Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91736 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] hijackthis log


  • This topic is locked This topic is locked
12 replies to this topic

#1 cmp

cmp

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 11 April 2008 - 03:18 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:36 PM, on 2008-04-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Documents and Settings\All Users\Application Data\adwfohcx\gnsrgncf.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\antiviirus.exe
C:\WINDOWS\system32\vslgrqle.exe
C:\DOCUME~1\ronNy\LOCALS~1\Temp\winlogan.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - C:\WINDOWS\system32\jkkJbaaw.dll
O2 - BHO: (no name) - {7c109800-a5d5-438f-9640-18d17e168b88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: DVA Media - {82b8e0b5-45f5-4779-966a-c474164f8f7f} - C:\WINDOWS\temlxopqgdk.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\2.bin\ASKPBAR.DLL
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O3 - Toolbar: vnbptxlf - {2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [Cy5am3DKpq] C:\Documents and Settings\All Users\Application Data\adwfohcx\gnsrgncf.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9034a523-d068-4be8-a284-9df278be776e} - http://www.ieservice...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034a523-d068-4be8-a284-9df278be776e} - http://www.ieservice...om/redirect.php (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ronNy\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188869733937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188869636156
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalga...ffyLauncher.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...crypt/npkcx.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0275DBA4-489B-41AB-B3E2-C904A6375E6C}: NameServer = 85.255.116.38,85.255.112.207
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECDFCD41-F731-4B95-8E34-F06025E35A64}: NameServer = 85.255.116.38,85.255.112.207
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.38 85.255.112.207
O17 - HKLM\System\CS2\Services\Tcpip\..\{0275DBA4-489B-41AB-B3E2-C904A6375E6C}: NameServer = 85.255.116.38,85.255.112.207
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.38 85.255.112.207
O17 - HKLM\System\CS3\Services\Tcpip\..\{0275DBA4-489B-41AB-B3E2-C904A6375E6C}: NameServer = 85.255.116.38,85.255.112.207
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.38 85.255.112.207
O20 - Winlogon Notify: jkkJbaaw - C:\WINDOWS\SYSTEM32\jkkJbaaw.dll
O21 - SSODL: DriveRom - {7f7ea155-eded-4fc8-b55b-ddcbcefc55d8} - C:\WINDOWS\Resources\DriveRom.dll
O21 - SSODL: zip - {6fb547a9-05a9-4a9b-9a7f-89aa65086856} - C:\WINDOWS\Installer\{6fb547a9-05a9-4a9b-9a7f-89aa65086856}\zip.dll
O21 - SSODL: mgsvflkw - {4C2919DC-1088-44F6-94C3-801D58FAA60F} - C:\WINDOWS\mgsvflkw.dll
O21 - SSODL: qdnkewfa - {200C0B03-4BD7-414D-9F34-90BF14B8AB59} - C:\WINDOWS\qdnkewfa.dll
O21 - SSODL: ServiceKernel - {2f2f498f-6b34-4e7b-83c8-ab4af29d66ee} - C:\WINDOWS\Resources\ServiceKernel.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - C:\WINDOWS\system32\rkvdr.dll

--
End of file - 7652 bytes


any help would be appreciated thanks
i'll be online mostly day
tomorrow going to be busy till evening
sunday busy till evening

so thats when ill be responding back to replies thanks

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 11 April 2008 - 05:53 PM

Hello and welcome to the forum.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.

Next:

Please download FixWareout from this site:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

Once the desktop loads a text that will open (report.txt) Please save this file, you'll need to post it with a new HijackThis log.


Next:

Now lets check some settings on your system.
Enter your Control Panel and double-click on Network Connections

Then right click on your Default Connection
Usually Local Area Connection for Cable and DSL
Left click on Properties
Double-Click on the Internet Protocol (TCP/IP) item
Select the radio dial that says Obtain DNS Servers Automatically
Press OK twice to get out of the properties screen and reboot if it asks

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two


Reboot and "copy/paste" the text file (report.txt) and a new Hijackthis log

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 cmp

cmp

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 11 April 2008 - 06:51 PM

thanks for the fast reply :)
everything seem to be running smoothly right now
but im having a pop at at startup that says
RUNDLL
Error loading C:\WINDOWS\system32\ahxjtbkv.dll
The specified module could not be found
well heres the log

Username "ronNy" - 2008-04-11 17:34:28 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"ntuser"="C:\\WINDOWS\\system32\\drivers\\spools.exe"
"autoload"="C:\\Documents and Settings\\ronNy\\cftmon.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"BM876e2f7c"="Rundll32.exe \"C:\\WINDOWS\\system32\\ahxjtbkv.dll\",s"
"Malwarebytes Anti-Malware Reboot"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"ntuser"="C:\\WINDOWS\\system32\\drivers\\spools.exe"
"autoload"="C:\\Documents and Settings\\ronNy\\cftmon.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:43 PM, on 2008-04-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {312BC665-FD65-4D8C-B428-807774B88FA3} - C:\WINDOWS\system32\ssqPIxXq.dll
O2 - BHO: (no name) - {64c53e3e-2d17-408e-8e67-725aef4f3661} - C:\WINDOWS\system32\urqqPHBu.dll
O2 - BHO: (no name) - {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - (no file)
O2 - BHO: DVA Media - {82b8e0b5-45f5-4779-966a-c474164f8f7f} - C:\WINDOWS\temlxopqgdk.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: vnbptxlf - {2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\ronNy\cftmon.exe
O4 - HKLM\..\Run: [BM876e2f7c] Rundll32.exe "C:\WINDOWS\system32\ahxjtbkv.dll",s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\ronNy\cftmon.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ronNy\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188869733937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188869636156
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalga...ffyLauncher.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...crypt/npkcx.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECDFCD41-F731-4B95-8E34-F06025E35A64}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: DriveRom - {7f7ea155-eded-4fc8-b55b-ddcbcefc55d8} - C:\WINDOWS\Resources\DriveRom.dll
O21 - SSODL: mgsvflkw - {4C2919DC-1088-44F6-94C3-801D58FAA60F} - C:\WINDOWS\mgsvflkw.dll
O21 - SSODL: qdnkewfa - {200C0B03-4BD7-414D-9F34-90BF14B8AB59} - C:\WINDOWS\qdnkewfa.dll
O21 - SSODL: ServiceKernel - {2f2f498f-6b34-4e7b-83c8-ab4af29d66ee} - C:\WINDOWS\Resources\ServiceKernel.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5770 bytes

