Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Friday 29.8.2025 / 13:43
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > virus... help needed
Show topics
 
Forums
Forums
VIRUS... HELP NEEDED
  Jump to:
 
Posted Message
Page:12Next >
falconv8
Suspended due to non-functional email address
_ 		9. December 2006 @ 22:10 _ Link to this message    Send private message to this user   
hey. i have a form of chinese virus on my computer, quite bad. a pop up occurs every ten minutes.

if anyone can help me, that would be great :)

find the combofix log below






Default - 06-12-10 18:40:12.10 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Default\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-10 to 2006-12-10 ))))))))))))))))))))))))))))))))))


2006-12-10 18:39 2,736 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-10 18:26 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-10 18:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-10 18:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-10 18:26 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-10 18:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-10 18:26 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-10 00:00 <DIR> d-------- C:\WINDOWS\temp
2006-12-09 23:45 <DIR> d-------- C:\WINDOWS\pss
2006-12-09 11:15 <DIR> d-------- C:\WINDOWS\system32\ContentTemp
2006-12-09 11:09 29,696 --a------ C:\WINDOWS\system32\wmpkn.dll
2006-12-09 11:04 27,648 --a------ C:\WINDOWS\system32\tpnet.dll
2006-12-09 11:03 10,752 --a------ C:\WINDOWS\system32\filter.dll
2006-12-09 11:03 10,447 --a------ C:\WINDOWS\system32\drivers\LanPort.sys
2006-12-07 18:11 36,864 --a------ C:\WINDOWS\system32\PvSec.dll
2006-12-07 18:11 28,672 --a------ C:\WINDOWS\system32\drivers\00003a52.SYS
2006-12-07 18:11 <DIR> d-------- C:\Program Files\vision
2006-12-05 16:54 <DIR> d-------- C:\Program Files\LimeWire
2006-12-05 15:50 9,651 --a------ C:\WINDOWS\system32\drivers\parcls.sys
2006-12-03 12:37 160,384 --a------ C:\WINDOWS\system32\drivers\cdnprot.sys
2006-12-03 00:33 <DIR> d-------- C:\Documents and Settings\Default\Incomplete
2006-12-03 00:33 <DIR> d-------- C:\Documents and Settings\Default\.limewire
2006-12-03 00:30 <DIR> d-------- C:\Program Files\Java
2006-12-03 00:27 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-02 23:34 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-02 21:53 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-02 21:53 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-02 21:53 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-02 21:53 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-02 21:53 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-02 21:52 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-02 21:52 61,440 -ra------ C:\WINDOWS\ov519dib.dll
2006-12-02 21:52 40,960 -ra------ C:\WINDOWS\system32\ov519ext.dll
2006-12-02 21:52 40,960 -ra------ C:\WINDOWS\CleanDev.exe
2006-12-02 21:52 32,528 -ra------ C:\WINDOWS\amcap.exe
2006-12-02 21:52 307,200 -ra------ C:\WINDOWS\vidcap32.exe
2006-12-02 21:52 25,211 -ra------ C:\WINDOWS\system32\drivers\ov519cmd.sys
2006-12-02 21:52 200,704 -ra------ C:\WINDOWS\sel3110.exe
2006-12-02 21:52 174,530 -ra------ C:\WINDOWS\system32\drivers\ov519vid.sys
2006-12-02 21:52 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-02 21:52 16,426 -ra------ C:\WINDOWS\system32\ov519usd.dll
2006-12-02 21:52 135,168 -ra------ C:\WINDOWS\ov519cap.exe
2006-12-02 21:52 <DIR> d-------- C:\WINDOWS\OvtCam
2006-12-01 17:51 376 --a------ C:\WINDOWS\system32\innvusmb32.dll
2006-11-30 17:03 <DIR> d-------- C:\WINDOWS\Download
2006-11-30 17:01 5,487 --a------ C:\WINDOWS\system32\wdfmgr32.exe
2006-11-30 17:01 <DIR> d-------- C:\WINDOWS\Intel
2006-11-30 16:57 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-29 19:22 <DIR> d-------- C:\Documents and Settings\Default\Application Data\InterVideo
2006-11-28 20:07 8,477 --a------ C:\WINDOWS\system32\drivers\amdk5.sys
2006-11-27 21:39 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-27 21:39 <DIR> d-------- C:\Program Files\InterVideo
2006-11-27 21:38 9,088 --------- C:\WINDOWS\system32\drivers\bsstor.sys
2006-11-27 21:38 716,800 --------- C:\WINDOWS\NuNInst.exe
2006-11-27 21:38 333,184 --------- C:\WINDOWS\system32\drivers\bsudf.sys
2006-11-27 21:37 610,304 --------- C:\WINDOWS\UNNMP.exe
2006-11-27 21:35 <DIR> d-------- C:\Program Files\ahead
2006-11-27 21:34 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-11-27 19:57 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2006-11-27 19:57 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2006-11-27 19:57 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2006-11-27 19:57 1,212,928 --a------ C:\WINDOWS\system32\Incinerator.dll
2006-11-27 19:57 <DIR> d-------- C:\Program Files\iolo
2006-11-26 23:18 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-26 19:26 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-11-26 18:21 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2006-11-26 18:20 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-26 18:20 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-26 18:19 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-26 18:17 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-26 18:17 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-26 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-26 10:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Help
2006-11-26 10:21 30,278 --a------ C:\WINDOWS\csrss.exe
2006-11-26 10:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2006-11-25 21:34 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-11-25 03:57 23,296 --a------ C:\WINDOWS\system32\cdnns.dll
2006-11-25 03:57 14,822 --a------ C:\WINDOWS\system32\drivers\cdntran.sys
2006-11-25 02:01 <DIR> d-------- C:\Program Files\Eyetoy Drivers
2006-11-25 01:32 <DIR> d-------- C:\WINDOWS\eyetoy
2006-11-25 01:32 <DIR> d-------- C:\Program Files\Eyetoy
2006-11-25 01:20 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-11-23 23:36 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-23 21:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-23 21:45 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Macromedia
2006-11-23 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-23 21:39 32,512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2006-11-23 21:37 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Lavasoft
2006-11-23 21:34 240,640 --a------ C:\WINDOWS\system32\NTWorkStan.dll
2006-11-23 21:20 552 --a------ C:\WINDOWS\system32\nrssvd32.dll
2006-11-23 21:20 <DIR> d-------- C:\WINDOWS\system32\drivers\etcdr
2006-11-23 21:19 60,928 --a------ C:\WINDOWS\system32\wnttech.dll
2006-11-23 21:19 60,928 --a------ C:\WINDOWS\system32\advwhes.dll
2006-11-23 21:19 29 --a------ C:\WINDOWS\system32\vdmop.dll
2006-11-23 21:19 22 --a------ C:\WINDOWS\system32\wmsnds32.dll
2006-11-23 21:19 106,281 --a------ C:\WINDOWS\system32\ad812.exe
2006-11-23 21:19 <DIR> d-------- C:\WINDOWS\system32\MicShExts
2006-11-23 21:19 <DIR> d-------- C:\Program Files\Common Files\CPUSH
2006-11-23 21:19 <DIR> d-------- C:\Downloads
2006-11-23 21:17 <DIR> d-------- C:\Program Files\CNNIC
2006-11-23 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2006-11-23 21:01 <DIR> d-------- C:\Program Files\Common Files\HP
2006-11-23 20:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
2006-11-23 20:58 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-11-23 20:57 <DIR> dr--s---- C:\WINDOWS\assembly
2006-11-23 20:57 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2006-11-23 20:57 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2006-11-23 20:54 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2006-11-23 20:54 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2006-11-23 20:54 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2006-11-23 20:54 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2006-11-23 20:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-11-23 20:54 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2006-11-23 20:54 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2006-11-23 20:47 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2006-11-23 20:47 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2006-11-23 20:46 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2006-11-23 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-23 20:22 <DIR> d--h----- C:\Config.Msi
2006-11-23 20:13 <DIR> d-------- C:\Program Files\HP
2006-11-23 20:10 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-23 20:10 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-23 20:10 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-23 20:10 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-23 20:10 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-23 20:10 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-23 20:10 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-23 20:10 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-23 20:10 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-11-23 20:10 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-23 20:10 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-23 20:10 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-23 20:09 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-11-23 20:09 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-23 20:09 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2006-11-23 20:09 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-23 20:09 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2006-11-23 20:09 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-23 20:09 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2006-11-23 20:09 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2006-11-23 20:09 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-23 20:09 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-11-23 20:09 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-23 20:09 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2006-11-23 20:08 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
2006-11-23 20:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-23 20:08 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-23 20:08 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-23 20:08 <DIR> d--hs---- C:\WINDOWS\Installer
2006-11-23 20:07 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-11-23 20:07 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-11-23 20:07 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-11-23 20:07 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-11-23 20:07 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-23 20:07 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-11-23 20:07 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-23 20:07 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-11-23 20:07 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-11-23 20:07 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-11-23 20:07 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-11-23 20:07 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-11-23 20:07 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-11-23 20:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-23 20:07 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-11-23 20:07 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-11-23 20:07 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-11-23 20:07 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-23 20:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-23 20:07 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-11-23 20:07 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-23 20:07 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-11-23 20:07 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-11-23 20:07 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-11-23 20:07 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-11-23 20:07 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-11-23 20:07 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-11-23 20:07 <DIR> d-a------ C:\Program Files\Common Files\..
2006-11-23 20:07 <DIR> d-a------ C:\Program Files\.
2006-11-23 20:07 <DIR> d-a------ C:\Program Files
2006-11-23 20:07 <DIR> d--hs---- C:\Program Files\..
2006-11-23 20:07 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-11-23 20:07 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-23 20:07 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-23 20:07 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\.
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-11-23 20:06 <DIR> d--hs---- C:\System Volume Information
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings
2006-11-23 20:01 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-11-23 20:01 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-11-23 20:01 <DIR> dr------- C:\WINDOWS\Web
2006-11-23 20:01 <DIR> d--hs---- C:\WINDOWS\..
2006-11-23 20:01 <DIR> d--h----- C:\WINDOWS\inf
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\WinSxS
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\twain_32
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\wins
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\spool
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ras
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\npp
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\mui
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\IME
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ias
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\export
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\config
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\3076
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\2052
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1054
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1042
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1041
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1037
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1033
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1031
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1028
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1025
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\security
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Resources
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\repair
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Provisioning
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\PeerNet
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\pchealth
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\mui
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\msapps
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\msagent
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Media
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\java
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\ime
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Help
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Debug
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Cursors
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Config
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\AppPatch
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\addins
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS
2006-11-23 19:59 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-23 19:54 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-11-23 19:54 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-11-23 19:54 <DIR> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-23 19:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2006-11-23 19:53 <DIR> d-------- C:\Program Files\Microsoft Office
2006-11-23 19:32 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AdobeUM
2006-11-23 19:32 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AdobeAUM
2006-11-23 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-11-23 19:07 <DIR> d-------- C:\Program Files\Adobe
2006-11-23 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-23 19:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-11-23 19:06 <DIR> d-------- C:\Program Files\Yahoo!
2006-11-23 19:00 <DIR> d-------- C:\Program Files\iTunes
2006-11-23 19:00 <DIR> d-------- C:\Program Files\iPod
2006-11-23 19:00 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Apple Computer
2006-11-23 18:59 <DIR> d-------- C:\Program Files\QuickTime
2006-11-23 18:59 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-23 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-23 18:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-11-23 18:47 <DIR> d-------- C:\Documents and Settings\Default\Contacts
2006-11-23 18:46 <DIR> d-------- C:\Program Files\MSN Messenger
2006-11-23 18:42 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-11-23 18:42 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Adobe
2006-11-23 18:32 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-23 18:32 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-23 18:23 <DIR> d--hs---- C:\RECYCLER
2006-11-23 18:01 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-23 18:00 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-11-23 17:59 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-11-23 09:49 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-23 09:49 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-23 09:49 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-23 09:49 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-23 09:49 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-23 09:49 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-23 09:49 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-11-23 09:49 <DIR> d-------- C:\Program Files\Grisoft
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AVG7
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-11-23 09:47 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-23 09:45 6,016 -ra------ C:\WINDOWS\system32\ntsim.sys
2006-11-23 09:45 40,960 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2006-11-23 09:43 <DIR> d-------- C:\Rhine
2006-11-23 09:42 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-23 09:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\SendTo
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\Recent
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\Application Data\.
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\Application Data
2006-11-23 09:23 <DIR> dr------- C:\Documents and Settings\Default\Start Menu
2006-11-23 09:23 <DIR> dr------- C:\Documents and Settings\Default\Favorites
2006-11-23 09:23 <DIR> d--hs---- C:\Documents and Settings\Default\Cookies
2006-11-23 09:23 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\Templates
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\PrintHood
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\NetHood
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\Local Settings
2006-11-23 09:23 <DIR> d---s---- C:\Documents and Settings\Default\Application Data\Microsoft
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\My Documents
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Desktop
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Identities
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\..
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\..
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\.
2006-11-23 09:21 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-11-23 09:20 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-23 09:20 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-23 09:17 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-23 09:17 0 -rahs---- C:\MSDOS.SYS
2006-11-23 09:17 0 -rahs---- C:\IO.SYS
2006-11-23 09:17 0 --a------ C:\CONFIG.SYS
2006-11-23 09:17 0 --a------ C:\AUTOEXEC.BAT
2006-11-23 09:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-23 09:17 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-11-23 09:17 <DIR> d-------- C:\Program Files\xerox
2006-11-23 09:17 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-11-23 09:16 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-11-23 09:16 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-11-23 09:16 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-11-23 09:16 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-11-23 09:15 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-23 09:15 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-23 09:15 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-11-23 09:15 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-23 09:15 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-23 09:15 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-11-23 09:15 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-23 09:15 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-23 09:15 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-23 09:15 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-23 09:15 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-23 09:15 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-23 09:15 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-11-23 09:15 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-23 09:15 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-23 09:15 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-23 09:15 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-23 09:15 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-23 09:15 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-23 09:15 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-23 09:15 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-23 09:15 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-23 09:15 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-23 09:15 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-23 09:15 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-23 09:15 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-23 09:15 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-23 09:15 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-23 09:15 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-11-23 09:15 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-23 09:15 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-23 09:15 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-23 09:15 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-23 09:15 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-23 09:15 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-23 09:15 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-11-23 09:15 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-23 09:15 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-23 09:15 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-23 09:15 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-23 09:15 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-23 09:15 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-23 09:15 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-23 09:15 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-11-23 09:15 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-23 09:15 <DIR> d---s---- C:\WINDOWS\Tasks
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\srchasst
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Outlook Express
2006-11-23 09:15 <DIR> d-------- C:\Program Files\NetMeeting
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Movie Maker
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Internet Explorer
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\System
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\Services
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-11-23 09:14 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-23 09:14 <DIR> d-------- C:\WINDOWS\Registration
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Windows Media Player
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Online Services
2006-11-23 09:14 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Messenger
2006-11-23 09:14 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-11-23 09:13 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-23 09:13 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-23 09:13 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-23 09:13 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-23 09:13 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-23 09:13 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-23 09:13 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-23 09:13 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-23 09:13 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-23 09:13 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-23 09:13 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-23 09:13 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-23 09:13 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-23 09:13 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-23 09:13 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-23 09:13 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-23 09:13 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-23 09:13 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-23 09:13 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-23 09:13 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-23 09:13 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-23 09:13 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-23 09:13 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-23 09:13 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-23 09:13 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-23 09:13 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-23 09:13 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-23 09:13 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-23 09:13 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-23 09:13 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-23 09:13 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-23 09:13 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-23 09:13 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-23 09:13 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-23 09:13 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-23 09:13 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-23 09:13 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-11-23 09:13 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-23 09:13 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-23 09:13 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-23 09:13 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-23 09:13 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-23 09:13 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-23 09:13 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-23 09:13 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-23 09:13 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-23 09:13 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-11-23 09:13 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-23 09:13 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-23 09:13 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-23 09:13 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-23 09:13 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-23 09:13 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-23 09:13 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-23 09:13 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-23 09:13 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-23 09:13 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-23 09:13 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-23 09:13 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-23 09:13 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-23 09:13 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-23 09:13 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-23 09:13 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-23 09:13 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-23 09:13 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-23 09:13 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-23 09:13 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-11-23 09:13 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-23 09:13 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-23 09:13 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-23 09:13 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-23 09:13 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-23 09:13 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-23 09:13 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-23 09:13 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-23 09:13 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-23 09:13 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-23 09:13 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-23 09:13 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-23 09:13 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-23 09:13 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-11-23 09:13 <DIR> d-------- C:\WINDOWS\system32\Com
2006-11-23 09:13 <DIR> d-------- C:\Program Files\Windows NT
2006-11-23 09:13 <DIR> d-------- C:\Program Files\MSN
2006-11-16 00:10 8,704 --a------ C:\WINDOWS\system\cmmd.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"CdnCtr"="C:\\Program Files\\CNNIC\\Cdn\\cdnup.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"wdfmgr32"="C:\\WINDOWS\\system32\\wdfmgr32.exe"
"mhs"="C:\\DOCUME~1\\Default\\LOCALS~1\\Temp\\mhs.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"xy"="C:\\WINDOWS\\Download\\svhost32.exe"
"wdfmgr32.exe"="C:\\WINDOWS\\system32\\wdfmgr32.exe"
"sdmmrnm"="D;]XJOEPXT]ufnq]te264/fyf"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"wlzs2"="C:\\DOCUME~1\\Default\\LOCALS~1\\Temp\\wlzs2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{78BF3960-61F0-4F4E-825D-3554FA61E847}"="Windows Media Player ºËÐÄÔ¤¼ÓÔسÌÐò"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{6E44887F-5214-41F2-AB46-4728735C4CC6}"=""
"{1A404685-7563-4d02-B0F6-58B308A406A9}"=""
"{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}"=""
"{B876D045-E0B1-4E79-9359-0B1BF00813EA}"="Media Filter"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"csrss"="C:\\WINDOWS\\csrss.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"csrss"="C:\\WINDOWS\\csrss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WebSecurity"="{3DD78ACF-0745-4532-94F8-A574457E1A81}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\amdk5
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\LanPort
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\parcls

