Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantiviruspro 2007 Pop Ups And God Knows What


  • This topic is locked This topic is locked
13 replies to this topic

#1 uber n00b

uber n00b

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Pune
  • Local time:03:33 PM

Posted 23 April 2007 - 04:39 PM

Hi
My computer is infected with WinAntiVirusPro (i didn't install it, its just the pop ups).
But i also noticed my task manager shows an abnormally large usage of RAM (468mb as i write this and i have only 256 installed so you can imagine what this is doing to my system)
My system has also become very very slow and i am getting the BSOD as many as 4 times a day (also a few rundll.dll errors as i boot the system)


Heres my Hijack This Log (renames Hijack This to stopet.exe)

Logfile of HijackThis v1.99.1
Scan saved at 2:55:56 AM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9\start.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9\start.exe
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9\start.exe
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9\start.exe
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9\start.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\stopet.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0309638F-93F8-44D3-84CF-240EB1AB7F1F} - C:\WINDOWS\system32\urqpnkl.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tgxbvawg.dll
O2 - BHO: (no name) - {17450369-C585-4893-932D-40793B37A982} - C:\WINDOWS\system32\vtstr.dll (file missing)
O2 - BHO: (no name) - {262EE612-CAF8-484E-9341-2A85B09EAC4C} - C:\WINDOWS\system32\geede.dll
O2 - BHO: (no name) - {582D4943-2327-4383-86AF-01D6AA28B916} - C:\WINDOWS\system32\qvqijtcx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C2A924D1-067E-4324-A112-4AC35FB6BC0D} - C:\WINDOWS\system32\gebcb.dll (file missing)
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SoundService] "rundll32.exe" "C:\WINDOWS\system32\ifpmjhdv.dll",setvm
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\wibipatk.dll",setvm
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Resume Quickup] C:\PROGRA~1\Quick Heal\QuickUp.exe /resumei
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\RunOnce: [QHDelTmp76] C:\DOCUME~1\PINKFL~1\LOCALS~1\Temp\QHDelTmp -C:\DOCUME~1\PINKFL~1\LOCALS~1\Temp\QH0215.ins\
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176893375250
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://keycrypt.levelupgames.co.in/nProtec...crypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6A2D6B-8963-45C2-8A46-CE195510A0AE}: NameServer = 61.1.96.69,61.1.96.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: interceptor.dll,
O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)
O20 - Winlogon Notify: urqpnkl - C:\WINDOWS\SYSTEM32\urqpnkl.dll
O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll (file missing)
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Quick Heal Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\Quick Heal\scanwscs.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 23 April 2007 - 05:23 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum uber n00b :thumbsup:

First of all your Norton Antivirus is not working,if you have the installation cd i suggest you reinstall it.
If you don't have the cd i suggest you remove it from your pc by downloading and running the the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039
*Please Note:*
The Norton Removal Tool will remove all Norton/Symantec products from your pc.

Once you've sorted the above out you now need to install virus protection.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Active Virus Shield
There's a nice setup tutorial Here:
http://www.activevirusshield.com/antivirus/freeav/

***************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

***************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Restart your pc.
Post the contents of C:\vundofix.txt,the C:\ComboFix.txt,and a new Hijackthis log into your next reply.

Posted Image
Posted Image

#3 uber n00b

uber n00b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Pune
  • Local time:03:33 PM

Posted 24 April 2007 - 02:02 AM

thank you for your quick reply :flowers:

Well I had uninstalled Norton and i dont know why it was still there also i was using quickheal already.
anyways i uninstalled quick heal too and installed avg instead
And btw i couldnt complete a full system scan with quickheal or norton or avg as i always get the STOP Screen halfway through the scans :thumbsup:

here is the logs you wanted to see......


VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 10:44:05 AM 4/14/2007

Listing files found while scanning....

C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\cbuapawa.dll
C:\WINDOWS\system32\dawijvmy.dll
C:\WINDOWS\system32\fccbaxw.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\htfpdswv.dll
C:\WINDOWS\system32\hxmtttde.dll
C:\WINDOWS\system32\ifpmjhdv.dll
C:\WINDOWS\system32\kipldane.dll
C:\WINDOWS\system32\mbgyykfa.dll
C:\WINDOWS\system32\mpvdeejl.dll
C:\WINDOWS\system32\uajaadgo.dll
C:\WINDOWS\system32\vdhjmpfi.ini
C:\WINDOWS\system32\vturspq.dll
C:\WINDOWS\system32\xkfiluep.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\bcbeg.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbuapawa.dll
C:\WINDOWS\system32\cbuapawa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dawijvmy.dll
C:\WINDOWS\system32\dawijvmy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccbaxw.dll
C:\WINDOWS\system32\fccbaxw.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\htfpdswv.dll
C:\WINDOWS\system32\htfpdswv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hxmtttde.dll
C:\WINDOWS\system32\hxmtttde.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ifpmjhdv.dll
C:\WINDOWS\system32\ifpmjhdv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kipldane.dll
C:\WINDOWS\system32\kipldane.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mbgyykfa.dll
C:\WINDOWS\system32\mbgyykfa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mpvdeejl.dll
C:\WINDOWS\system32\mpvdeejl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uajaadgo.dll
C:\WINDOWS\system32\uajaadgo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vdhjmpfi.ini
C:\WINDOWS\system32\vdhjmpfi.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturspq.dll
C:\WINDOWS\system32\vturspq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xkfiluep.dll
C:\WINDOWS\system32\xkfiluep.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fccbaxw.dll
C:\WINDOWS\system32\fccbaxw.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 10:53:02 AM 4/14/2007

Listing files found while scanning....

C:\WINDOWS\system32\fccbaxw.dll

VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 10:51:01 AM 4/24/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\fwhxpveu.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\ktapibiw.ini
C:\WINDOWS\system32\lplckvsx.dll
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mpvdeejl.dll
C:\WINDOWS\system32\nbaoolrr.dll
C:\WINDOWS\system32\rnfohrvq.dll
C:\WINDOWS\system32\urqpnkl.dll
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\wibipatk.dll
C:\WINDOWS\system32\xyasscol.dll
C:\WINDOWS\system32\yhtcpkwf.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\awvvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddccd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fwhxpveu.dll
C:\WINDOWS\system32\fwhxpveu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gebya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\geede.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkhhg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ktapibiw.ini
C:\WINDOWS\system32\ktapibiw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lplckvsx.dll
C:\WINDOWS\system32\lplckvsx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nbaoolrr.dll
C:\WINDOWS\system32\nbaoolrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rnfohrvq.dll
C:\WINDOWS\system32\rnfohrvq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqpnkl.dll
C:\WINDOWS\system32\urqpnkl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\wibipatk.dll
C:\WINDOWS\system32\wibipatk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyasscol.dll
C:\WINDOWS\system32\xyasscol.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yhtcpkwf.dll
C:\WINDOWS\system32\yhtcpkwf.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\urqpnkl.dll
C:\WINDOWS\system32\urqpnkl.dll Has been deleted!

Performing Repairs to the registry.
Done!