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 11 April 2008 - 06:53 PM

We killed the browser redirections. We have more that need fixed.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 cmp

cmp

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 11 April 2008 - 07:12 PM

Malwarebytes' Anti-Malware 1.11
Database version: 615

Scan type: Quick Scan
Objects scanned: 42845
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 7
Registry Keys Infected: 28
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ssqPIxXq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\Resources\DriveRom.dll (Trojan.Clicker) -> Unloaded module successfully.
C:\WINDOWS\Resources\ServiceKernel.dll (Trojan.Clicker) -> Unloaded module successfully.
C:\WINDOWS\vnbptxlf.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\temlxopqgdk.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\mgsvflkw.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\qdnkewfa.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8cdb4b4a-4536-4592-b64c-0244eb589789} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8cdb4b4a-4536-4592-b64c-0244eb589789} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AleWinSecure.EXE (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7f7ea155-eded-4fc8-b55b-ddcbcefc55d8} (Trojan.Clicker) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2f2f498f-6b34-4e7b-83c8-ab4af29d66ee} (Trojan.Clicker) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IQSoftware (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusheat 4.3.exe 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusheat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ebc25fd-cdc9-4354-b220-2b7bfcbb28d3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{82b8e0b5-45f5-4779-966a-c474164f8f7f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82b8e0b5-45f5-4779-966a-c474164f8f7f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4c2919dc-1088-44f6-94c3-801d58faa60f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{200c0b03-4bd7-414d-9f34-90bf14b8ab59} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vnbptxlf.bvot (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vnbptxlf.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MSVPS.MSVPSApp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AleWinSecure.EXE (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\DriveRom (Trojan.Clicker) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ServiceKernel (Trojan.Clicker) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM876e2f7c (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2ebc25fd-cdc9-4354-b220-2b7bfcbb28d3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mgsvflkw (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qdnkewfa (Trojan.FakeAlert) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\215651 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ssqPIxXq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qXxIPqss.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qXxIPqss.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqqPHBu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uBHPqqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uBHPqqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\215651\215651.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awttrrPG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jfiehayd.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mfshmvaj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rkvdr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vslgrqle.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ronNy\Local Settings\Temp\zfe3.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\DriveRom.dll (Trojan.Clicker) -> Delete on reboot.
C:\WINDOWS\Resources\ServiceKernel.dll (Trojan.Clicker) -> Delete on reboot.
C:\WINDOWS\zeqbqwp.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xdjhbjyi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\vnbptxlf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\temlxopqgdk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mgsvflkw.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\qdnkewfa.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\apoxqwfv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ronNy\Start Menu\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Documents and Settings\ronNy\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:46 PM, on 2008-04-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\progra~1\mozill~1\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: {9b467643-9fd3-d44a-fa74-dd34176a8a96} - {69a8a671-43dd-47af-a44d-3df9346764b9} - C:\WINDOWS\system32\pymvfrya.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\ronNy\cftmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\ronNy\cftmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ronNy\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188869733937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188869636156
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalga...ffyLauncher.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...crypt/npkcx.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECDFCD41-F731-4B95-8E34-F06025E35A64}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 4874 bytes

everything is running good thanks .
besides that pop up i described in my last post

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 11 April 2008 - 07:14 PM

Please wait until I post the all clean post.
You still have several infected files.

Download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Give it atleast 20-30 minutes to finish

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 cmp

cmp

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 11 April 2008 - 07:32 PM

ComboFix 08-04-11.5 - ronNy 2008-04-11 18:17:57.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.164 [GMT -7:00]
Running from: C:\Documents and Settings\ronNy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\ronNy\Application Data\macromedia\Flash Player\#SharedObjects\ML7UFACF\www.broadcaster.com
C:\Documents and Settings\ronNy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\WINDOWS\pskt.ini
C:\WINDOWS\ravmone.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\pymvfrya.dll

