Files\Diablo II
2006-12-24 17:08 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-11-23 14:23 -------- d-------- C:\Documents and Settings\Naruto_Kun\Application Data\U3


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aulc"="\"C:\\PROGRA~1\\FNTS~1\\spool32.exe\" -vt yazb"
"Opow"="C:\\Documents and Settings\\Naruto_Kun\\Application Data\\F?nts\\w?aclt.exe"
"Tese"="\"C:\\WINDOWS\\System32\\DOBE~1\\lsass.exe\" -vt yazb"
"Sfw"="C:\\WINDOWS\\?ymbols\\w?auclt.exe"
"Eats"="\"C:\\PROGRA~1\\MBOLS~1\\smss.exe\" -vt yazb"
"Lsfb"="C:\\WINDOWS\\?racle\\??anregw.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"D-Link Air Utility"="C:\\Program Files\\D-Link\\Air Utility\\AirCFG.exe"
"ANIWZCSService"="C:\\Program Files\\Alpha Networks\\ANIWZCS Service\\WZCSLDR.exe"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"
"{900FD1A1-0321-1033-0922-000118000001}"="\"C:\\Program Files\\Common Files\\{900FD1A1-0321-1033-0922-000118000001}\\Update.exe\" te-110-12-0000213"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,58,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,58,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: 07-01-01 0:36:08.46
C:\ComboFix.txt ... 07-01-01 00:36

Edited by dragowrx1, 01 January 2007 - 03:41 AM.


#6 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:39 PM

Posted 01 January 2007 - 09:16 AM

Hi again, we'll continue :thumbsup:

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.
==================

Disable bad services
  • Start
  • Run
  • Type services.msc to the field and press enter.
  • A window opens, scroll down to COM+ Messages
  • Rightclick it and choose Stop
  • Then choose Properties
  • Set Startup to Disabled
  • Click Apply and OK.
Then, open HijackThis.
  • Open the Misc Tools section
  • Delete an NT service
  • Copy the following line to the box and press OK; COM+ Messages
  • Answer Yes
  • Close HIjackThis
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

R3 - URLSearchHook: (no name) - {D91EE4FF-7C64-2E90-13D4-72F2C62016B5} - C:\WINDOWS\System32\faswbu.dll
R3 - URLSearchHook: (no name) - {44821D28-D4E2-8214-C529-8DCD551983B5} - C:\WINDOWS\System32\ygm.dll
R3 - URLSearchHook: (no name) - {2610EF37-7BF7-7304-897D-78129835E1B1} - C:\WINDOWS\System32\ctazck.dll
O2 - BHO: (no name) - {2610EF37-7BF7-7304-897D-78129835E1B1} - C:\WINDOWS\System32\ctazck.dll
O2 - BHO: (no name) - {44821D28-D4E2-8214-C529-8DCD551983B5} - C:\WINDOWS\System32\ygm.dll
O2 - BHO: (no name) - {D91EE4FF-7C64-2E90-13D4-72F2C62016B5} - C:\WINDOWS\System32\faswbu.dll
O4 - HKLM\..\Run: [{900FD1A1-0321-1033-0922-000118000001}] "C:\Program Files\Common Files\{900FD1A1-0321-1033-0922-000118000001}\Update.exe" te-110-12-0000213
O4 - HKCU\..\Run: [Aulc] "C:\PROGRA~1\FNTS~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [Opow] C:\Documents and Settings\Naruto_Kun\Application Data\F?nts\w?aclt.exe
O4 - HKCU\..\Run: [Tese] "C:\WINDOWS\System32\DOBE~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [Sfw] C:\WINDOWS\?ymbols\w?auclt.exe
O4 - HKCU\..\Run: [Eats] "C:\PROGRA~1\MBOLS~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Lsfb] C:\WINDOWS\?racle\??anregw.exe

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following files (if present):
C:\WINDOWS\system32\ctazck.dll
C:\WINDOWS\System32\faswbu.dll
C:\WINDOWS\system32\ygm.dll
C:\WINDOWS\system32\wcpsu.exe
C:\WINDOWS\System32\svchosts.exe NOTE: do not delete svchost.exe which is legitimate !
C:\58822311.exe

Go to the My Computer and delete the following folders (if present):
C:\Program Files\Outerinfo
C:\Program Files\Common Files\Ódobe Please notice the odd "Ó" !
C:\WINDOWS\kzfi
C:\Program Files\Common Files\kzfi

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log

Edited by Mr_JAk3, 01 January 2007 - 09:17 AM.