ComboFix.txt

"Pink Floyd" - 07-04-24 12:13:34 Service Pack 2
ComboFix 07-04-24.2V - Running from: "C:\Documents and Settings\Pink Floyd\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\mxjrpyxs.dll
C:\WINDOWS\system32\ntvcxjnt.dll
C:\WINDOWS\system32\qvqijtcx.dll
C:\WINDOWS\system32\yjgnlnhm.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\b.exe
C:\WINDOWS\system32\max1d1641.exe
C:\Program Files\install.log


((((((((((((((((((((((((((((((( Files Created from 2007-03-24 to 2007-04-24 ))))))))))))))))))))))))))))))))))


2007-04-24 12:12 65,536 --a------ C:\WINDOWS\IFinst27.exe
2007-04-24 02:23 <DIR> d-------- C:\Program Files\Roguescanfix
2007-04-24 01:51 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-04-24 01:36 <DIR> d-------- C:\HJT
2007-04-23 18:19 494,925 ---hs---- C:\WINDOWS\system32\edeeg.bak1
2007-04-23 03:22 155,648 --a------ C:\WINDOWS\system32\libssl32.dll
2007-04-23 03:22 <DIR> d-------- C:\OpenSSL
2007-04-22 20:31 <DIR> d-------- C:\Program Files\Quick Heal
2007-04-22 17:44 959,387,001 --a------ C:\SAK_SETUP0711.exe
2007-04-21 17:06 372,736 --a------ C:\WINDOWS\apbarSp.Speedbit.exe
2007-04-21 17:06 <DIR> d-------- C:\WINDOWS\SAINST
2007-04-21 00:25 24,576 --------- C:\WINDOWS\UniFISH.exe
2007-04-20 19:29 <DIR> d-------- C:\Program Files\mIRC
2007-04-20 13:20 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-04-19 02:03 494,103 ---hs---- C:\WINDOWS\system32\rtstv.bak1
2007-04-18 19:05 <DIR> d---s---- C:\Program Files\Xfire
2007-04-18 19:05 <DIR> d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\Xfire
2007-04-18 16:16 501,280 ---hs---- C:\WINDOWS\system32\rtstv.ini2
2007-04-18 15:00 <DIR> d-------- C:\Program Files\Symantec
2007-04-18 13:43 <DIR> d-------- C:\Program Files\Webroot
2007-04-17 23:35 <DIR> d-------- C:\WINDOWS\NamelessRO Eclipse
2007-04-17 21:06 <DIR> d-------- C:\Program Files\VisualKore
2007-04-14 19:29 <DIR> d-------- C:\Program Files\Last.fm
2007-04-14 11:44 <DIR> d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\Tenebril
2007-04-14 11:36 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-04-14 11:36 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-04-14 11:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-04-14 10:44 <DIR> d-------- C:\VundoFix Backups
2007-04-10 09:16 <DIR> d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\Uniblue
2007-04-10 01:43 <DIR> d-------- C:\Program Files\YourWare Solutions
2007-04-10 01:39 <DIR> d-------- C:\Program Files\Uniblue
2007-04-10 01:33 197,175 --a------ C:\WINDOWS\system32\ssqpn.dll
2007-04-10 01:26 <DIR> d-------- C:\Program Files\SLUDGE
2007-04-09 18:26 381,011 --a------ C:\Program Files\Uninstall Fun Web Products.dll
2007-04-09 16:43 <DIR> d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\Thunderbird
2007-04-09 04:03 100,482 --a------ C:\WINDOWS\UninstallThunderbird.exe
2007-04-09 04:03 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-04-07 20:37 <DIR> d-------- C:\Program Files\Total Video Converter
2007-04-02 04:04 <DIR> d-------- C:\Program Files\GuitarFX 3
2007-03-30 13:26 <DIR> d-------- C:\Program Files\FLVPlayer
2007-03-30 05:49 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-03-30 05:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-03-26 20:38 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-03-26 20:38 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-03-26 20:38 <DIR> d-------- C:\Program Files\Cheat Engine
2007-03-25 07:05 <DIR> d-------- C:\Program Files\AutoIt3
2007-03-24 10:38 <DIR> d-------- C:\Program Files\RapidLeecher
2007-03-24 10:27 <DIR> d-------- C:\Program Files\Nero
2007-03-24 04:54 <DIR> d-------- C:\Program Files\Serials 2000 7.1 Plus
2007-03-24 04:53 <DIR> d-------- C:\Program Files\BGroom
2007-03-24 03:02 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-24 02:25 <DIR> d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\SecondLife
2007-03-24 02:10 <DIR> d-------- C:\Program Files\SecondLife
2007-03-24 01:43 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-24 12:11 -------- d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\utorrent
2007-04-24 11:59 -------- d--h----- C:\Program Files\windows_updates
2007-04-24 11:04 -------- d--h----- C:\Program Files\installshield installation information
2007-04-24 10:49 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-04-22 21:03 0 --a------ C:\AUTOEXEC.BAT
2007-04-22 01:29 -------- d-------- C:\Program Files\utorrent
2007-04-17 18:27 -------- d-------- C:\Program Files\winamp
2007-04-10 00:51 -------- d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\usenext
2007-04-09 18:25 -------- d-------- C:\Program Files\msn messenger
2007-04-09 04:03 6247 --a------ C:\WINDOWS\mozver.dat
2007-04-08 23:32 -------- d-------- C:\Program Files\dap
2007-04-07 23:49 -------- d-------- C:\Program Files\quicktime
2007-03-30 06:08 -------- d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\ahead
2007-03-25 22:00 -------- d-------- C:\Program Files\google
2007-03-23 21:26 -------- d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\sopcast
2007-03-23 21:25 -------- d-------- C:\Program Files\sopcast
2007-03-19 00:28 -------- d-------- C:\Program Files\dvd region+css free
2007-03-19 00:20 -------- d-------- C:\Program Files\interactual
2007-03-17 10:51 359040 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-03-16 19:26 -------- d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\apple computer
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll
2007-03-08 15:11 9694 --a------ C:\WINDOWS\irunin.dat
2007-03-08 12:49 -------- d-------- C:\Program Files\gamespy arcade
2007-03-07 02:01 -------- d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\yoclient
2007-03-06 22:00 376901 --a------ C:\Program Files\uninstall my web search.dll
2007-03-06 03:37 22040 ---h----- C:\DOCUME~1\PINKFL~1\APPLIC~1\addon.dat
2007-03-06 00:11 -------- d-------- C:\Program Files\kaspersky lab
2007-03-05 15:58 -------- d-------- C:\Program Files\Common Files\directx
2007-03-05 11:44 -------- d-------- C:\Program Files\peerguardian2
2007-03-03 18:48 -------- d-------- C:\Program Files\daemon tools
2007-03-01 22:21 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-28 10:37 -------- d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\talkback
2007-02-25 20:53 -------- d-------- C:\Program Files\yahoo!
2007-02-25 10:33 700416 --a------ C:\StubInstaller.exe
2007-02-25 05:24 528384 --a------ C:\WINDOWS\system32\acdsee.scr
2007-02-25 05:22 38912 --a------ C:\WINDOWS\system32\wdfmgr.exe
2007-02-25 05:21 47104 --a------ C:\WINDOWS\system32\uwdf.exe
2007-02-25 05:17 23040 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-25 05:14 7506432 --a------ C:\WINDOWS\system32\rtlcpl.exe
2007-02-25 05:11 28160 --a------ C:\WINDOWS\system32\regcodec.exe
2007-02-25 05:07 208896 --a------ C:\WINDOWS\system32\nvuninst.exe
2007-02-25 05:07 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-02-25 05:05 155648 --a------ C:\WINDOWS\system32\nerocheck.exe
2007-02-25 05:02 51712 --a------ C:\WINDOWS\system32\migpwd.exe
2007-02-25 04:59 73728 --a------ C:\WINDOWS\system32\gksui18.exe
2007-02-25 04:54 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-02-25 04:52 20480 --a------ C:\WINDOWS\system32\cliconfg.exe
2007-02-25 04:36 299520 --a------ C:\WINDOWS\uninst.exe
2007-02-25 04:35 73216 --------- C:\WINDOWS\st6unst.exe
2007-02-25 04:35 67584 --a------ C:\WINDOWS\soundman.exe
2007-02-25 04:34 60416 --a------ C:\WINDOWS\alcfdrtm.exe
2007-02-25 03:23 40960 --a------ C:\Program Files\uninstall_cds.exe
2007-02-25 02:21 73728 --a------ C:\WINDOWS\copyfstq.exe
2007-02-25 02:21 306688 --a------ C:\WINDOWS\isuninst.exe
2007-02-25 02:21 286720 --a------ C:\WINDOWS\iun506.exe
2007-02-25 02:21 208896 --------- C:\WINDOWS\alcupd.exe
2007-02-25 02:21 139264 --------- C:\WINDOWS\alcrmv.exe
2007-02-25 02:02 -------- d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\symantec
2007-02-25 01:34 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-02-25 00:52 -------- d-------- C:\Program Files\Common Files\installshield
2007-02-24 21:59 -------- d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\lavasoft
2007-02-24 21:57 -------- d-------- C:\Program Files\lavasoft
2007-02-24 12:58 -------- d-------- C:\DOCUME~1\PINKFL~1\APPLIC~1\skype
2007-02-24 00:28 8464 --a------ C:\WINDOWS\system32\sporder.dll
2007-02-08 00:24 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll
2007-01-30 18:57 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0A87E45F-537A-40B4-B812-E2544C21A09F} C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll [x]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\tgxbvawg.dll [x]
{17450369-C585-4893-932D-40793B37A982} C:\WINDOWS\system32\vtstr.dll [x]
{262EE612-CAF8-484E-9341-2A85B09EAC4C} C:\WINDOWS\system32\geede.dll [x]
{582D4943-2327-4383-86AF-01D6AA28B916} C:\WINDOWS\system32\qvqijtcx.dll [x]
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{C2A924D1-067E-4324-A112-4AC35FB6BC0D} C:\WINDOWS\system32\gebcb.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Resume copy"="copyfstq.exe /startup"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NeroFilterCheck"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\""
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 7\\SMSystemAnalyzer.exe\""
"µTorrent"="\"C:\\Program Files\\uTorrent\\utorrent.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"uTorrent"="\"C:\\Program Files\\uTorrent\\uTorrent.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=dword:00000001
"NoLogOff"=dword:00000000
"NoStartBanner"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///I:/AirXonix/title.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\stp68_2007
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="interceptor.dll, "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-24 12:15:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-24 12:15:30
C:\ComboFix-quarantined-files.txt ... 07-04-24 12:15