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-10 18:40:54.34
C:\ComboFix.txt ... 06-12-10 18:40
C:\ComboFix2.txt ... 06-12-10 00:02
C:\ComboFix3.txt ... 06-12-10 00:00
[ + quote]
Advertisement
_ 		__
xxteakxx
Senior Member
_ 		9. December 2006 @ 22:18 _ Link to this message    Send private message to this user   
Please download SmitfraudFix.zip to the desktop from here


* Reboot your computer in Safe Mode (upon boot press F8, select "Safe Mode" from the menu and press Enter)
* Open the SmitfraudFix folder.
* Double-click smitfraudfix.cmd
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt.

Post the contents of rapport.txt and a new HijackThis log.
[ + quote]
falconv8
Suspended due to non-functional email address
_ 		9. December 2006 @ 22:38 _ Link to this message    Send private message to this user   
Hey,

Rapport..
SmitFraudFix v2.128

Scan done at 19:31:25.78, Sun 10/12/2006
Run from C:\Documents and Settings\Default\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{78BF3960-61F0-4F4E-825D-3554FA61E847}"="Windows Media Player ºËÐÄÔ¤¼ÓÔسÌÐò"

[HKEY_CLASSES_ROOT\CLSID\{78BF3960-61F0-4F4E-825D-3554FA61E847}\InProcServer32]
@="C:\WINDOWS\system32\wmpkn.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{78BF3960-61F0-4F4E-825D-3554FA61E847}\InProcServer32]
@="C:\WINDOWS\system32\wmpkn.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{78BF3960-61F0-4F4E-825D-3554FA61E847}"="Windows Media Player ºËÐÄÔ¤¼ÓÔسÌÐò"

[HKEY_CLASSES_ROOT\CLSID\{78BF3960-61F0-4F4E-825D-3554FA61E847}\InProcServer32]
@="C:\WINDOWS\system32\wmpkn.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{78BF3960-61F0-4F4E-825D-3554FA61E847}\InProcServer32]
@="C:\WINDOWS\system32\wmpkn.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End





hijackthis...

Logfile of HijackThis v1.99.1
Scan saved at 7:32:59 PM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Default\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 7333.5009.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system\tpkIM32.exe
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.qu123.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O1 - Hosts: 203.191.146.205 www.9505.com
O1 - Hosts: 203.191.146.205 9505.com
O1 - Hosts: 203.191.146.205 7939.com
O1 - Hosts: 203.191.146.205 www.7939.com
O1 - Hosts: 203.191.146.205 www.3448.com
O1 - Hosts: 203.191.146.205 3448.com
O1 - Hosts: 203.191.146.205 8925.com
O1 - Hosts: 203.191.146.205 www.8925.com
O1 - Hosts: 203.191.146.205 www.ttmp3.com
O1 - Hosts: 203.191.146.205 ttmp3.com
O1 - Hosts: 203.191.146.205 www.3tg.cn
O1 - Hosts: 203.191.146.205 3tg.cn
O1 - Hosts: 203.191.146.205 123wa.com
O1 - Hosts: 203.191.146.205 www.123wa.com
O1 - Hosts: 203.191.146.205 www.159.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: CNNIC ÍøÂ繤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [wdfmgr32.exe] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1164786513515
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSec.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Medie Sariel Number Service - Conexant - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
[ + quote]
falconv8
Suspended due to non-functional email address
_ 		10. December 2006 @ 19:23 _ Link to this message    Send private message to this user   
Sorry to sound picky, im sort of desperate... It is starting to overun my computer.

Any help is great :)

Thanks
[ + quote]
Niobis
Senior Member
_ 		11. December 2006 @ 14:45 _ Link to this message    Send private message to this user   
Hi falconv8, since xxteakxx hasn't replied and he has given me permission to take over his logs if he hasn't replied, I'll help you. :)

First, I must warn you-there is a lot of infection showing in your log. One of these is a password stealing trojan. I strongly recommend you change all your passwords to all online accounts.

---------------------------------------------------------------------------------------------------------------
Please download SDFix and save it to the desktop.
Double click SDFix.exe and it will extract the files to C:\SDFix

Note: Print or copy these instructions to Notepad and save them. You will be in safe mode and can't access the internet.

* Restart your computer in Safe Mode (upon boot press F8, select "Safe Mode" from the menu and press Enter)
* Open the SDFix folder and double-click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Restart in normal mode.
Please post back with the contents of Report.txt and a new HijackThis log.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
falconv8
Suspended due to non-functional email address
_ 		12. December 2006 @ 03:03 _ Link to this message    Send private message to this user   
Hey,

I tried deleting the chinese navigation in HijackThis, but it made it way back? :S

SDFix


SDFix: Version 1.46
****************

Tue 12/12/2006 - 23:52:32.20

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking For Trojan Services...