UNITE & ASAP member since 2006
Posted Image
Posted Image

#7 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 01 January 2007 - 05:23 PM

Hey heh whats up ok well thanks again wow the pop up stopped and here is my hijacklog/AVG. There was a certain werid icon which is called click to fix (it had a caution yellow triangle) in the system32 folder i didnt delete that cause i was not sure Probably AVG took care of it heh this is soo awesome thanks alot!!!!


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:11:50 PM 1/1/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP172\A0013150.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP172\A0013072.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Avant Browser\Skins\02.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP172\A0013102.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP173\A0013204.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP173\A0013218.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP173\A0013251.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP173\A0013223.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP173\A0013210.exe -> Downloader.PurityScan.dy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP172\A0013156.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP172\A0013149.exe -> Dropper.DollarR.b : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> TrackingCookie.247realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp -> TrackingCookie.Bridgetrack : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.Bridgetrack : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp -> TrackingCookie.Clickbank : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Comclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> TrackingCookie.Coremetrics : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp -> TrackingCookie.Enhance : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp -> TrackingCookie.Linksynergy : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp -> TrackingCookie.Paycounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> TrackingCookie.Sexlist : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Sexlist : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP173\A0013205.dll -> Trojan.LuckyBar888.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP172\A0013074.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP172\A0013122.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP173\A0013203.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP173\A0013222.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP175\A0014346.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP192\A0018246.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B533927F-1655-438A-91EB-943916C7B048}\RP192\A0018281.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wcpsu.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
-----------------------------------------------------------------------------------------------------------------------------

Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 2:18:49 PM, on 1/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Avant Browser\avant.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120452158733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167593087889
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
-----------------------------------------------------------------------------------------------------------------------------

Edited by dragowrx1, 01 January 2007 - 05:26 PM.


#8 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:39 PM

Posted 02 January 2007 - 07:25 AM

Hi :flowers:

It is looking quite good...So there is a file called "click to fix" ?
If the file is still there, you could scan it in virustotal:

Go to virustotal.com
Click on the Browse button
Browse to the file "click to fix"
Click Open and then on Send
Wait for the scan to end.

Copy & Paste the scan results to here.

You seem to have this WeatherBug software installed. It has a suspicious reputation and I recommend that you remove it via Control Panel, Add/Remove programs. This is the folder to delete, C:\Program Files\AWS

You don't seem to a firewall running, you must install one firewall.
NOTE: If you're using Windows XP firewall, I recommend that you install a better firewall. Windows firewall doesn't really provide enough protection.
Disable Windows firewall after installing a new firewall.


These are good (free) firewalls:Let me know how the computer is running and the status of "click to fix" :thumbsup:
UNITE & ASAP member since 2006
Posted Image
Posted Image

#9 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 02 January 2007 - 04:20 PM

ohh hey again the weather bug is had a empty folder so i just deleted that And about the Firewall My router has one but if any case i'll just install zone alarm thanks alot!! The reason why i dont have a firewall on this one was because i am scared of using computer resource this is my slower computer that why i didnt install it. The computer is running great now thanks alot for ur help

Edited by dragowrx1, 02 January 2007 - 11:20 PM.