----- BITS: Possible infected sites -----

hxxp://flyvideonetwork.com
.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-11 17:58 . 2008-04-11 17:58 3,648 --a------ C:\WINDOWS\system32\akuxecfx.dll
2008-04-11 17:55 . 2008-04-11 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 17:54 . 2008-04-11 17:55 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 17:25 . 2008-04-11 17:36 <DIR> d-------- C:\fixwareout
2008-04-11 15:19 . 2008-04-11 15:19 3,648 --a------ C:\WINDOWS\system32\lscdxymk.dll
2008-04-11 15:18 . 2008-04-11 16:41 101,118 --a------ C:\WINDOWS\BM876e2f7c.xml
2008-04-11 15:18 . 2008-04-11 15:18 94,784 --------- C:\WINDOWS\system32\ahxjtbkv.dll_old
2008-04-11 15:09 . 2008-04-11 15:09 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\TmpRecentIcons
2008-04-11 14:49 . 2008-04-11 14:49 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\Malwarebytes
2008-04-11 14:03 . 2008-04-11 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\adwfohcx
2008-04-11 14:02 . 2008-04-11 14:09 47 --a------ C:\smp.bat
2008-04-11 14:01 . 2008-04-11 14:01 2 --a------ C:\-2074272689
2008-04-10 23:28 . 2008-04-10 23:28 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-10 23:28 . 2008-04-10 23:28 5,632 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-10 21:36 . 2008-04-10 21:39 3,932,214 --a------ C:\WINDOWS\wallpaper.bmp
2008-04-09 21:32 . 2008-04-11 14:25 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\Aim
2008-04-09 21:00 . 2008-04-09 21:15 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\gtk-2.0
2008-04-09 20:57 . 2008-04-09 21:29 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\.purple
2008-04-09 20:56 . 2008-04-10 23:27 <DIR> d-------- C:\Program Files\Pidgin
2008-04-09 20:55 . 2008-04-09 20:55 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-04-09 20:54 . 2008-04-09 20:54 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\Thunderbird
2008-04-09 20:52 . 2008-04-11 15:10 <DIR> d-------- C:\Program Files\AskPBar
2008-04-09 20:51 . 2008-04-11 16:47 <DIR> d-------- C:\Program Files\Trillian
2008-04-09 20:05 . 2008-04-09 20:05 <DIR> d-------- C:\Program Files\Vista Drive Icon
2008-04-09 18:35 . 2008-04-09 18:35 46,802 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-09 18:32 . 2008-04-09 18:35 2,271 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-09 18:31 . 2008-04-09 18:31 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-04-09 18:22 . 2007-04-07 15:29 <DIR> d-------- C:\Program Files\__MACOSX
2008-04-09 14:44 . 2008-04-09 19:44 <DIR> d-------- C:\STUFF
2008-04-09 14:34 . 2008-04-09 18:50 <DIR> d-a------ C:\Program Files\Aerometal Tiles
2008-04-09 14:33 . 2008-04-09 15:21 <DIR> d-------- C:\Program Files\RocketDock
2008-04-08 22:35 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-08 22:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-08 22:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-08 22:35 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-08 16:42 . 2008-04-09 18:34 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-04-08 16:38 . 2008-04-09 18:03 <DIR> d-------- C:\WINDOWS\Packs
2008-04-08 15:56 . 2006-05-10 00:18 2,819,584 --a------ C:\WINDOWS\Shellstyle.dll
2008-04-08 15:56 . 2006-05-10 00:45 120,377 --a------ C:\WINDOWS\preview.jpg
2008-04-07 22:32 . 2008-04-07 22:32 335 --a------ C:\WINDOWS\mozregistry.dat
2008-04-07 20:59 . 2008-04-07 21:02 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-07 20:58 . 2005-07-20 02:46 59,160 --a------ C:\WINDOWS\zllsputility.exe
2008-04-07 20:58 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-07 20:57 . 2008-04-08 08:11 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-07 17:20 . 2008-04-07 17:40 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\Vista Start Menu
2008-04-07 17:01 . 2008-04-07 17:01 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-07 17:01 . 2008-04-07 17:01 <DIR> d-------- C:\3a32b1c9d06f005f3872fa
2008-04-07 16:55 . 2008-04-10 23:27 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-04-07 16:08 . 2008-04-07 16:08 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-04-07 15:46 . 2008-04-07 16:12 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-04-07 15:46 . 2008-04-07 15:46 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\Styler
2008-04-07 15:45 . 2008-04-07 15:49 <DIR> d-------- C:\VTPFiles
2008-04-07 15:45 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-04-07 15:45 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-04-07 15:45 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-04-07 15:45 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-04-07 15:43 . 2008-04-07 15:43 <DIR> d-------- C:\WINDOWS\Performance
2008-04-07 15:43 . 2008-04-07 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-04-07 15:42 . 2008-04-07 15:42 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-03-31 23:10 . 2008-04-09 12:59 <DIR> d-------- C:\Program Files\Metin2.us
2008-03-21 13:30 . 2008-03-21 13:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-03-21 13:30 . 2008-03-21 13:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-03-19 17:05 . 2008-03-25 15:56 <DIR> d-------- C:\Program Files\GPotato
2008-03-16 20:16 . 2008-03-16 20:16 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-03-14 23:31 . 2008-03-14 23:31 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-12 00:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-12 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-12 00:37 --------- d-----w C:\Documents and Settings\ronNy\Application Data\AVG7
2008-04-11 23:59 --------- d-----w C:\Program Files\Outspark
2008-04-11 23:53 --------- d-----w C:\Program Files\BitTorrent
2008-04-11 22:04 --------- d-----w C:\Program Files\MaxOn Soft
2008-04-11 21:48 --------- d-----w C:\Program Files\Azureus
2008-04-11 21:25 --------- d-----w C:\Program Files\AIM
2008-04-11 21:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-11 06:27 --------- d-----w C:\Program Files\windysoft
2008-04-11 05:21 --------- d-----w C:\Program Files\FlashGet
2008-04-10 05:06 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2008-04-10 04:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 04:44 --------- d-----w C:\Program Files\Yahoo!
2008-04-10 04:44 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-10 04:44 --------- d-----w C:\Documents and Settings\ronNy\Application Data\Yahoo!
2008-04-10 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-04-10 04:31 --------- d-----w C:\Program Files\AOD
2008-04-10 04:29 --------- d-----w C:\Documents and Settings\ronNy\Application Data\.purple
2008-04-10 03:56 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-10 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-10 01:50 --------- d-----w C:\Program Files\SealOnlineUSA
2008-04-10 01:50 --------- d-----w C:\Program Files\Real Alternative
2008-04-10 01:50 --------- d-----w C:\Program Files\dsfasdfa
2008-04-10 01:50 --------- d-----w C:\Program Files\DivX
2008-04-10 01:50 --------- d-----w C:\Program Files\AV Vcs 4.0 DIAMOND
2008-04-09 21:33 --------- d-----w C:\Program Files\Stardock
2008-04-09 21:33 --------- d-----w C:\Program Files\Common Files\Stardock
2008-03-27 05:01 --------- d--h--w C:\Documents and Settings\ronNy\Application Data\IJJIGame
2008-03-20 00:20 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-03-16 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark
2008-03-07 21:08 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-06 04:29 90,112 ----a-w C:\WINDOWS\DUMP1adb.tmp
2008-03-06 01:54 90,112 ----a-w C:\WINDOWS\DUMP1a3e.tmp
2008-03-06 01:53 90,112 ----a-w C:\WINDOWS\DUMP19b2.tmp
2008-03-06 01:38 90,112 ----a-w C:\WINDOWS\DUMP1964.tmp
2008-02-12 19:32 --------- d-----w C:\Program Files\Apple Software Update
2008-02-12 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-12 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-16 19:21 87,608 ----a-w C:\Documents and Settings\ronNy\Application Data\inst.exe
2007-09-16 19:21 47,360 ----a-w C:\Documents and Settings\ronNy\Application Data\pcouffin.sys
2007-09-30 09:08 2,139,752 --sh--w C:\WINDOWS\system32\rrqss.bak1
2007-09-30 20:10 2,132,943 --sh--w C:\WINDOWS\system32\rrqss.bak2
2007-09-30 09:39 2,138,193 --sh--w C:\WINDOWS\system32\rrqss.ini2
.