Hijackthis.log

Logfile of HijackThis v1.99.1
Scan saved at 12:23:01 PM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\stopet.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tgxbvawg.dll (file missing)
O2 - BHO: (no name) - {17450369-C585-4893-932D-40793B37A982} - C:\WINDOWS\system32\vtstr.dll (file missing)
O2 - BHO: (no name) - {262EE612-CAF8-484E-9341-2A85B09EAC4C} - C:\WINDOWS\system32\geede.dll (file missing)
O2 - BHO: (no name) - {582D4943-2327-4383-86AF-01D6AA28B916} - C:\WINDOWS\system32\qvqijtcx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C2A924D1-067E-4324-A112-4AC35FB6BC0D} - C:\WINDOWS\system32\gebcb.dll (file missing)
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176893375250
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://keycrypt.levelupgames.co.in/nProtec...crypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6A2D6B-8963-45C2-8A46-CE195510A0AE}: NameServer = 61.1.96.69,61.1.96.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: interceptor.dll,
O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)
O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll (file missing)
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 24 April 2007 - 04:34 AM

Download Killbox by Option^Explicit:
http://download.bleepingcomputer.com/spyware/KillBox.zip
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select: 'Delete on Reboot'.
Then Click on the 'All Files' button.
Please copy ALL the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\ssqpn.dll


Return to Killbox,go to the File menu,and choose 'Paste from Clipboard'.
Click the red-and-white Delete File button.
Click 'Yes' at the 'Delete on Reboot' prompt.
Click OK at any 'PendingFileRenameOperations' prompt.
If your computer does not restart automatically,please restart it manually.


After rebooting, open up Killbox again.
Click 'File'>'Logs'>'Actions History Log'.
Post this log in your next reply.

******************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tgxbvawg.dll (file missing)
O2 - BHO: (no name) - {17450369-C585-4893-932D-40793B37A982} - C:\WINDOWS\system32\vtstr.dll (file missing)
O2 - BHO: (no name) - {262EE612-CAF8-484E-9341-2A85B09EAC4C} - C:\WINDOWS\system32\geede.dll (file missing)
O2 - BHO: (no name) - {582D4943-2327-4383-86AF-01D6AA28B916} - C:\WINDOWS\system32\qvqijtcx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)
O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll (file missing)
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.

Posted Image
Posted Image

#5 uber n00b

uber n00b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Pune
  • Local time:03:33 PM

Posted 25 April 2007 - 03:34 AM

Once again thank you for your quick reply, i am also sorry i took my own time to reply since i was busy installing linux and toying with it.
I installed avg spyware scanner as you asked me to
My computer takes longer than usual to boot up now since it has a an antivirus and anti spyware to load too, so its performance is kinda sluggish.
here are the reports, is there still anything left?
also was my pc infected b anything other than winantivirus pro??

Pocket Killbox version 2.0.0.648
Running on Windows XP as Pink Floyd(Administrator)
was started @ Wednesday, April 25, 2007, 9:40 AM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\edeeg.bak1


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\rtstv.bak1


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\rtstv.ini2


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\ssqpn.dll


I Rebooted @ 10:25:02 AM
Killbox Closed(Exit) @ 10:25:03 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Pink Floyd(Administrator)
was started @ Wednesday, April 25, 2007, 10:28 AM

Killbox Closed(Exit) @ 10:28:42 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Pink Floyd(Administrator)
was started @ Wednesday, April 25, 2007, 10:31 AM

Killbox Closed(Exit) @ 10:33:16 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Pink Floyd(Administrator)
was started @ Wednesday, April 25, 2007, 1:41 PM

Killbox Closed(Exit) @ 1:45:15 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Pink Floyd(Administrator)
was started @ Wednesday, April 25, 2007, 1:57 PM




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:34:35 PM 4/25/2007

+ Scan result:



HKU\S-1-5-21-854245398-1637723038-725345543-1003\Software\iolo\System Mechanic 7\Startup Manager\Configuration\Disabled\Registry\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\VundoFix Backups\urqpnkl.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vmst32.exe -> Backdoor.Bifrose.yw : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\max1d1641.exe.vir -> Dialer.GBDialer.i : Cleaned with backup (quarantined).
C:\Documents and Settings\Pink Floyd\Desktop\didImake IT\WPE Pro.rar.zip/WPE Pro.rar/WPEXP\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : Ignored and added to exceptions
C:\Documents and Settings\Pink Floyd\Desktop\didImake IT\WPE Pro.rar.zip/WPE Pro.rar/WPEXP\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : Ignored and added to exceptions
C:\Documents and Settings\Pink Floyd\Desktop\didImake IT\WPEXP\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : Ignored and added to exceptions
C:\Documents and Settings\Pink Floyd\Desktop\didImake IT\WPEXP\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : Ignored and added to exceptions
:mozilla.262:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.643:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.716:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.157:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.158:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.456:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.457:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.458:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.459:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.460:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.461:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.464:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Pink Floyd\Cookies\pink floyd@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.286:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.287:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.361:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.362:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.363:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.100:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Pink Floyd\Cookies\pink floyd@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.555:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.556:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.887:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.125:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.130:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.131:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.133:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.136:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.141:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.142:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.143:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.736:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.153:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.154:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.365:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.470:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.471:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.472:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.473:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.474:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.475:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.476:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.477:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.478:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.479:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.96:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Pink Floyd\Cookies\pink floyd@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.897:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.898:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.132:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.134:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.135:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.435:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.797:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.870:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.894:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.903:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.428:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.429:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.430:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.431:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.503:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.504:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.505:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.506:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.909:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.910:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.708:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.558:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.559:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.86:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.87:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.88:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.89:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.97:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.98:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.99:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Pink Floyd\Cookies\pink floyd@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.53:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.54:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.723:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.724:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.616:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.617:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.820:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.75:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.492:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.493:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.494:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.495:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.496:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.380:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.381:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.382:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.206:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.207:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.208:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.209:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.210:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.211:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.212:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.213:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.214:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.215:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.701:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.480:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.481:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.482:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.483:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.288:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.289:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.290:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.291:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.292:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.293:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.410:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.411:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.412:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.413:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.33:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.245:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.246:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.247:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.248:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.177:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.178:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.179:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.180:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.181:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.183:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.184:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.185:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.186:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.187:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.188:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.189:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.190:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.191:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.192:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.193:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.194:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.195:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.196:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.197:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.198:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.199:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.200:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.201:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.241:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.242:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.243:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.560:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.779:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.230:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.231:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.306:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.405:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.427:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Pink Floyd\Cookies\pink floyd@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.32:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.24:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.582:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.583:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.584:C:\Documents and Settings\Pink Floyd\Application Data\Mozilla\Firefox\Profiles\cm5pfo1p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end





Logfile of HijackThis v1.99.1
Scan saved at 1:58:34 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\stopet.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tgxbvawg.dll (file missing)
O2 - BHO: (no name) - {17450369-C585-4893-932D-40793B37A982} - C:\WINDOWS\system32\vtstr.dll (file missing)
O2 - BHO: (no name) - {262EE612-CAF8-484E-9341-2A85B09EAC4C} - C:\WINDOWS\system32\geede.dll (file missing)
O2 - BHO: (no name) - {582D4943-2327-4383-86AF-01D6AA28B916} - C:\WINDOWS\system32\qvqijtcx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C2A924D1-067E-4324-A112-4AC35FB6BC0D} - C:\WINDOWS\system32\gebcb.dll (file missing)
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176893375250
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://keycrypt.levelupgames.co.in/nProtec...crypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6A2D6B-8963-45C2-8A46-CE195510A0AE}: NameServer = 61.1.96.69,61.1.96.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: interceptor.dll,
O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)
O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll (file missing)
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe


Thank you :D

#6 uber n00b

uber n00b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Pune
  • Local time:03:33 PM

Posted 25 April 2007 - 03:39 AM

oh i observed that hijackthis didnt remove those entries u asked me to so i ran hijack this again right now to remove them. here is the new log

Logfile of HijackThis v1.99.1
Scan saved at 2:04:54 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\HJT\stopet.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C2A924D1-067E-4324-A112-4AC35FB6BC0D} - C:\WINDOWS\system32\gebcb.dll (file missing)
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176893375250
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://keycrypt.levelupgames.co.in/nProtec...crypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6A2D6B-8963-45C2-8A46-CE195510A0AE}: NameServer = 61.1.96.69,61.1.96.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: interceptor.dll,
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 25 April 2007 - 04:07 AM

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {C2A924D1-067E-4324-A112-4AC35FB6BC0D} - C:\WINDOWS\system32\gebcb.dll (file missing)
Exit Hijackthis.

Still in Safe Mode,Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
* Also post a new Hijackthis log please.
* Let me know how your pc is running now.
Posted Image
Posted Image

#8 uber n00b

uber n00b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Pune
  • Local time:03:33 PM

Posted 26 April 2007 - 12:23 AM

Computer is still sluggish while starting up but it works well afterwards
Here are the reports


ssqpn.dll;C:\!KillBox;Trojan.Virtumod;Deleted.;
WPE PRO.exe;C:\Documents and Settings\Pink Floyd\Desktop\didImake IT\WPEXP;Program.Wpe;Incurable.Moved.;
WpeSpy.dll;C:\Documents and Settings\Pink Floyd\Desktop\didImake IT\WPEXP;Trojan.WpePro;Deleted.;
Uninstall Fun Web Products.dll;C:\Program Files;Adware.MWS;Incurable.Moved.;
Uninstall My Web Search.dll;C:\Program Files;Adware.MWS;Incurable.Moved.;
Process.exe;C:\Program Files\Roguescanfix;Tool.Prockill;Incurable.Moved.;
mxjrpyxs.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
ntvcxjnt.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
qvqijtcx.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
yjgnlnhm.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
awtsq.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
awvvw.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
cbuapawa.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
dawijvmy.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ddccd.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
fccbaxw.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
fwhxpveu.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
gebcb.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
gebya.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
geedb.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
geede.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
htfpdswv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
hxmtttde.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ifpmjhdv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
jkhhg.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
jkkll.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
lplckvsx.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
mbgyykfa.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
mllmm.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
mpvdeejl.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
rnfohrvq.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
uajaadgo.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
vturspq.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
wibipatk.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
xyasscol.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;




Logfile of HijackThis v1.99.1
Scan saved at 10:49:15 AM, on 4/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\RagnarokStuff\Gravity\RO\qRO.exe
C:\HJT\stopet.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176893375250
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://keycrypt.levelupgames.co.in/nProtec...crypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6A2D6B-8963-45C2-8A46-CE195510A0AE}: NameServer = 61.1.96.69,61.1.96.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: interceptor.dll,
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 26 April 2007 - 05:07 AM

Download Winpfind V2.0.2 and extract the contents to your desktop:
http://download.bleepingcomputer.com/oldtimer/winpfind.exe
Open the WinPFind folder and double click on Winpfind.exe
Leave the configuation settings as they are and click on 'Run Scan'.
The scan will take some time to complete so please be patient.
Once complete close the program.
Open the WinPFind folder,then copy and paste the entire content of winpfind.txt into your next reply.
*NOTE*
It may take more than one reply to post the whole winpfind.txt.
Posted Image
Posted Image

#10 uber n00b

uber n00b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Pune
  • Local time:03:33 PM

Posted 26 April 2007 - 10:23 AM

Here u go (IT FIT!!) :thumbsup:
WinPFind logfile created on: 4/26/2007 7:56:56 PM
WinPFind by OldTimer - v2.0.3 Folder = C:\Documents and Settings\Pink Floyd\Desktop\win\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