#10 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 02 January 2007 - 11:16 PM

Ok here is the info from virus total

STATUS: FINISHEDComplete scanning result of "ClickToFindandFixErrors_US.ico", received in VirusTotal at 01.03.2007, 05:13:37 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 01.02.2007 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.02.2007 no virus found
BitDefender 7.2 01.03.2007 no virus found
CAT-QuickHeal 8.00 01.01.2007 no virus found
ClamAV devel-20060426 01.03.2007 no virus found
DrWeb 4.33 01.03.2007 no virus found
eSafe 7.0.14.0 01.02.2007 no virus found
eTrust-InoculateIT 23.73.103 01.03.2007 no virus found
eTrust-Vet 30.3.3296 01.02.2007 no virus found
Ewido 4.0 01.02.2007 no virus found
Fortinet 2.82.0.0 01.03.2007 no virus found
F-Prot 3.16f 01.02.2007 no virus found
F-Prot4 4.2.1.29 01.02.2007 no virus found
Ikarus T3.1.0.27 01.02.2007 no virus found
Kaspersky 4.0.2.24 01.03.2007 no virus found
McAfee 4930 01.02.2007 no virus found
Microsoft 1.1904 01.03.2007 no virus found
NOD32v2 1953 01.02.2007 no virus found
Norman 5.80.02 12.31.2007 no virus found
Panda 9.0.0.4 01.02.2007 no virus found
Prevx1 V2 01.03.2007 no virus found
Sophos 4.13.0 01.02.2007 no virus found
Sunbelt 2.2.907.0 12.18.2006 Desktop Links
TheHacker 6.0.3.141 01.01.2007 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 01.01.2007 no virus found
VirusBuster 4.3.19:9 01.02.2007 no virus found


Aditional Information
File size: 2238 bytes
MD5: 91c87448ac61e5807e21068153f05a1d
SHA1: 8f60296d7a445fc9688b166d114407f6f13ee57c
Sunbelt info: Desktop Links consists of various links and shortcuts placed on the desktop by adware and spyware programs. It includes folders and links placed in Internet Explorer's favorites list.

#11 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:39 PM

Posted 03 January 2007 - 01:48 AM

Ok good :flowers:

Delete that ClickToFindandFixErrors_US.ico file.

Then your firewall in the router propably has no inbound protection at all. That means that any malware that wants to connect to the internet from your computer is allowed to do so. So I would recommend that you install a software firewall too. I'm using a router firewall and ZoneAlarm my self too :huh:

Then the first priority is to visit Windows Update and get your system updated
-> At first, install Win XP Service Pack 2 Update
-> Reboot and get back to the Windows Update
-> Install all remaining important updates
(NOTE: You'll propably have to reboot and get back to the update several times before all of them are installed)

Now you can clean AVG's Quarantine:
  • Open AVG Anti-Spyware
  • Click Infections
  • Click Quarantine tab
  • Click Select all
  • Click Remove finally
  • Close the program
You can remove the tools we used.

Then you should update your Java to the latest version (6.0)
  • Start
  • Control Panel
  • Add/Remove Programs
  • Delete the old Java, J2SE Runtime Environment 5.0
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement."
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Install it
Now you can make your hidden files hidden again.
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Check "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.
=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
  • Clear your system restore
    This will clear the system restore folders from possible malware that was left behind during the cleaning process.
  • Use ATF Cleaner
    Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
  • Use Ad-Aware
    Download and install Ad-Aware. Update it and scan your computer regularly with it.
  • Use AVG Anti-Spyware
    Update it and scan your computer regularly with it.
  • Use Spybot S&D
    Download and install Spybot S&D. Update it and scan your computer regularly with it.
  • Install SpywareBlaster
    SpywareBlaster will prevent spyware from being installed.
  • Install MVPS Hosts file
    This prevents your computer from connecting to harmful sites.
  • Use Firefox browser
    Firefox is faster, safer and better browser than Internet Explorer.
  • Keep your systen up-to-date
    Visit Windows Update regularly.
  • Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.
  • Read this article by TonyKlein
    So how did I get infected in the first place?
  • Stand Up and Be Counted !
    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe :thumbsup:
UNITE & ASAP member since 2006
Posted Image
Posted Image

#12 dragowrx1

dragowrx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 03 January 2007 - 11:45 AM

THANKS alot for your help :0 yup yup i have some of those adware/spy protector that u mentioned above heh thank you again was glad to have u help me

#13 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:06:39 PM

Posted 03 January 2007 - 12:29 PM

You're very welcome, nice that we were able to help :thumbsup:
UNITE & ASAP member since 2006
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users