------- Sigcheck -------

2005-09-02 16:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 19:09 659456 6e533d155b259eb2363d3e04b5be309f C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 20:38 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-03 20:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-09 22:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 04:25 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 01:31 664576 d207370287cf769aebebf03837784963 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2006-10-23 08:34 664576 231ef4179acabe486376b5ca893f1076 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
2005-07-02 19:11 658432 5b5ff992c0fa762ccf8655fc290e6e52 C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
2004-08-03 21:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
2005-09-02 16:52 658432 af61ebb1f550175eff406d545d6ab086 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2005-10-20 20:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2006-03-03 20:33 658432 1c0979c7a489bee573cd0bf4ad94bb06 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-09 22:23 658432 38ab7a56f566d9aaad31812494944824 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 04:02 658944 2b4db890936430c71419037039502752 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
2006-09-14 01:39 658944 621af3f6174a3f60677f5230e28bcc07 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-10-23 08:17 807424 66b2dd37e86b81d8688512b3c2330e63 C:\WINDOWS\system32\wininet.dll
2006-10-23 08:17 807424 66b2dd37e86b81d8688512b3c2330e63 C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-03 21:56 2114048 81e660826b98c26b662b572666204ce3 C:\WINDOWS\explorer.exe
2004-08-03 21:56 2114048 81e660826b98c26b662b572666204ce3 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 21:56 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" []

C:\Documents and Settings\ronNy\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-04-09 14:33:56 3450608]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Icatch(VI) SnapDetect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Icatch(VI) SnapDetect.lnk
backup=C:\WINDOWS\pss\Icatch(VI) SnapDetect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ronNy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\ronNy\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^ronny^start menu^programs^startup^stardock objectdock.lnk]
path=C:\Documents and Settings\ronNy\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^ronny^start menu^programs^startup^trillian.lnk]
path=C:\Documents and Settings\ronNy\Start Menu\Programs\Startup\Trillian.lnk
backup=C:\WINDOWS\pss\Trillian.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^ronny^start menu^programs^startup^y'z toolbar.lnk]
path=C:\Documents and Settings\ronNy\Start Menu\Programs\Startup\Y'z Toolbar.lnk
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
C:\Program Files\antiviirus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
C:\Documents and Settings\ronNy\cftmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-01 13:32 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvicon]
--a------ 2007-07-04 12:59 45056 C:\Program Files\Vista Drive Icon\DrvIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eciagsyr]
C:\WINDOWS\system32\vslgrqle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-04-17 12:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 16:24 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jdgf894jrghoiiskd]
C:\DOCUME~1\ronNy\LOCALS~1\Temp\winlogan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd]
C:\DOCUME~1\ronNy\LOCALS~1\Temp\csrssc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]
C:\WINDOWS\system32\drivers\spools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 21:43 7630848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 21:43 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-17 00:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV]
C:\WINDOWS\RavMonE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RudPadTray]
C:\Program Files\RudPad\RudPadTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
C:\WINDOWS\system32\viivrqvf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure]
C:\WINDOWS\WindowsUpdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 03:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TC-Spy]
C:\Program Files\TC-Spy\TC-Spy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-01-18 20:56 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 14:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoraiPodConverter]
--a------ 2005-11-11 11:32 483328 C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2007-01-04 14:38 112336 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\virusheat 4.3]
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-04-05 11:56 2140336 C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YAHOO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)
"IDriverT"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"iPodService"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"NVSvc"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"DomainService"=2 (0x2)
"sdCoreService"=3 (0x3)
"npkcsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"Schedule"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Valve\\Steam\\SteamApps\\mothugz21@hotmail.com\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\DriftCity\\DriftCity.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\ijji\\ENGLISH\\u_goonzu.exe"=
"C:\\WINDOWS\\system32\\SolidStateNetworks\\SolidStateION\\solidnm.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitPim\\bitpimw.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"C:\\ijji\\ENGLISH\\u_gbound.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Program Files\\Metin2.us\\metin2.bin"=
"C:\\Program Files\\AIM\\AOL.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YAHOO.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"46647:TCP"= 46647:TCP:SolidNetworkManager
"46647:UDP"= 46647:UDP:SolidNetworkManager
"16628:TCP"= 16628:TCP:NortonAV
"12123:TCP"= 12123:TCP:NortonAV
"15188:TCP"= 15188:TCP:NortonAV
"12697:TCP"= 12697:TCP:NortonAV
"14839:TCP"= 14839:TCP:NortonAV
"17630:TCP"= 17630:TCP:NortonAV
"16408:TCP"= 16408:TCP:NortonAV
"18035:TCP"= 18035:TCP:NortonAV
"14268:TCP"= 14268:TCP:NortonAV
"15469:TCP"= 15469:TCP:NortonAV
"18315:TCP"= 18315:TCP:NortonAV
"13796:TCP"= 13796:TCP:NortonAV
"12813:TCP"= 12813:TCP:NortonAV
"12032:TCP"= 12032:TCP:NortonAV
"14274:TCP"= 14274:TCP:NortonAV