Service Name:


File Path:



Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------

C:\WINDOWS\csrss.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\system32\0.txt
C:\WINDOWS\system32\wdfmgr32.exe

Backing Up and Removing any Files Found...

Final Check:

Services:
---------


Authorized Applications Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Disabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Disabled:avginet.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\WINDOWS\\system32\\wbem\\lsass.exe"="C:\\WINDOWS\\system32\\wbem\\lsass.exe:*:Enabled:Generic Hosts for WinService"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Files:
------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\Program Files\Internet Explorer\Connection Wizard\isignup.dll
C:\WINDOWS\system32\ACSs.dll
C:\WINDOWS\system32\Nwsapagent.dll
C:\WINDOWS\system32\sdmAgent20.dll
C:\Program Files\iolo\System Mechanic Professional 6\unins000.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys

FINISHED!




HijackThis


Logfile of HijackThis v1.99.1
Scan saved at 11:58:40 PM, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Default\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 7333.5009.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.qu123.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O1 - Hosts: 203.191.146.205 www.9505.com
O1 - Hosts: 203.191.146.205 9505.com
O1 - Hosts: 203.191.146.205 7939.com
O1 - Hosts: 203.191.146.205 www.7939.com
O1 - Hosts: 203.191.146.205 www.3448.com
O1 - Hosts: 203.191.146.205 3448.com
O1 - Hosts: 203.191.146.205 8925.com
O1 - Hosts: 203.191.146.205 www.8925.com
O1 - Hosts: 203.191.146.205 www.ttmp3.com
O1 - Hosts: 203.191.146.205 ttmp3.com
O1 - Hosts: 203.191.146.205 www.3tg.cn
O1 - Hosts: 203.191.146.205 3tg.cn
O1 - Hosts: 203.191.146.205 123wa.com
O1 - Hosts: 203.191.146.205 www.123wa.com
O1 - Hosts: 203.191.146.205 www.159.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNNIC ÍøÂ繤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [wdfmgr32.exe] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1164786513515
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSec.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Medie Sariel Number Service - Conexant - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



Thanks Heaps!
[ + quote]
Niobis
Senior Member
_ 		12. December 2006 @ 10:53 _ Link to this message    Send private message to this user   
Download The Hoster and unzip it to your desktop.

Next, open the Hoster
Make sure that the "make hosts writable?" button in the upper right corner is checked
Now, click on 'back up Host files'
then click on 'Restore orginal host files'
Finally, close the hoster.

Go here to download the trial version of AVG Anti-spyware.
Install and open AVGAS.
Click "Update" then click "Start update".
After updating, close AVGAS. We will run the scan in safe mode.


Go here and download CCleaner.
Note: If you do not want Yahoo! Toolbar uncheck the option when installing.
Open CCleaner.
Click Options > Advance > uncheck "Only delete files in Windows Temp folders older than 48 hours".
Do not run CCleaner yet, we will in safe mode later.


Next, run a scan only with HijackThis, check these. Close all windows except HijackThis before clicking "Fix checked".

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 7333.5009.cn
O2 - BHO: CNNIC ÍøÂ繤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [wdfmgr32.exe] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSec.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll

Close HijackThis.
Go to Start > Run > type services.msc
Locate the following and double-click it to open.
Medie Sariel Number Service
Beside "Startup type" click the drop-down menu and select "Disabled".
Close Services.

Note: Print or copy these instructions to Notepad and save them. You will be in safe mode later and can't access the internet.
To reboot your computer in Safe Mode: upon boot press F8, select "Safe Mode" from the menu and press Enter.

Open HiackThis.
Click "Open the misc tools section".
Click "Delete an NT service".
Copy/paste this into the area and click OK.
You will be prompted to restart, click Yes and restart in Safe Mode.
O23 - Service: Medie Sariel Number Service - Conexant - (no file)


In safe mode:
Show hidden files and folders.
Start > Control Panel > Folder Options > View tab > check "Show hidden files and folders".
Click Apply, then OK.

Locate and delete these(if there):

C:\WINDOWS\system32\wdfmgr32.exe <--file
C:\Program Files\vision <--folder
C:\Program Files\CNNIC <--folder
C:\WINDOWS\system32\reporter.dll <--file
C:\WINDOWS\system32\PvSec.dll <--file

Empty the Recycle Bin.

Close all windows.
Open CCleaner.
Click Run Cleaner.

Open AVGAS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report" and save it to the desktop.
Close AVGAS and restart in normal mode.

Please post back with the AVGAS report and a new HijackThis log.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
falconv8
Suspended due to non-functional email address
_ 		12. December 2006 @ 19:36 _ Link to this message    Send private message to this user   
Hey,

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:28:39 PM 13/12/2006

+ Scan result:



C:\Documents and Settings\Default\Desktop\backups\backup-20061211-230344-250.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\Documents and Settings\Default\Desktop\backups\backup-20061211-230402-945.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\Documents and Settings\Default\Desktop\backups\backup-20061211-230404-945.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\Program Files\Common Files\CPUSH\cpush0.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002705.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\A0002779.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004766.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008962.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0009036.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\snapshot\MFEX-4.DAT -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0011260.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0014110.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ad812.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\Documents and Settings\Default\Desktop\backups\backup-20061213-153041-496.dll -> Adware.Boran : Cleaned with backup (quarantined).
C:\Program Files\vision\vision.dll -> Adware.Boran : Cleaned with backup (quarantined).
C:\Program Files\vision\visver.dll -> Adware.Boran : Cleaned with backup (quarantined).
C:\~deE.tmp -> Adware.Boran : Cleaned with backup (quarantined).
C:\Documents and Settings\Default\Desktop\backups\backup-20061213-153041-135.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002707.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002708.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\A0002742.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\A0002775.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\A0002776.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP12\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP13\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP14\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP15\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP16\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP17\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\A0003021.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\A0003073.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003164.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003169.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003175.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003184.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003185.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003188.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003300.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003306.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003307.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003308.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003310.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003359.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003364.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003370.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003379.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003380.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003383.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003496.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003502.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003503.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003504.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003584.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003586.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003587.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003593.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003594.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003595.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004746.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004747.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004763.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004764.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006862.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006868.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006874.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006883.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006884.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006887.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006898.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006899.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006900.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006902.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007877.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007878.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007879.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008965.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008967.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008973.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008974.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008975.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008978.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0009013.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\snapshot\MFEX-3.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011108.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011113.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011119.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011128.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011129.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011132.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012265.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012270.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012271.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012272.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012274.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012303.dll/{48A53CEB-AD6E-4CF3-B6AA-1F0B1441B202}.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012313.dll/{6346B0FF-B61E-4761-B565-30FCB8087B03}.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012317.exe/{731D1AE3-2282-43CD-9BEB-29734AEE9110}.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012319.exe/{76CE5CB4-4EAE-4B59-9E20-99F3FD4D7C79}.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012327.dll/{AB0351DC-B6B4-403E-9E0E-2B66F0BC0EEE}.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012334.dll/{D6CA453E-74F8-4EE3-883D-77DBED9AD492}.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012382.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012387.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012393.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012402.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012403.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012406.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0012839.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0012843.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0012849.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0013978.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0013980.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0013986.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0013998.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014004.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014005.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014006.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014038.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014043.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014049.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014058.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014059.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014062.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014072.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014078.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014079.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014080.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015120.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015125.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015131.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015140.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015141.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015144.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015155.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015161.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015162.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015163.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015249.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015254.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015260.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015269.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015270.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015273.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015338.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015370.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015371.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015378.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015386.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015387.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cdnns.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003173.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003314.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003368.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003510.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004754.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006872.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011117.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012278.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012304.dll/{497FF2AB-8924-4D59-BAD8-E8C338A92DC6}.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012324.dll/{9C804553-9965-4AEE-BADD-2D0D5766F6A9}.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012329.exe/{AD82DC11-4444-4876-BB46-0C711E11164D}.exe -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012391.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014012.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014047.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014086.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015129.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015168.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015258.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015376.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008958.dll -> Adware.Cinmus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012294.exe/{09B37130-645D-4222-B11E-C9AE44ABD5DE}.exe -> Adware.Cinmus : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6671A431-5C3D-463d-A7CF-5587F9B7E191} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1606980848-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6671A431-5C3D-463D-A7CF-5587F9B7E191} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002700.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002701.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002702.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\A0003069.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\A0003070.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\A0003071.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012458.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012459.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012460.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015329.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015330.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__a_c_s_s_._d_l_l_ -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__n_w_s_a_p_a_g_e_n_t_._d_l_l_ -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sdmAgent20.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sdmAgent23.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015367.dll -> Adware.Ncast : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\amdk5.sys -> Adware.Ncast : Cleaned with backup (quarantined).
C:\WINDOWS\system\cmmd.dll -> Adware.NewWeb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SafeHelper12.dll -> Adware.SafeHelp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002696.dll -> Adware.Sogou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0009014.dll -> Adware.Sogou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003139.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0008858.dll -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0008859.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0008860.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012307.exe/{5552891C-61B1-4B77-990A-D1CFE358850F}.exe/DeskUn.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012307.exe/{5552891C-61B1-4B77-990A-D1CFE358850F}.exe/Mrup.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012307.exe/{5552891C-61B1-4B77-990A-D1CFE358850F}.exe/deskipn.dll.zgx -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012412.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012413.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012451.dll -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003137.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003138.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007886.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007887.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012307.exe/{5552891C-61B1-4B77-990A-D1CFE358850F}.exe/Run.dll.zgx -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012307.exe/{5552891C-61B1-4B77-990A-D1CFE358850F}.exe/fshook.dll.zgx -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012452.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012453.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002672.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002681.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\A0002774.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0009033.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0011258.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015331.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\WINDOWS\system32\NTWorkStan.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__a_d_v_w_h_e_s_._d_l_l_ -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/wdfmgr32.exe -> Downloader.Cryptic.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015217.exe -> Downloader.Cryptic.f : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnttech.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012310.sys/{58E849AE-4750-46E3-B5C0-C84BFA6F6A6C}.sys -> Downloader.Small.npa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012318.sys/{74D6C0CD-7995-4784-8643-C44157669AC5}.sys -> Downloader.Small.npa : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W9AF0T67\sna[1].exe -> Dropper.Agent.azw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015322.sys -> Rootkit.Agent.cq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012297.exe/{156E98B1-3ADA-4476-8738-A2F6689D2853}.exe -> Rootkit.Vanti.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012320.dll/{88CBC595-83EB-4B24-BAB4-1C5E163446DE}.dll -> Rootkit.Vanti.eo : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Cookies\default@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\NetworkService\Cookies\default@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0010024.dll -> Trojan.Delf.tf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011133.dll -> Trojan.Delf.tf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0012708.exe/{221104B5-CE53-4FDB-A834-C0AFD5FD9BF6}.exe -> Trojan.Delf.tf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0012724.exe/{F44E76EC-CB63-4F6E-8CB7-525409CAD04B}.exe -> Trojan.Delf.tf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006892.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007868.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007870.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0008874.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0008895.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0009045.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011087.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0011240.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012240.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012257.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012376.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012407.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP37\A0012546.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).


::Report end









Logfile of HijackThis v1.99.1
Scan saved at 3:28:21 PM, on 13/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Default\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 7333.5009.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.qu123.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O1 - Hosts: 203.191.146.205 www.9505.com
O1 - Hosts: 203.191.146.205 9505.com
O1 - Hosts: 203.191.146.205 7939.com
O1 - Hosts: 203.191.146.205 www.7939.com
O1 - Hosts: 203.191.146.205 www.3448.com
O1 - Hosts: 203.191.146.205 3448.com
O1 - Hosts: 203.191.146.205 8925.com
O1 - Hosts: 203.191.146.205 www.8925.com
O1 - Hosts: 203.191.146.205 www.ttmp3.com
O1 - Hosts: 203.191.146.205 ttmp3.com
O1 - Hosts: 203.191.146.205 www.3tg.cn
O1 - Hosts: 203.191.146.205 3tg.cn
O1 - Hosts: 203.191.146.205 123wa.com
O1 - Hosts: 203.191.146.205 www.123wa.com
O1 - Hosts: 203.191.146.205 www.159.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNNIC ÍøÂ繤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [wdfmgr32.exe] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1164786513515
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSed.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Medie Sariel Number Service - Conexant - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe





Thanks Heaps!
[ + quote]
Niobis
Senior Member
_ 		12. December 2006 @ 21:42 _ Link to this message    Send private message to this user   
The last two HijackThis scans were run from safe mode. Please run all HijackThis scans in normal mode.

Please post a new HijackThis log from normal mode.

Edited since you posted at the same time I edited first time. :)
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 12. December 2006 @ 21:55
falconv8
Suspended due to non-functional email address
_ 		12. December 2006 @ 21:45 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 6:45:38 PM, on 13/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Default\Desktop\Virus-Spyware Fixers\HijackThis_v1.99.1.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.qu123.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O1 - Hosts: 203.191.146.205 www.9505.com
O1 - Hosts: 203.191.146.205 9505.com
O1 - Hosts: 203.191.146.205 7939.com
O1 - Hosts: 203.191.146.205 www.7939.com
O1 - Hosts: 203.191.146.205 www.3448.com
O1 - Hosts: 203.191.146.205 3448.com
O1 - Hosts: 203.191.146.205 8925.com
O1 - Hosts: 203.191.146.205 www.8925.com
O1 - Hosts: 203.191.146.205 www.ttmp3.com
O1 - Hosts: 203.191.146.205 ttmp3.com
O1 - Hosts: 203.191.146.205 www.3tg.cn
O1 - Hosts: 203.191.146.205 3tg.cn
O1 - Hosts: 203.191.146.205 123wa.com
O1 - Hosts: 203.191.146.205 www.123wa.com
O1 - Hosts: 203.191.146.205 www.159.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1164786513515
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
[ + quote]
Niobis
Senior Member
_ 		12. December 2006 @ 22:11 _ Link to this message    Send private message to this user   
Open the Hoster.
Click on 'back up Host files'
Click 'Restore Microsoft's host files'.
Close the Hoster.

Run a scan only with HjT, check these:

O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll

Close all other windows before clicking "Fix checked".


Locate and delete these: (if access is denied delete them in safe mode)
C:\Program Files\vision <--folder
C:\WINDOWS\system32\reporter.dll <--file

Empty the Recycle Bin and restart your computer.

Next, go here to run Kaspersky Online Scanner.
After downloading, click "My Computer" to scan.
After scanning, click "Save report as".
Save as a text file on the desktop.

Then, run ComboFix again to get a new log.