255.30 Mb Total Physical Memory | 13.99 Mb Available Physical Memory | 5.48% Memory free
997.98 Mb Paging File | 604.61 Mb Available in Paging File | 60.58% Paging File free
Paging file location(s): I:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 3.23 Gb Free Space | 33.05% Space Free
Drive D: | 14.65 Gb Total Space | 0.44 Gb Free Space | 3.02% Space Free
Drive E: | 30.27 Gb Total Space | 2.12 Gb Free Space | 6.99% Space Free
Drive F: | 8.67 Gb Total Space | 0.81 Gb Free Space | 9.39% Space Free

Computer Name: VIVEK-FBEE557A5
Current User Name: Pink Floyd
Logged in as Administrator.
Current Boot Mode: Normal

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9\start.exe ()
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9\start.exe ()
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9\start.exe ()
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9\start.exe ()
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9\start.exe ()
C:\Documents and Settings\Pink Floyd\Desktop\win\WinPFind\WinPFind.exe (OldTimer Tools)
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)
C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
C:\Program Files\uTorrent\utorrent.exe ()
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(ioloDMV) iolo DMV Service [Win32_Own | Auto | Stopped]
= C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (File not found)

(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

(npkcsvc) npkcsvc [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\npkcsvc.exe (INCA Internet Co., Ltd.)

(VideoAcceleratorEngine) VideoAcceleratorEngine [Win32_Own | Auto | Stopped]
= C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe (Speedbit Ltd.)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_CC = C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
DAEMON Tools = C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
NeroFilterCheck = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
NvMediaCenter = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
Resume copy = C:\WINDOWS\copyfstq.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
µTorrent = C:\Program Files\uTorrent\utorrent.exe ()
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
FreeRAM XP = C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
SMSystemAnalyzer = C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe (File not found)
uTorrent = C:\Program Files\uTorrent\utorrent.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\Pink Floyd\Start Menu\Programs\Startup >
C:\Documents and Settings\Pink Floyd\Start Menu\Programs\Startup\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
interceptor.dll (File not found)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = AVG Anti-Spyware 7.5 ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) )
{93994DE8-8239-4655-B1D1-5F4E91300429} = ( HKLM = C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.) )


>>>>> Winlogon Keys <<<<<


>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 23 bytes | Modified Date: 4/18/2007 3:53:56 PM)
127.0.0.1 localhost

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName =
Source = file:///I:/AirXonix/title.jpg
SubscribedURL = file:///I:/AirXonix/title.jpg

FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Local Page = C:\WINDOWS\SYSTEM32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = about:blank

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\SYSTEM32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = about:blank

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

>>>>> HKLM Internet Explorer Bars <<<<<

>>>>> HKCU Internet Explorer Bars <<<<<

>>>>> HKLM Internet Explorer ToolBars <<<<<

>>>>> HKCU Internet Explorer ToolBars <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{147D6308-0614-4112-89B1-31402F9B82C4} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar ( HKLM = Reg Data - Key not found (File not found) )

>>>>> HKCU Internet Explorer CmdMapping <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} = 8192 - Yahoo! IE Services Button ( HKLM = C:\Program Files\Yahoo!\Common\yiesrvc.dll (File not found) )
{77BF5300-1474-4EC7-9980-D32B190E9B07} = 8193 - Skype add-on (button) ( HKLM = C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (File not found) )
NextId = 8195

>>>>> HKLM Internet Explorer Extensions <<<<<

>>>>> HKCU Internet Explorer Menu Extensions <<<<<

>>>>> HKLM Internet Explorer Plugins Extensions <<<<<

>>>>> HKLM Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{0006F045-0000-0000-C000-000000000046} = Outlook File Icon Extension ( HKLM = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL (File not found) )
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler ( HKLM = C:\Program Files\Microsoft Office\Office10\msohev.dll (File not found) )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( HKLM = deskpan.dll (File not found) )
{5464D816-CF16-4784-B9F3-75C0DB52B499} = YMailShellExt Class ( HKLM = C:\Program Files\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = Webroot Spy Sweeper Context Menu Integration ( HKLM = C:\PROGRA~1\Webroot\Spy Sweeper\SSCtxMnu.dll (File not found) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} = Avi Properties Handler ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{A4D78B20-6E05-1069-8758-4E73FD83DEAD} = QCopy ( HKLM = C:\WINDOWS\dropcpyr.dll () )
{A70C977A-BF00-412C-90B7-034C51DA2439} = DesktopContext Class ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )
{E0D79304-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79305-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79306-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79307-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E46D104B-FE72-4396-A6F4-E984F3FCC057} = SpareBackup Class ( HKLM = C:\Program Files\Spare Backup\SpareShellExtension.dll (Spare Backup, Inc.) )
{EBDF1F20-C829-1010-8233-0020AFCE97A9} = iolo File Terminator ( HKLM = C:\Program Files\iolo\System Mechanic 5 Professional\Search and Recover\FileTerminator.dll (iolo technologies, LLC) )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )
InCDShellExt extension = {CAE3251E-9B15-4810-B268-852AD9792A59} ( CLSID not found! )
InCDUdfPerm extension = {B3D9AEDE-B2C3-406d-A254-6BE07767B08B} ( CLSID not found! )

>>>>> HKCU Approved Shell Extensions <<<<<

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\FileTerminator]
@ = {EBDF1F20-C829-1010-8233-0020AFCE97A9} ( HKLM = C:\Program Files\iolo\System Mechanic 5 Professional\Search and Recover\FileTerminator.dll (iolo technologies, LLC) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Spare Backup]
@ = {E46D104B-FE72-4396-A6F4-E984F3FCC057} ( HKLM = C:\Program Files\Spare Backup\SpareShellExtension.dll (Spare Backup, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Yahoo! Mail]
@ = {5464D816-CF16-4784-B9F3-75C0DB52B499} ( HKLM = C:\Program Files\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SpySweeper]
@ = {7C9D5882-CB4A-4090-96C8-430BFE8B795B} ( HKLM = C:\PROGRA~1\Webroot\Spy Sweeper\SSCtxMnu.dll (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\ACDBrowse\command]
@ = "C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe (ACD Systems Ltd.))

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\Winamp.Bookmark\command]
@ = "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (C:\Program Files\Winamp\winamp.exe (Nullsoft))

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\Winamp.Enqueue\command]
@ = "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (C:\Program Files\Winamp\winamp.exe (Nullsoft))

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\Winamp.Play\command]
@ = "C:\Program Files\Winamp\winamp.exe" "%1" (C:\Program Files\Winamp\winamp.exe (Nullsoft))

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\FileTerminator]
@ = {EBDF1F20-C829-1010-8233-0020AFCE97A9} ( HKLM = C:\Program Files\iolo\System Mechanic 5 Professional\Search and Recover\FileTerminator.dll (iolo technologies, LLC) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\00nView]
@ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\system32\nvshell.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]
@ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Spare Backup]
@ = {E46D104B-FE72-4396-A6F4-E984F3FCC057} ( HKLM = C:\Program Files\Spare Backup\SpareShellExtension.dll (Spare Backup, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper]
@ = {7C9D5882-CB4A-4090-96C8-430BFE8B795B} ( HKLM = C:\PROGRA~1\Webroot\Spy Sweeper\SSCtxMnu.dll (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 181

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 0
NoRecentDocsMenu = 1
NoLogOff = 0
NoStartBanner = ( 1 0 0 0 ) - 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
DisableRegistryTools = 0

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]*

>>>>> Security Providers <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders]
xlibgfl254.dll (File not found)