S1 zeqbqwp;zeqbqwp;C:\WINDOWS\zeqbqwp.sys []
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys [2005-07-26 11:13]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys [2005-07-26 11:15]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys [2005-07-26 11:15]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\z520mgmt.sys [2005-07-26 11:16]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\z520obex.sys [2005-07-26 11:18]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d3e2330-a6c2-11dc-8ad9-00115b98748d}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d895b6a1-ae71-11dc-8afc-00115b98748d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6674ac2-216c-11da-9374-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 01:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-09 01:55:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 18:23:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-11 18:27:43 - machine was rebooted [ronNy]
ComboFix-quarantined-files.txt 2008-04-12 01:27:36
ComboFix2.txt 2007-09-30 09:52:21
Pre-Run: 24,824,954,880 bytes free
Post-Run: 24,832,221,184 bytes free



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:01 PM, on 2008-04-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ronNy\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188869733937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188869636156
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalga...ffyLauncher.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...crypt/npkcx.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECDFCD41-F731-4B95-8E34-F06025E35A64}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 4955 bytes

#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 11 April 2008 - 08:04 PM

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\akuxecfx.dll
C:\WINDOWS\system32\lscdxymk.dll
C:\WINDOWS\BM876e2f7c.xml
C:\WINDOWS\system32\ahxjtbkv.dll_old
C:\smp.bat
C:\-2074272689
C:\WINDOWS\system32\Uharc.exe
C:\WINDOWS\system32\moveex.exe
C:\WINDOWS\system32\reico.exe
C:\WINDOWS\system32\modifype.exe
C:\WINDOWS\DUMP1adb.tmp
C:\WINDOWS\DUMP1a3e.tmp
C:\WINDOWS\DUMP19b2.tmp
C:\WINDOWS\DUMP1964.tmp
C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.bak2
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\privacy_danger\index.htm
C:\Program Files\antiviirus.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\system32\vslgrqle.exe
C:\DOCUME~1\ronNy\LOCALS~1\Temp\winlogan.exe
C:\DOCUME~1\ronNy\LOCALS~1\Temp\csrssc.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\viivrqvf.dll
C:\WINDOWS\WindowsUpdates.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe
C:\WINDOWS\zeqbqwp.sys

Folder::
C:\fixwareout
C:\Program Files\AskPBar
C:\3a32b1c9d06f005f3872fa
C:\Program Files\Viewpoint
C:\Program Files\VirusHeat 4.3

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eciagsyr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jdgf894jrghoiiskd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\virusheat 4.3]

Save this as Save this as "CFScript"