Please post back with the Kaspersky log, the ComboFix log and a new HijackThis log.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
falconv8
Suspended due to non-functional email address
_ 		12. December 2006 @ 22:17 _ Link to this message    Send private message to this user   
I try to Restore Microsoft's Original Files on Hoster, and it says:
"ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\\ETC\hosts

???
[ + quote]
Niobis
Senior Member
_ 		12. December 2006 @ 22:32 _ Link to this message    Send private message to this user   
Okay, let's try this.
Open the Hoster.
In the left window select any host with the IP of
202.109.114.142
or
203.191.146.205
Select them one at a time and click "Delete selected line" for each one.
Do not delete any others!
Then, click "Restore Microsoft's Host file"
If same error, just continue with the instructions.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
falconv8
Suspended due to non-functional email address
_ 		12. December 2006 @ 22:36 _ Link to this message    Send private message to this user   
It says the same message when I click delete selected line...

I will continue on

Thanks
[ + quote]
falconv8
Suspended due to non-functional email address
_ 		12. December 2006 @ 22:42 _ Link to this message    Send private message to this user   
I delete Vision and reporter.dll, but they just keep on coming back... Literally a second later?
[ + quote]
Niobis
Senior Member
_ 		13. December 2006 @ 17:22 _ Link to this message    Send private message to this user   
First, I want to thank you for be patient with me. :) This isn't the easiest infection to rid. But as long as you won't give up, I won't quit until I know you're clean.

Please post a new HijackThis log and I will continue to further my research about this Chinese infection.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
falconv8
Suspended due to non-functional email address
_ 		13. December 2006 @ 19:05 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 4:04:56 PM, on 14/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Default\Desktop\Virus-Spyware Fixers\HijackThis_v1.99.1.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.qu123.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O1 - Hosts: 203.191.146.205 www.9505.com
O1 - Hosts: 203.191.146.205 9505.com
O1 - Hosts: 203.191.146.205 7939.com
O1 - Hosts: 203.191.146.205 www.7939.com
O1 - Hosts: 203.191.146.205 www.3448.com
O1 - Hosts: 203.191.146.205 3448.com
O1 - Hosts: 203.191.146.205 8925.com
O1 - Hosts: 203.191.146.205 www.8925.com
O1 - Hosts: 203.191.146.205 www.ttmp3.com
O1 - Hosts: 203.191.146.205 ttmp3.com
O1 - Hosts: 203.191.146.205 www.3tg.cn
O1 - Hosts: 203.191.146.205 3tg.cn
O1 - Hosts: 203.191.146.205 123wa.com
O1 - Hosts: 203.191.146.205 www.123wa.com
O1 - Hosts: 203.191.146.205 www.159.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1164786513515
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
[ + quote]
Niobis
Senior Member
_ 		14. December 2006 @ 01:42 _ Link to this message    Send private message to this user   
Okay, please run ComboFix again to get a new log and post it. We need to get rid of all the registry entries created by this infection.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
falconv8
Suspended due to non-functional email address
_ 		14. December 2006 @ 19:20 _ Link to this message    Send private message to this user   
Default - 06-12-15 16:17:47.42 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Default\Desktop\Virus-Spyware Fixers"

((((((((((((((((((((((((((((((( Files Created from 2006-11-15 to 2006-12-15 ))))))))))))))))))))))))))))))))))