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = iolobtdfg C:\WINDOWS\system32;
ExcludeFromKnownDlls =


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
ComSpec = %SystemRoot%\system32\cmd.exe ( C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) )
TEMP = %SystemRoot%\TEMP
TMP = %SystemRoot%\TEMP
windir = %SystemRoot%

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path]
C:\Perl\bin\
%SystemRoot%\system32
%SystemRoot%
%SystemRoot%\System32\Wbem
C:\Program Files\Common Files\GTK\2.0\bin
C:\Program Files\QuickTime\QTSystem\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT]
.COM
.EXE
.BAT
.CMD
.VBS
.VBE
.JS
.JSE
.WSF
.WSH

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

>>>>> User Agent Post Platform <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> NOTEPAD.EXE %1 (Microsoft Corporation)

htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (File not found)
htmlfile [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)

https [open] -> C:\PROGRA~1\MOZILLA FIREFOX\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL "%l" (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> NOTEPAD.EXE %1 (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> NOTEPAD.EXE %1 (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /s (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> NOTEPAD.EXE %1 (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> NOTEPAD.EXE %1 (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> NOTEPAD.EXE %1 (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> NOTEPAD.EXE %1 (Microsoft Corporation)

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [ACDBrowse] -> "C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.)
Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -> "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -> "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -> "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" (File not found)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{300E1A90-B51D-174A-0208-010407000508}]
StubPath = C:\WINDOWS\system32\vmst32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41F4B657-538B-E6F2-C0E2-5843D8EAF9D6}]
StubPath = C:\Program Files\windows_updates\svchost.exe s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = %SystemRoot%\system32\ie4uinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB6A2D6B-8963-45C2-8A46-CE195510A0AE}]
DefaultGateway = 192.168.1.3;
Domain =
EnableDHCP = 0
IPAddress = 192.168.1.121;
NameServer = 61.1.96.69,61.1.96.71
SubnetMask = 255.255.255.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC7E0E32-9D85-42EA-99DA-C7FD528CC055}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Default Protocols [HKLM] <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@ivt - 1 = Local intranet
file - 3 = Internet
ftp - 3 = Internet
http - 3 = Internet
https - 3 = Internet
shell - 0 = My Computer

>>>>> Protocol Handlers <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com]
CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - ( HKLM = C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) )

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\DownloadInformation]
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll
INF = C:\Program Files\Yahoo!\Common\yinst.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\DownloadInformation]
CODEBASE = http://update.microsoft.com/microsoftupdat...b?1176893375250
INF = C:\WINDOWS\Downloaded Program Files\muweb.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09}\DownloadInformation]
CODEBASE = https://keycrypt.levelupgames.co.in/nProtec...crypt/npkcx.cab
INF = C:\WINDOWS\Downloaded Program Files\npkcx.inf

»»»»»»»»»»»»»»»»»»»» Files / Folders Created Within 30 Days »»»»»»»»»»»»»

C:\!KillBox [Folder | Created Date = 4/25/2007 9:40:56 AM | Attr = ]
C:\$VAULT$.AVG [Folder | Created Date = 4/24/2007 11:59:40 AM | Attr = RH ]
C:\fixwareout [Folder | Created Date = 4/10/2007 9:44:08 AM | Attr = ]
C:\hiberfil.sys [Ver = | Size = 267767808 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = HS]
C:\HJT [Folder | Created Date = 4/24/2007 1:36:17 AM | Attr = ]
C:\OpenSSL [Folder | Created Date = 4/23/2007 3:22:12 AM | Attr = ]
C:\QooBox [Folder | Created Date = 4/24/2007 12:14:59 PM | Attr = ]
C:\VundoFix Backups [Folder | Created Date = 4/14/2007 10:44:04 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\avg7 [Folder | Created Date = 4/24/2007 11:06:05 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Created Date = 4/24/2007 11:06:05 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Nero [Folder | Created Date = 3/30/2007 5:49:49 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Tenebril [Folder | Created Date = 4/14/2007 11:36:47 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\AVG7 [Folder | Created Date = 4/24/2007 11:06:31 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\Tenebril [Folder | Created Date = 4/14/2007 11:44:19 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\Thunderbird [Folder | Created Date = 4/9/2007 4:43:57 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\Uniblue [Folder | Created Date = 4/10/2007 9:16:36 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\Xfire [Folder | Created Date = 4/18/2007 7:05:32 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Local Settings\Application Data\BitTorrent [Folder | Created Date = 4/10/2007 9:29:49 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Local Settings\Application Data\Last.fm [Folder | Created Date = 4/14/2007 7:29:45 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\My Documents\Nero Home [Folder | Created Date = 3/30/2007 6:02:35 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\Copy of OpenKore-1.9 [Folder | Created Date = 4/26/2007 7:35:56 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\drweb-cureit.exe [Ver = | Size = 6263008 bytes | Created Date = 4/25/2007 2:43:43 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\KillBox.exe Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0648 | Size = 73728 bytes | Created Date = 4/25/2007 9:40:51 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.6 [Folder | Created Date = 4/17/2007 5:05:31 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9 [Folder | Created Date = 4/20/2007 12:13:17 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\Silkr0ad bot [Folder | Created Date = 4/20/2007 11:46:26 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\Small Games [Folder | Created Date = 4/21/2007 12:17:59 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\StarshipTycoon.lnk [Ver = | Size = 613 bytes | Created Date = 4/26/2007 12:20:35 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\VKore [Folder | Created Date = 4/20/2007 3:29:38 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\win [Folder | Created Date = 4/26/2007 7:54:47 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\WinAnti [Folder | Created Date = 4/23/2007 3:21:21 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\winpfind.exe [Ver = | Size = 267222 bytes | Created Date = 4/26/2007 7:54:16 PM | Attr = ]
C:\WINDOWS\apbarSp.Speedbit.exe [Ver = | Size = 372736 bytes | Created Date = 4/21/2007 5:06:05 PM | Attr = ]
C:\WINDOWS\catchme.exe [Ver = | Size = 86528 bytes | Created Date = 4/24/2007 12:15:30 PM | Attr = ]
C:\WINDOWS\IFinst27.exe [Ver = | Size = 65536 bytes | Created Date = 4/24/2007 12:12:44 PM | Attr = ]
C:\WINDOWS\NamelessRO Eclipse [Folder | Created Date = 4/17/2007 11:35:46 PM | Attr = ]
C:\WINDOWS\nircmd.exe NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 4/24/2007 12:15:30 PM | Attr = ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 4/25/2007 1:52:46 PM | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 4/25/2007 1:52:46 PM | Attr = H ]
C:\WINDOWS\SAINST [Folder | Created Date = 4/21/2007 5:06:24 PM | Attr = ]
C:\WINDOWS\SpeedBit Video Accelerator.url [Ver = | Size = 103 bytes | Created Date = 4/21/2007 5:06:05 PM | Attr = ]
C:\WINDOWS\temp [Folder | Created Date = 4/24/2007 12:15:37 PM | Attr = ]
C:\WINDOWS\UniFISH.exe [Ver = | Size = 24576 bytes | Created Date = 4/21/2007 12:25:31 AM | Attr = ]
C:\WINDOWS\UninstallThunderbird.exe [Ver = | Size = 100482 bytes | Created Date = 4/9/2007 4:03:55 AM | Attr = ]
C:\WINDOWS\System32\archlib.dll Tenebril Incorporated [Ver = 0, 0, 2, 2 | Size = 180224 bytes | Created Date = 4/14/2007 11:36:42 AM | Attr = S]
C:\WINDOWS\System32\d3d9caps.dat [Ver = | Size = 664 bytes | Created Date = 4/20/2007 1:20:49 PM | Attr = ]
C:\WINDOWS\System32\edeeg.ini [Ver = | Size = 539612 bytes | Created Date = 4/22/2007 2:34:24 AM | Attr = HS]
C:\WINDOWS\System32\INT13EXT.VXD [Ver = | Size = 6200 bytes | Created Date = 4/25/2007 4:44:50 PM | Attr = ]
C:\WINDOWS\System32\libssl32.dll [Ver = | Size = 155648 bytes | Created Date = 4/23/2007 3:22:36 AM | Attr = ]
C:\WINDOWS\System32\mcrh.tmp [Ver = | Size = 143 bytes | Created Date = 4/12/2007 11:20:39 AM | Attr = ]
C:\WINDOWS\System32\moveex.exe [Ver = | Size = 38400 bytes | Created Date = 4/24/2007 12:15:30 PM | Attr = ]
C:\WINDOWS\System32\rtstv.tmp [Ver = | Size = 502269 bytes | Created Date = 4/18/2007 3:53:18 PM | Attr = HS]
C:\WINDOWS\System32\swreg.exe SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 4/24/2007 12:15:30 PM | Attr = ]
C:\WINDOWS\System32\swsc.exe SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 4/24/2007 12:15:30 PM | Attr = ]
C:\WINDOWS\System32\swxcacls.exe SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 4/24/2007 12:15:30 PM | Attr = ]
C:\WINDOWS\System32\tenarchlib [Folder | Created Date = 4/14/2007 11:36:42 AM | Attr = ]
C:\WINDOWS\System32\vfind.exe [Ver = | Size = 49152 bytes | Created Date = 4/24/2007 12:15:30 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.461 | Size = 778432 bytes | Created Date = 4/24/2007 11:06:10 AM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 4/24/2007 11:06:11 AM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 4/24/2007 11:06:12 AM | Attr = ]
C:\WINDOWS\System32\drivers\AvgAsCln.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/25/2007 9:46:56 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/24/2007 11:06:19 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 4/24/2007 11:06:17 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 4/24/2007 11:06:17 AM | Attr = ]
C:\WINDOWS\System32\drivers\etc\hosts.001 [Ver = | Size = 734 bytes | Created Date = 4/2/2007 4:04:00 AM | Attr = ]