Posted Image

Drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 cmp

cmp

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 11 April 2008 - 08:17 PM

ComboFix 08-04-11.5 - ronNy 2008-04-11 19:09:15.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.122 [GMT -7:00]
Running from: C:\Documents and Settings\ronNy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ronNy\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\-2074272689
C:\DOCUME~1\ronNy\LOCALS~1\Temp\csrssc.exe
C:\DOCUME~1\ronNy\LOCALS~1\Temp\winlogan.exe
C:\Program Files\antiviirus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe
C:\smp.bat
C:\WINDOWS\avp.exe
C:\WINDOWS\BM876e2f7c.xml
C:\WINDOWS\DUMP1964.tmp
C:\WINDOWS\DUMP19b2.tmp
C:\WINDOWS\DUMP1a3e.tmp
C:\WINDOWS\DUMP1adb.tmp
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\ahxjtbkv.dll_old
C:\WINDOWS\system32\akuxecfx.dll
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\lscdxymk.dll
C:\WINDOWS\system32\modifype.exe
C:\WINDOWS\system32\moveex.exe
C:\WINDOWS\system32\reico.exe
C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.bak2
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\Uharc.exe
C:\WINDOWS\system32\viivrqvf.dll
C:\WINDOWS\system32\vslgrqle.exe
C:\WINDOWS\WindowsUpdates.exe
C:\WINDOWS\zeqbqwp.sys
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-2074272689
C:\3a32b1c9d06f005f3872fa
C:\3a32b1c9d06f005f3872fa\atl80.dll
C:\3a32b1c9d06f005f3872fa\cert.dll
C:\3a32b1c9d06f005f3872fa\conflictingappmodule.dll
C:\3a32b1c9d06f005f3872fa\de-at\eula.rtf
C:\3a32b1c9d06f005f3872fa\de-at\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\de-ch\eula.rtf
C:\3a32b1c9d06f005f3872fa\de-ch\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\de-de\eula.rtf
C:\3a32b1c9d06f005f3872fa\de-de\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\en-au\eula.rtf
C:\3a32b1c9d06f005f3872fa\en-au\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\en-ca\eula.rtf
C:\3a32b1c9d06f005f3872fa\en-ca\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\en-gb\eula.rtf
C:\3a32b1c9d06f005f3872fa\en-gb\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\en-ie\eula.rtf
C:\3a32b1c9d06f005f3872fa\en-ie\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\en-nz\eula.rtf
C:\3a32b1c9d06f005f3872fa\en-nz\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\en-sg\eula.rtf
C:\3a32b1c9d06f005f3872fa\en-sg\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\es-es\eula.rtf
C:\3a32b1c9d06f005f3872fa\es-es\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\es-mx\eula.rtf
C:\3a32b1c9d06f005f3872fa\es-mx\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\es-us\eula.rtf
C:\3a32b1c9d06f005f3872fa\es-us\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\eula.rtf
C:\3a32b1c9d06f005f3872fa\fr-be\eula.rtf
C:\3a32b1c9d06f005f3872fa\fr-be\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\fr-ca\eula.rtf
C:\3a32b1c9d06f005f3872fa\fr-ca\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\fr-ch\eula.rtf
C:\3a32b1c9d06f005f3872fa\fr-ch\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\fr-fr\eula.rtf
C:\3a32b1c9d06f005f3872fa\fr-fr\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\it-it\eula.rtf
C:\3a32b1c9d06f005f3872fa\it-it\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\ja-jp-psloc\eula.rtf
C:\3a32b1c9d06f005f3872fa\ja-jp-psloc\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\ja-jp\eula.rtf
C:\3a32b1c9d06f005f3872fa\ja-jp\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\ko-kr\eula.rtf
C:\3a32b1c9d06f005f3872fa\ko-kr\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\microsoft.vc80.atl.manifest
C:\3a32b1c9d06f005f3872fa\microsoft.vc80.crt.manifest
C:\3a32b1c9d06f005f3872fa\msvcp80.dll
C:\3a32b1c9d06f005f3872fa\msvcr80.dll
C:\3a32b1c9d06f005f3872fa\nl-be\eula.rtf
C:\3a32b1c9d06f005f3872fa\nl-be\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\nl-nl\eula.rtf
C:\3a32b1c9d06f005f3872fa\nl-nl\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\ochelpagent.dll
C:\3a32b1c9d06f005f3872fa\ocsetup.exe
C:\3a32b1c9d06f005f3872fa\ocsetupro.dll
C:\3a32b1c9d06f005f3872fa\service.xml
C:\3a32b1c9d06f005f3872fa\winsscommon.dll
C:\3a32b1c9d06f005f3872fa\winssplatform.dll
C:\Documents and Settings\ronNy\Application Data\inst.exe
C:\Documents and Settings\ronNy\ravmonlog
C:\fixwareout
C:\fixwareout\dnsbak.reg
C:\fixwareout\FindT\clsid.bak
C:\fixwareout\FindT\dumphive.exe
C:\fixwareout\FindT\FixWareOut.reg
C:\fixwareout\FindT\nircmd.exe
C:\fixwareout\FindT\patterns.txt
C:\fixwareout\FindT\rbot.bat
C:\fixwareout\FindT\RestartIt.exe
C:\fixwareout\FindT\runback.txt
C:\fixwareout\FindT\runs.vbs
C:\fixwareout\FindT\swreg.exe
C:\fixwareout\FindT\vfind.exe
C:\fixwareout\FindT\XP-2K2.cmd
C:\fixwareout\FixIt.BAT
C:\fixwareout\report.txt
C:\Program Files\AskPBar
C:\Program Files\AskPBar\bar\History\search2
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Manager\CPtask.xml
C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
C:\smp.bat
C:\WINDOWS\BM876e2f7c.xml
C:\WINDOWS\DUMP1964.tmp
C:\WINDOWS\DUMP19b2.tmp
C:\WINDOWS\DUMP1a3e.tmp
C:\WINDOWS\DUMP1adb.tmp
C:\WINDOWS\system32\ahxjtbkv.dll_old
C:\WINDOWS\system32\akuxecfx.dll
C:\WINDOWS\system32\lscdxymk.dll
C:\WINDOWS\system32\modifype.exe
C:\WINDOWS\system32\moveex.exe
C:\WINDOWS\system32\reico.exe
C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.bak2
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\Uharc.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-11 17:55 . 2008-04-11 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 17:54 . 2008-04-11 17:55 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 15:09 . 2008-04-11 15:09 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\TmpRecentIcons
2008-04-11 14:49 . 2008-04-11 14:49 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\Malwarebytes
2008-04-11 14:03 . 2008-04-11 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\adwfohcx
2008-04-10 23:28 . 2008-04-10 23:28 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-10 23:28 . 2008-04-10 23:28 5,632 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-10 21:36 . 2008-04-10 21:39 3,932,214 --a------ C:\WINDOWS\wallpaper.bmp
2008-04-09 21:32 . 2008-04-11 14:25 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\Aim
2008-04-09 21:00 . 2008-04-09 21:15 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\gtk-2.0
2008-04-09 20:57 . 2008-04-09 21:29 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\.purple
2008-04-09 20:56 . 2008-04-10 23:27 <DIR> d-------- C:\Program Files\Pidgin
2008-04-09 20:55 . 2008-04-09 20:55 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-04-09 20:54 . 2008-04-09 20:54 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\Thunderbird
2008-04-09 20:51 . 2008-04-11 16:47 <DIR> d-------- C:\Program Files\Trillian
2008-04-09 20:05 . 2008-04-09 20:05 <DIR> d-------- C:\Program Files\Vista Drive Icon
2008-04-09 18:35 . 2008-04-09 18:35 46,802 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-09 18:32 . 2008-04-09 18:35 2,271 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-09 18:31 . 2008-04-09 18:31 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-04-09 18:22 . 2007-04-07 15:29 <DIR> d-------- C:\Program Files\__MACOSX
2008-04-09 14:44 . 2008-04-09 19:44 <DIR> d-------- C:\STUFF
2008-04-09 14:34 . 2008-04-09 18:50 <DIR> d-a------ C:\Program Files\Aerometal Tiles
2008-04-09 14:33 . 2008-04-09 15:21 <DIR> d-------- C:\Program Files\RocketDock
2008-04-08 22:35 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-08 22:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-08 22:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-08 22:35 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-08 16:42 . 2008-04-09 18:34 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-04-08 16:38 . 2008-04-09 18:03 <DIR> d-------- C:\WINDOWS\Packs
2008-04-08 15:56 . 2006-05-10 00:18 2,819,584 --a------ C:\WINDOWS\Shellstyle.dll
2008-04-08 15:56 . 2006-05-10 00:45 120,377 --a------ C:\WINDOWS\preview.jpg
2008-04-07 22:32 . 2008-04-07 22:32 335 --a------ C:\WINDOWS\mozregistry.dat
2008-04-07 20:59 . 2008-04-07 21:02 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-07 20:58 . 2005-07-20 02:46 59,160 --a------ C:\WINDOWS\zllsputility.exe
2008-04-07 20:58 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-07 20:57 . 2008-04-08 08:11 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-07 17:20 . 2008-04-07 17:40 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\Vista Start Menu
2008-04-07 17:01 . 2008-04-07 17:01 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-07 16:55 . 2008-04-10 23:27 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-04-07 16:08 . 2008-04-07 16:08 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-04-07 15:46 . 2008-04-07 16:12 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-04-07 15:46 . 2008-04-07 15:46 <DIR> d-------- C:\Documents and Settings\ronNy\Application Data\Styler
2008-04-07 15:45 . 2008-04-07 15:49 <DIR> d-------- C:\VTPFiles
2008-04-07 15:43 . 2008-04-07 15:43 <DIR> d-------- C:\WINDOWS\Performance
2008-04-07 15:43 . 2008-04-07 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-04-07 15:42 . 2008-04-07 15:42 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-03-31 23:10 . 2008-04-09 12:59 <DIR> d-------- C:\Program Files\Metin2.us
2008-03-21 13:30 . 2008-03-21 13:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-03-21 13:30 . 2008-03-21 13:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-03-19 17:05 . 2008-03-25 15:56 <DIR> d-------- C:\Program Files\GPotato
2008-03-16 20:16 . 2008-03-16 20:16 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-03-14 23:31 . 2008-03-14 23:31 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-12 00:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-12 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-12 00:37 --------- d-----w C:\Documents and Settings\ronNy\Application Data\AVG7
2008-04-11 23:59 --------- d-----w C:\Program Files\Outspark
2008-04-11 23:53 --------- d-----w C:\Program Files\BitTorrent
2008-04-11 22:04 --------- d-----w C:\Program Files\MaxOn Soft
2008-04-11 21:48 --------- d-----w C:\Program Files\Azureus
2008-04-11 21:25 --------- d-----w C:\Program Files\AIM
2008-04-11 21:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-11 06:27 --------- d-----w C:\Program Files\windysoft
2008-04-11 05:21 --------- d-----w C:\Program Files\FlashGet
2008-04-10 05:06 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2008-04-10 04:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 04:44 --------- d-----w C:\Program Files\Yahoo!
2008-04-10 04:44 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-10 04:44 --------- d-----w C:\Documents and Settings\ronNy\Application Data\Yahoo!
2008-04-10 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-04-10 04:31 --------- d-----w C:\Program Files\AOD
2008-04-10 04:29 --------- d-----w C:\Documents and Settings\ronNy\Application Data\.purple
2008-04-10 03:56 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-10 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-10 01:50 --------- d-----w C:\Program Files\SealOnlineUSA
2008-04-10 01:50 --------- d-----w C:\Program Files\Real Alternative
2008-04-10 01:50 --------- d-----w C:\Program Files\dsfasdfa
2008-04-10 01:50 --------- d-----w C:\Program Files\DivX
2008-04-10 01:50 --------- d-----w C:\Program Files\AV Vcs 4.0 DIAMOND
2008-04-09 21:33 --------- d-----w C:\Program Files\Stardock
2008-04-09 21:33 --------- d-----w C:\Program Files\Common Files\Stardock
2008-04-08 23:41 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-08 23:41 218,624 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-03-27 05:01 --------- d--h--w C:\Documents and Settings\ronNy\Application Data\IJJIGame
2008-03-20 00:20 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-03-16 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark
2008-03-07 21:08 --------- d-----w C:\Program Files\Sony Ericsson
2008-02-12 19:32 --------- d-----w C:\Program Files\Apple Software Update
2008-02-12 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-12 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-16 19:21 47,360 ----a-w C:\Documents and Settings\ronNy\Application Data\pcouffin.sys
.