2006-12-15 16:08 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-14 19:37 <DIR> d-------- C:\WINDOWS\system32\DRM
2006-12-14 19:36 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-14 19:36 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-14 19:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-14 19:34 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-14 19:21 60,416 --------- C:\WINDOWS\system32\tzchange.exe
2006-12-14 19:11 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-12-14 19:11 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-12-14 19:11 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2006-12-13 19:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-12-13 16:37 23,040 --a------ C:\WINDOWS\system32\reporter.dll
2006-12-13 15:46 <DIR> dr-h----- C:\Documents and Settings\Default\Recent
2006-12-13 15:45 <DIR> d-------- C:\Program Files\CCleaner
2006-12-13 15:37 61,440 --a------ C:\WINDOWS\system32\advwhes.dll
2006-12-13 15:19 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-13 15:16 36,864 --a------ C:\WINDOWS\system32\PvSed.dll
2006-12-12 23:13 <DIR> d-------- C:\SDFix
2006-12-10 18:39 2,346 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-10 18:26 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-10 18:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-10 18:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-10 18:26 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-10 18:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-10 18:26 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-10 00:00 <DIR> d-------- C:\WINDOWS\temp
2006-12-09 23:45 <DIR> d-------- C:\WINDOWS\pss
2006-12-09 11:15 <DIR> d-------- C:\WINDOWS\system32\ContentTemp
2006-12-09 11:09 29,696 --a------ C:\WINDOWS\system32\wmpkn.dll
2006-12-09 11:04 27,648 --a------ C:\WINDOWS\system32\tpnet.dll
2006-12-09 11:03 10,752 --a------ C:\WINDOWS\system32\filter.dll
2006-12-09 11:03 10,447 --a------ C:\WINDOWS\system32\drivers\LanPort.sys
2006-12-07 18:11 28,672 --a------ C:\WINDOWS\system32\drivers\00003a52.SYS
2006-12-07 18:11 <DIR> d-------- C:\Program Files\vision
2006-12-05 16:54 <DIR> d-------- C:\Program Files\LimeWire
2006-12-05 15:50 9,651 --a------ C:\WINDOWS\system32\drivers\parcls.sys
2006-12-03 12:37 160,384 --a------ C:\WINDOWS\system32\drivers\cdnprot.sys
2006-12-03 00:33 <DIR> d-------- C:\Documents and Settings\Default\Incomplete
2006-12-03 00:33 <DIR> d-------- C:\Documents and Settings\Default\.limewire
2006-12-03 00:30 <DIR> d-------- C:\Program Files\Java
2006-12-03 00:27 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-02 23:34 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-02 21:53 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-02 21:53 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-02 21:53 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-02 21:53 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-02 21:53 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-02 21:52 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-02 21:52 61,440 -ra------ C:\WINDOWS\ov519dib.dll
2006-12-02 21:52 40,960 -ra------ C:\WINDOWS\system32\ov519ext.dll
2006-12-02 21:52 40,960 -ra------ C:\WINDOWS\CleanDev.exe
2006-12-02 21:52 32,528 -ra------ C:\WINDOWS\amcap.exe
2006-12-02 21:52 307,200 -ra------ C:\WINDOWS\vidcap32.exe
2006-12-02 21:52 25,211 -ra------ C:\WINDOWS\system32\drivers\ov519cmd.sys
2006-12-02 21:52 200,704 -ra------ C:\WINDOWS\sel3110.exe
2006-12-02 21:52 174,530 -ra------ C:\WINDOWS\system32\drivers\ov519vid.sys
2006-12-02 21:52 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-02 21:52 16,426 -ra------ C:\WINDOWS\system32\ov519usd.dll
2006-12-02 21:52 135,168 -ra------ C:\WINDOWS\ov519cap.exe
2006-12-02 21:52 <DIR> d-------- C:\WINDOWS\OvtCam
2006-12-01 17:51 376 --a------ C:\WINDOWS\system32\innvusmb32.dll
2006-11-30 17:03 <DIR> d-------- C:\WINDOWS\Download
2006-11-30 17:01 <DIR> d-------- C:\WINDOWS\Intel
2006-11-30 16:57 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-29 19:22 <DIR> d-------- C:\Documents and Settings\Default\Application Data\InterVideo
2006-11-28 20:07 8,699 --a------ C:\WINDOWS\system32\drivers\hdfs.sys
2006-11-28 20:07 8,477 --------- C:\WINDOWS\system32\drivers\amdk5.sys
2006-11-27 21:39 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-27 21:39 <DIR> d-------- C:\Program Files\InterVideo
2006-11-27 21:38 9,088 --------- C:\WINDOWS\system32\drivers\bsstor.sys
2006-11-27 21:38 716,800 --------- C:\WINDOWS\NuNInst.exe
2006-11-27 21:38 333,184 --------- C:\WINDOWS\system32\drivers\bsudf.sys
2006-11-27 21:37 610,304 --------- C:\WINDOWS\UNNMP.exe
2006-11-27 21:35 <DIR> d-------- C:\Program Files\ahead
2006-11-27 21:34 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-11-27 19:57 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2006-11-27 19:57 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2006-11-27 19:57 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2006-11-27 19:57 1,212,928 --a------ C:\WINDOWS\system32\Incinerator.dll
2006-11-27 19:57 <DIR> d-------- C:\Program Files\iolo
2006-11-26 23:18 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-26 19:26 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-11-26 18:21 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2006-11-26 18:20 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-26 18:20 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-26 18:19 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-26 18:17 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-26 18:17 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-26 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-26 10:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Help
2006-11-26 10:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2006-11-25 21:34 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-11-25 03:57 14,822 --a------ C:\WINDOWS\system32\drivers\cdntran.sys
2006-11-25 02:01 <DIR> d-------- C:\Program Files\Eyetoy Drivers
2006-11-25 01:32 <DIR> d-------- C:\WINDOWS\eyetoy
2006-11-25 01:32 <DIR> d-------- C:\Program Files\Eyetoy
2006-11-25 01:20 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-11-23 23:36 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-23 21:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-23 21:45 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Macromedia
2006-11-23 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-23 21:39 32,512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2006-11-23 21:37 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Lavasoft
2006-11-23 21:20 552 --a------ C:\WINDOWS\system32\nrssvd32.dll
2006-11-23 21:20 <DIR> d-------- C:\WINDOWS\system32\drivers\etcdr
2006-11-23 21:19 29 --a------ C:\WINDOWS\system32\vdmop.dll
2006-11-23 21:19 22 --a------ C:\WINDOWS\system32\wmsnds32.dll
2006-11-23 21:19 <DIR> d-------- C:\WINDOWS\system32\MicShExts
2006-11-23 21:19 <DIR> d-------- C:\Program Files\Common Files\CPUSH
2006-11-23 21:19 <DIR> d-------- C:\Downloads
2006-11-23 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2006-11-23 21:01 <DIR> d-------- C:\Program Files\Common Files\HP
2006-11-23 20:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
2006-11-23 20:58 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-11-23 20:57 <DIR> dr--s---- C:\WINDOWS\assembly
2006-11-23 20:57 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2006-11-23 20:57 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2006-11-23 20:54 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2006-11-23 20:54 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2006-11-23 20:54 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2006-11-23 20:54 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2006-11-23 20:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-11-23 20:54 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2006-11-23 20:54 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2006-11-23 20:47 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2006-11-23 20:47 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2006-11-23 20:46 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2006-11-23 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-23 20:22 <DIR> d--h----- C:\Config.Msi
2006-11-23 20:13 <DIR> d-------- C:\Program Files\HP
2006-11-23 20:10 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-23 20:10 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-23 20:10 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-23 20:10 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-23 20:10 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-23 20:10 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-23 20:10 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-23 20:10 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-23 20:10 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-11-23 20:10 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-23 20:10 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-23 20:10 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-23 20:09 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-11-23 20:09 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-23 20:09 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2006-11-23 20:09 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-23 20:09 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2006-11-23 20:09 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-23 20:09 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2006-11-23 20:09 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2006-11-23 20:09 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-23 20:09 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-11-23 20:09 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-23 20:09 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2006-11-23 20:08 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
2006-11-23 20:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-23 20:08 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-23 20:08 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-23 20:08 <DIR> d--hs---- C:\WINDOWS\Installer
2006-11-23 20:07 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-11-23 20:07 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-11-23 20:07 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-11-23 20:07 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-11-23 20:07 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-23 20:07 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-11-23 20:07 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-23 20:07 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-11-23 20:07 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-11-23 20:07 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-11-23 20:07 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-11-23 20:07 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-11-23 20:07 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-11-23 20:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-23 20:07 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-11-23 20:07 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-11-23 20:07 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-11-23 20:07 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-23 20:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-23 20:07 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-11-23 20:07 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-23 20:07 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-11-23 20:07 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-11-23 20:07 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-11-23 20:07 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-11-23 20:07 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-11-23 20:07 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-11-23 20:07 <DIR> d-a------ C:\Program Files\Common Files\..
2006-11-23 20:07 <DIR> d-a------ C:\Program Files\.
2006-11-23 20:07 <DIR> d-a------ C:\Program Files
2006-11-23 20:07 <DIR> d--hs---- C:\Program Files\..
2006-11-23 20:07 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-11-23 20:07 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-23 20:07 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-23 20:07 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\.
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-11-23 20:06 <DIR> d--hs---- C:\System Volume Information
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings
2006-11-23 20:01 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-11-23 20:01 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-11-23 20:01 <DIR> dr------- C:\WINDOWS\Web
2006-11-23 20:01 <DIR> d--hs---- C:\WINDOWS\..
2006-11-23 20:01 <DIR> d--h----- C:\WINDOWS\inf
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\WinSxS
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\twain_32
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\wins
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\spool
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ras
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\npp
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\mui
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\IME
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ias
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\export
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\config
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\3076
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\2052
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1054
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1042
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1041
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1037
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1033
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1031
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1028
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1025
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\security
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Resources
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\repair
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Provisioning
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\PeerNet
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\pchealth
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\mui
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\msapps
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\msagent
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Media
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\java
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\ime
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Help
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Debug
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Cursors
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Config
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\AppPatch
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\addins
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS
2006-11-23 19:59 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-23 19:54 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-11-23 19:54 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-11-23 19:54 <DIR> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-23 19:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2006-11-23 19:53 <DIR> d-------- C:\Program Files\Microsoft Office
2006-11-23 19:32 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AdobeUM
2006-11-23 19:32 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AdobeAUM
2006-11-23 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-11-23 19:07 <DIR> d-------- C:\Program Files\Adobe
2006-11-23 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-23 19:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-11-23 19:06 <DIR> d-------- C:\Program Files\Yahoo!
2006-11-23 19:00 <DIR> d-------- C:\Program Files\iTunes
2006-11-23 19:00 <DIR> d-------- C:\Program Files\iPod
2006-11-23 19:00 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Apple Computer
2006-11-23 18:59 <DIR> d-------- C:\Program Files\QuickTime
2006-11-23 18:59 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-23 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-23 18:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-11-23 18:47 <DIR> d-------- C:\Documents and Settings\Default\Contacts
2006-11-23 18:46 <DIR> d-------- C:\Program Files\MSN Messenger
2006-11-23 18:42 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-11-23 18:42 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Adobe
2006-11-23 18:32 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-23 18:32 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-23 18:23 <DIR> d--hs---- C:\RECYCLER
2006-11-23 18:01 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-23 18:00 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-11-23 17:59 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-11-23 09:49 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-23 09:49 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-23 09:49 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-23 09:49 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-23 09:49 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-23 09:49 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-23 09:49 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-11-23 09:49 <DIR> d-------- C:\Program Files\Grisoft
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AVG7
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-11-23 09:47 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-23 09:45 6,016 -ra------ C:\WINDOWS\system32\ntsim.sys
2006-11-23 09:45 40,960 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2006-11-23 09:43 <DIR> d-------- C:\Rhine
2006-11-23 09:42 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-23 09:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\SendTo
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\Application Data\.
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\Application Data
2006-11-23 09:23 <DIR> dr------- C:\Documents and Settings\Default\Start Menu
2006-11-23 09:23 <DIR> dr------- C:\Documents and Settings\Default\Favorites
2006-11-23 09:23 <DIR> d--hs---- C:\Documents and Settings\Default\Cookies
2006-11-23 09:23 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\Templates
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\PrintHood
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\NetHood
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\Local Settings
2006-11-23 09:23 <DIR> d---s---- C:\Documents and Settings\Default\Application Data\Microsoft
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\My Documents
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Desktop
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Identities
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\..
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\..
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\.
2006-11-23 09:21 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-11-23 09:20 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-23 09:20 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-23 09:17 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-23 09:17 0 -rahs---- C:\MSDOS.SYS
2006-11-23 09:17 0 -rahs---- C:\IO.SYS
2006-11-23 09:17 0 --a------ C:\CONFIG.SYS
2006-11-23 09:17 0 --a------ C:\AUTOEXEC.BAT
2006-11-23 09:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-23 09:17 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-11-23 09:17 <DIR> d-------- C:\Program Files\xerox
2006-11-23 09:17 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-11-23 09:16 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-11-23 09:16 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-11-23 09:16 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-11-23 09:16 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-11-23 09:15 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-23 09:15 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-23 09:15 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-11-23 09:15 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-23 09:15 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-23 09:15 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-11-23 09:15 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-23 09:15 679,424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-23 09:15 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-23 09:15 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-23 09:15 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-23 09:15 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-23 09:15 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-11-23 09:15 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-23 09:15 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-23 09:15 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-23 09:15 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-23 09:15 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-23 09:15 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-23 09:15 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-23 09:15 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-23 09:15 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-23 09:15 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-23 09:15 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-23 09:15 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-23 09:15 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-23 09:15 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-23 09:15 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-23 09:15 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-11-23 09:15 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-23 09:15 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-23 09:15 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-23 09:15 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-23 09:15 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-23 09:15 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-23 09:15 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-11-23 09:15 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-23 09:15 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-23 09:15 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-23 09:15 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-23 09:15 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-23 09:15 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-23 09:15 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-23 09:15 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-11-23 09:15 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-23 09:15 <DIR> d---s---- C:\WINDOWS\Tasks
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\srchasst
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Outlook Express
2006-11-23 09:15 <DIR> d-------- C:\Program Files\NetMeeting
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Movie Maker
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Internet Explorer
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\System
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\Services
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-11-23 09:14 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-23 09:14 <DIR> d-------- C:\WINDOWS\Registration
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Windows Media Player
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Online Services
2006-11-23 09:14 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Messenger
2006-11-23 09:14 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-11-23 09:13 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-23 09:13 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-23 09:13 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-23 09:13 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-23 09:13 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-23 09:13 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-23 09:13 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-23 09:13 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-23 09:13 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-23 09:13 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-23 09:13 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-23 09:13 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-23 09:13 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-23 09:13 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-23 09:13 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-23 09:13 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-23 09:13 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-23 09:13 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-23 09:13 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-23 09:13 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-23 09:13 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-23 09:13 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-23 09:13 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-23 09:13 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-23 09:13 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-23 09:13 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-23 09:13 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-23 09:13 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-23 09:13 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-23 09:13 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-23 09:13 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-23 09:13 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-23 09:13 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-23 09:13 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-23 09:13 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-23 09:13 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-11-23 09:13 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-23 09:13 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-23 09:13 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-23 09:13 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-23 09:13 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-23 09:13 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-23 09:13 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-23 09:13 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-23 09:13 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-23 09:13 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-11-23 09:13 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-23 09:13 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-23 09:13 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-23 09:13 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-23 09:13 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-23 09:13 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-23 09:13 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-23 09:13 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-23 09:13 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-23 09:13 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-23 09:13 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-23 09:13 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-23 09:13 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-23 09:13 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-23 09:13 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-23 09:13 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-23 09:13 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-23 09:13 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-23 09:13 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-23 09:13 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-11-23 09:13 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-23 09:13 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-23 09:13 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-23 09:13 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-23 09:13 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-23 09:13 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-23 09:13 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-23 09:13 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-23 09:13 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-23 09:13 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-23 09:13 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-23 09:13 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-23 09:13 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-23 09:13 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-23 09:13 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-11-23 09:13 <DIR> d-------- C:\WINDOWS\system32\Com
2006-11-23 09:13 <DIR> d-------- C:\Program Files\Windows NT
2006-11-23 09:13 <DIR> d-------- C:\Program Files\MSN