»»»»»»»»»»»»»»»»»»»» Files / Folders Modified Within 30 Days »»»»»»»»»»»»»

C:\!KillBox [Folder | Modified Date = 4/25/2007 5:10:10 PM | Attr = ]
C:\$VAULT$.AVG [Folder | Modified Date = 4/24/2007 11:59:50 AM | Attr = RH ]
C:\AUTOEXEC.BAT [Ver = | Size = 0 bytes | Modified Date = 4/22/2007 9:03:22 PM | Attr = ]
C:\Config.Msi [Folder | Modified Date = 4/24/2007 11:04:08 AM | Attr = HS]
C:\Documents and Settings [Folder | Modified Date = 4/18/2007 3:53:56 PM | Attr = ]
C:\fixwareout [Folder | Modified Date = 4/10/2007 9:48:52 AM | Attr = ]
C:\hiberfil.sys [Ver = | Size = 267767808 bytes | Modified Date = 4/26/2007 8:58:38 AM | Attr = HS]
C:\HJT [Folder | Modified Date = 4/26/2007 10:49:02 AM | Attr = ]
C:\OpenSSL [Folder | Modified Date = 4/23/2007 3:22:22 AM | Attr = ]
C:\Perl [Folder | Modified Date = 4/18/2007 8:29:52 PM | Attr = ]
C:\Program Files [Folder | Modified Date = 4/25/2007 4:51:40 PM | Attr = ]
C:\QooBox [Folder | Modified Date = 4/24/2007 12:15:00 PM | Attr = ]
C:\Ragdownloads [Folder | Modified Date = 4/9/2007 6:42:22 PM | Attr = ]
C:\VundoFix Backups [Folder | Modified Date = 4/25/2007 5:28:26 PM | Attr = ]
C:\WINDOWS [Folder | Modified Date = 4/25/2007 5:04:26 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\avg7 [Folder | Modified Date = 4/24/2007 11:17:00 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Modified Date = 4/24/2007 11:06:06 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Nero [Folder | Modified Date = 3/30/2007 5:49:50 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Symantec [Folder | Modified Date = 4/24/2007 10:49:16 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\TEMP [Folder | Modified Date = 4/25/2007 4:40:22 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 (122 bytes)
@Alternate Data Stream - C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 (125 bytes)
@Alternate Data Stream - C:\Documents and Settings\All Users\Application Data\TEMP:8FB6501C (102 bytes)
C:\Documents and Settings\All Users\Application Data\Tenebril [Folder | Modified Date = 4/18/2007 1:47:18 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\Ahead [Folder | Modified Date = 3/30/2007 6:08:18 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\AVG7 [Folder | Modified Date = 4/25/2007 10:17:20 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\Microsoft [Folder | Modified Date = 4/24/2007 11:05:40 AM | Attr = S]
C:\Documents and Settings\Pink Floyd\Application Data\Mozilla [Folder | Modified Date = 4/9/2007 4:44:24 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\SecondLife [Folder | Modified Date = 4/15/2007 10:49:32 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\Tenebril [Folder | Modified Date = 4/14/2007 11:44:20 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\Thunderbird [Folder | Modified Date = 4/9/2007 4:44:20 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\Uniblue [Folder | Modified Date = 4/10/2007 9:16:38 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\UseNeXT [Folder | Modified Date = 4/10/2007 12:51:44 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\uTorrent [Folder | Modified Date = 4/26/2007 7:57:18 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Application Data\Xfire [Folder | Modified Date = 4/18/2007 7:13:04 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Local Settings\Application Data\ApplicationHistory [Folder | Modified Date = 4/11/2007 6:51:46 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Local Settings\Application Data\BitTorrent [Folder | Modified Date = 4/10/2007 9:29:50 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 20992 bytes | Modified Date = 4/24/2007 1:25:52 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 29168 bytes | Modified Date = 4/8/2007 5:34:42 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Local Settings\Application Data\IconCache.db [Ver = | Size = 4240656 bytes | Modified Date = 4/25/2007 7:17:14 PM | Attr = H ]
C:\Documents and Settings\Pink Floyd\Local Settings\Application Data\Last.fm [Folder | Modified Date = 4/14/2007 7:29:46 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\My Documents\My Music [Folder | Modified Date = 3/29/2007 6:33:46 PM | Attr = R ]
C:\Documents and Settings\Pink Floyd\My Documents\Nero Home [Folder | Modified Date = 3/30/2007 6:02:36 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\My Documents\UseNeXT [Folder | Modified Date = 4/9/2007 10:33:20 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\Copy of OpenKore-1.9 [Folder | Modified Date = 4/26/2007 7:36:36 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\didImake IT [Folder | Modified Date = 4/22/2007 9:03:20 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\drweb-cureit.exe [Ver = | Size = 6263008 bytes | Modified Date = 4/25/2007 2:51:16 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\etc [Folder | Modified Date = 4/25/2007 3:53:06 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\internet stuff [Folder | Modified Date = 4/25/2007 3:27:38 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.6 [Folder | Modified Date = 4/20/2007 3:29:26 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\OpenKore-1.9 [Folder | Modified Date = 4/17/2007 2:40:20 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\Silkr0ad bot [Folder | Modified Date = 4/20/2007 11:46:48 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\Small Games [Folder | Modified Date = 4/24/2007 1:51:06 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\StarshipTycoon.lnk [Ver = | Size = 613 bytes | Modified Date = 4/26/2007 12:20:36 AM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\Useful [Folder | Modified Date = 4/16/2007 11:55:48 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\VKore [Folder | Modified Date = 4/20/2007 12:19:20 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\win [Folder | Modified Date = 4/26/2007 7:54:50 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\WinAnti [Folder | Modified Date = 4/24/2007 3:25:56 PM | Attr = ]