------- Sigcheck -------

2005-09-02 16:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 19:09 659456 6e533d155b259eb2363d3e04b5be309f C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 20:38 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-03 20:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-09 22:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 04:25 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 01:31 664576 d207370287cf769aebebf03837784963 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2006-10-23 08:34 664576 231ef4179acabe486376b5ca893f1076 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
2005-07-02 19:11 658432 5b5ff992c0fa762ccf8655fc290e6e52 C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
2004-08-03 21:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
2005-09-02 16:52 658432 af61ebb1f550175eff406d545d6ab086 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2005-10-20 20:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2006-03-03 20:33 658432 1c0979c7a489bee573cd0bf4ad94bb06 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-09 22:23 658432 38ab7a56f566d9aaad31812494944824 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 04:02 658944 2b4db890936430c71419037039502752 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
2006-09-14 01:39 658944 621af3f6174a3f60677f5230e28bcc07 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-10-23 08:17 807424 66b2dd37e86b81d8688512b3c2330e63 C:\WINDOWS\system32\wininet.dll
2006-10-23 08:17 807424 66b2dd37e86b81d8688512b3c2330e63 C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-03 21:56 2114048 81e660826b98c26b662b572666204ce3 C:\WINDOWS\explorer.exe
2004-08-03 21:56 2114048 81e660826b98c26b662b572666204ce3 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 21:56 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" []

C:\Documents and Settings\ronNy\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-04-09 14:33:56 3450608]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Icatch(VI) SnapDetect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Icatch(VI) SnapDetect.lnk
backup=C:\WINDOWS\pss\Icatch(VI) SnapDetect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ronNy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\ronNy\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^ronny^start menu^programs^startup^stardock objectdock.lnk]
path=C:\Documents and Settings\ronNy\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^ronny^start menu^programs^startup^trillian.lnk]
path=C:\Documents and Settings\ronNy\Start Menu\Programs\Startup\Trillian.lnk
backup=C:\WINDOWS\pss\Trillian.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^ronny^start menu^programs^startup^y'z toolbar.lnk]
path=C:\Documents and Settings\ronNy\Start Menu\Programs\Startup\Y'z Toolbar.lnk
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
C:\Documents and Settings\ronNy\cftmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-01 13:32 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvicon]
--a------ 2007-07-04 12:59 45056 C:\Program Files\Vista Drive Icon\DrvIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-04-17 12:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 16:24 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 21:43 7630848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 21:43 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-17 00:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV]
C:\WINDOWS\RavMonE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RudPadTray]
C:\Program Files\RudPad\RudPadTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 03:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TC-Spy]
C:\Program Files\TC-Spy\TC-Spy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-01-18 20:56 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 14:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoraiPodConverter]
--a------ 2005-11-11 11:32 483328 C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-04-05 11:56 2140336 C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YAHOO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)
"IDriverT"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"iPodService"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"NVSvc"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"DomainService"=2 (0x2)
"sdCoreService"=3 (0x3)
"npkcsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"Schedule"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Valve\\Steam\\SteamApps\\mothugz21@hotmail.com\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\DriftCity\\DriftCity.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\ijji\\ENGLISH\\u_goonzu.exe"=
"C:\\WINDOWS\\system32\\SolidStateNetworks\\SolidStateION\\solidnm.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitPim\\bitpimw.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"C:\\ijji\\ENGLISH\\u_gbound.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Program Files\\Metin2.us\\metin2.bin"=
"C:\\Program Files\\AIM\\AOL.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YAHOO.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"46647:TCP"= 46647:TCP:SolidNetworkManager
"46647:UDP"= 46647:UDP:SolidNetworkManager
"16628:TCP"= 16628:TCP:NortonAV
"12123:TCP"= 12123:TCP:NortonAV
"15188:TCP"= 15188:TCP:NortonAV
"12697:TCP"= 12697:TCP:NortonAV
"14839:TCP"= 14839:TCP:NortonAV
"17630:TCP"= 17630:TCP:NortonAV
"16408:TCP"= 16408:TCP:NortonAV
"18035:TCP"= 18035:TCP:NortonAV
"14268:TCP"= 14268:TCP:NortonAV
"15469:TCP"= 15469:TCP:NortonAV
"18315:TCP"= 18315:TCP:NortonAV
"13796:TCP"= 13796:TCP:NortonAV
"12813:TCP"= 12813:TCP:NortonAV
"12032:TCP"= 12032:TCP:NortonAV
"14274:TCP"= 14274:TCP:NortonAV

S1 zeqbqwp;zeqbqwp;C:\WINDOWS\zeqbqwp.sys []
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys [2005-07-26 11:13]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys [2005-07-26 11:15]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys [2005-07-26 11:15]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\z520mgmt.sys [2005-07-26 11:16]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\z520obex.sys [2005-07-26 11:18]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d3e2330-a6c2-11dc-8ad9-00115b98748d}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d895b6a1-ae71-11dc-8afc-00115b98748d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6674ac2-216c-11da-9374-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 01:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-09 01:55:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 19:12:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-11 19:15:00
ComboFix-quarantined-files.txt 2008-04-12 02:14:55
ComboFix2.txt 2008-04-12 01:27:43
ComboFix3.txt 2007-09-30 09:52:21
Pre-Run: 25,994,166,272 bytes free
Post-Run: 25,965,076,480 bytes free



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:43 PM, on 2008-04-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ronNy\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188869733937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188869636156
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalga...ffyLauncher.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...crypt/npkcx.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECDFCD41-F731-4B95-8E34-F06025E35A64}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 4874 bytes




computer is running great :)

#10 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 11 April 2008 - 08:20 PM

Good job :thumbup:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • Posted Image


    Here's my usual all clean post

    Log looks good :D


    You need to create a new Clean restore point.

    Note: This will remove all previous Restore Points

    Click Start Menu > Run > copy and paste

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

    Double-click My Computer.
    Click the Tools menu, and then click Folder Options.
    Click the View tab.
    Check "Hide file extensions for known file types."
    Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
    Check "Hide protected operating system files."
    Click Apply, and then click OK.

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      • From within Internet Explorer click on the Tools menu and then click on Options.
      • Click once on the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:
    Note: I no longer suggest Zone Alarm

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    Using IE-SPYAD to help block unwanted sites and activities

  • Winpatrol


  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#11 cmp

cmp

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 11 April 2008 - 08:38 PM

lol its all done thanks :)

#12 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 11 April 2008 - 08:39 PM

Great job :thumbup: You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 11 April 2008 - 08:39 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users