C:\Documents and Settings\Pink Floyd\Desktop\winpfind.exe [Ver = | Size = 267222 bytes | Modified Date = 4/26/2007 7:54:20 PM | Attr = ]
C:\Program Files\Common Files\Ahead [Folder | Modified Date = 3/30/2007 5:50:44 AM | Attr = ]
C:\Program Files\Common Files\Symantec Shared [Folder | Modified Date = 4/24/2007 10:49:12 AM | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 4/26/2007 8:58:42 AM | Attr = S]
C:\WINDOWS\catchme.exe [Ver = | Size = 86528 bytes | Modified Date = 4/21/2007 3:52:22 AM | Attr = ]
C:\WINDOWS\CSC [Folder | Modified Date = 4/25/2007 11:12:30 PM | Attr = HS]
C:\WINDOWS\Downloaded Program Files [Folder | Modified Date = 4/18/2007 4:20:02 PM | Attr = S]
C:\WINDOWS\DVDRegionFree.INI [Ver = | Size = 67 bytes | Modified Date = 4/2/2007 12:40:42 AM | Attr = ]
C:\WINDOWS\Fonts [Folder | Modified Date = 4/7/2007 8:37:44 PM | Attr = R S]
C:\WINDOWS\Help [Folder | Modified Date = 4/15/2007 9:06:16 AM | Attr = ]
C:\WINDOWS\IFinst27.exe [Ver = | Size = 65536 bytes | Modified Date = 4/25/2007 11:17:00 PM | Attr = ]
C:\WINDOWS\inf [Folder | Modified Date = 4/22/2007 2:41:56 AM | Attr = H ]
C:\WINDOWS\Installer [Folder | Modified Date = 4/24/2007 11:04:10 AM | Attr = HS]
C:\WINDOWS\Minidump [Folder | Modified Date = 4/25/2007 5:04:26 PM | Attr = ]
C:\WINDOWS\mozver.dat [Ver = | Size = 6247 bytes | Modified Date = 4/9/2007 4:03:52 AM | Attr = ]
C:\WINDOWS\NamelessRO Eclipse [Folder | Modified Date = 4/17/2007 11:35:48 PM | Attr = ]
C:\WINDOWS\NeroDigital.ini [Ver = | Size = 116 bytes | Modified Date = 4/24/2007 2:41:14 PM | Attr = ]
C:\WINDOWS\nview [Folder | Modified Date = 4/15/2007 9:09:28 AM | Attr = ]
C:\WINDOWS\Prefetch [Folder | Modified Date = 4/26/2007 1:49:24 AM | Attr = ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 4/25/2007 1:52:48 PM | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 4/25/2007 1:52:48 PM | Attr = H ]
C:\WINDOWS\SAINST [Folder | Modified Date = 4/21/2007 5:06:26 PM | Attr = ]
C:\WINDOWS\SoftwareDistribution [Folder | Modified Date = 4/18/2007 4:20:02 PM | Attr = ]
C:\WINDOWS\system [Folder | Modified Date = 4/24/2007 11:05:38 AM | Attr = ]
C:\WINDOWS\system32 [Folder | Modified Date = 4/26/2007 2:46:54 AM | Attr = ]
C:\WINDOWS\Tasks [Folder | Modified Date = 4/18/2007 8:32:30 PM | Attr = S]
C:\WINDOWS\temp [Folder | Modified Date = 4/26/2007 8:59:16 AM | Attr = ]
C:\WINDOWS\UninstallThunderbird.exe [Ver = | Size = 100482 bytes | Modified Date = 4/9/2007 4:03:56 AM | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 778 bytes | Modified Date = 4/18/2007 1:44:02 PM | Attr = ]
C:\WINDOWS\WPE PRO.INI [Ver = | Size = 324 bytes | Modified Date = 4/19/2007 10:22:44 PM | Attr = ]
C:\WINDOWS\System32\CatRoot2 [Folder | Modified Date = 4/26/2007 1:36:08 PM | Attr = ]
C:\WINDOWS\System32\config [Folder | Modified Date = 4/10/2007 9:26:20 AM | Attr = ]
C:\WINDOWS\System32\d3d9caps.dat [Ver = | Size = 664 bytes | Modified Date = 4/20/2007 1:20:50 PM | Attr = ]
C:\WINDOWS\System32\dllcache [Folder | Modified Date = 4/22/2007 2:41:42 AM | Attr = RHS]
C:\WINDOWS\System32\drivers [Folder | Modified Date = 4/25/2007 9:46:58 AM | Attr = ]
C:\WINDOWS\System32\edeeg.ini [Ver = | Size = 539612 bytes | Modified Date = 4/24/2007 10:55:40 AM | Attr = HS]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 149992 bytes | Modified Date = 4/8/2007 7:33:10 PM | Attr = ]
C:\WINDOWS\System32\libssl32.dll [Ver = | Size = 155648 bytes | Modified Date = 4/23/2007 3:22:38 AM | Attr = ]
C:\WINDOWS\System32\mcrh.tmp [Ver = | Size = 143 bytes | Modified Date = 4/22/2007 2:34:06 PM | Attr = ]
C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 63804 bytes | Modified Date = 4/22/2007 2:39:28 AM | Attr = ]
C:\WINDOWS\System32\ReinstallBackups [Folder | Modified Date = 4/22/2007 2:41:56 AM | Attr = ]
C:\WINDOWS\System32\rtstv.tmp [Ver = | Size = 502269 bytes | Modified Date = 4/18/2007 3:56:32 PM | Attr = HS]
C:\WINDOWS\System32\swreg.exe SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Modified Date = 4/2/2007 2:21:28 PM | Attr = ]
C:\WINDOWS\System32\tenarchlib [Folder | Modified Date = 4/14/2007 11:36:44 AM | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 2206 bytes | Modified Date = 4/26/2007 12:19:30 AM | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.461 | Size = 778432 bytes | Modified Dat

#11 uber n00b

uber n00b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Pune
  • Local time:03:33 PM

Posted 26 April 2007 - 10:25 AM

And you still havent told me how bad the damage on my computer is....

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 26 April 2007 - 10:51 AM

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
C:\QooBox
C:\VundoFix Backups


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#13 uber n00b

uber n00b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Pune
  • Local time:03:33 PM

Posted 26 April 2007 - 10:59 AM

Thank you dude you saved my life
:thumbsup: :flowers:
I also joined the HJT Training Program so that i can learn too....





PS: are u like online 24 hrs?

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 26 April 2007 - 12:47 PM

You're welcome :thumbsup:

Since your problem appears to be resolved, this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users