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"sdmmrnm"="D;]XJOEPXT]ufnq]te264/fyf"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{78BF3960-61F0-4F4E-825D-3554FA61E847}"="Windows Media Player ºËÐÄÔ¤¼ÓÔسÌÐò"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{6E44887F-5214-41F2-AB46-4728735C4CC6}"=""
"{1A404685-7563-4d02-B0F6-58B308A406A9}"=""
"{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}"=""
"{B876D045-E0B1-4E79-9359-0B1BF00813EA}"="Media Filter"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"csrss"="C:\\WINDOWS\\csrss.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"csrss"="C:\\WINDOWS\\csrss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"NetWork"="{FC055E7D-8144-4706-8586-2F1C49FCDD2A}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\amdk5
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hdfs
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\LanPort
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\parcls

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-15 16:19:13.04
C:\ComboFix.txt ... 06-12-15 16:19
C:\ComboFix2.txt ... 06-12-10 18:40
C:\ComboFix3.txt ... 06-12-10 00:02
[ + quote]
falconv8
Suspended due to non-functional email address
_ 		20. December 2006 @ 01:48 _ Link to this message    Send private message to this user   
help anyone???
[ + quote]
Niobis
Senior Member
_ 		21. December 2006 @ 11:56 _ Link to this message    Send private message to this user   
Hi,

I'm so sorry falconv8! I quit helping here for a while and haven't been able to help anyone. I know I left a lot of people hanging, and for this I deeply apologize to you and everyone! I was just lurking around and I see this...

Please post a fresh HjT log since it's been so long and I'll try to get with this again. :-) I can't promise how often I can post, but I know I told I wouldn't give up until you're clean, and I plan on sticking to my word!
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
falconv8
Suspended due to non-functional email address
_ 		21. December 2006 @ 13:20 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 10:18:56 AM, on 22/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Default\Desktop\Virus-Spyware Fixers\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 7333.5009.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.qu123.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O1 - Hosts: 203.191.146.205 www.9505.com
O1 - Hosts: 203.191.146.205 9505.com
O1 - Hosts: 203.191.146.205 7939.com
O1 - Hosts: 203.191.146.205 www.7939.com
O1 - Hosts: 203.191.146.205 www.3448.com
O1 - Hosts: 203.191.146.205 3448.com
O1 - Hosts: 203.191.146.205 8925.com
O1 - Hosts: 203.191.146.205 www.8925.com
O1 - Hosts: 203.191.146.205 www.ttmp3.com
O1 - Hosts: 203.191.146.205 ttmp3.com
O1 - Hosts: 203.191.146.205 www.3tg.cn
O1 - Hosts: 203.191.146.205 3tg.cn
O1 - Hosts: 203.191.146.205 123wa.com
O1 - Hosts: 203.191.146.205 www.123wa.com
O1 - Hosts: 203.191.146.205 www.159.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1164786513515
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
[ + quote]
Niobis
Senior Member
_ 		21. December 2006 @ 14:03 _ Link to this message    Send private message to this user   
Now, where to start, lol. ;) I think it will be best if we start by deleting some registry keys to keep this infection from starting in safe mode(along with others). I'm not even going to try searching any files listed in the ComboFix log yet, it will be a waste of time for me until we remove others first.

Note about those hosts. I'm confused why The Hoster will not help here, so we'll try running it in safe mode and if that doesn't work, we'll just have HjT fix them and then you can then try restoring the originals.

--------------------------------------------------------------------------------------

Copy all the following bold text into Notepad(not Wordpad).

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"sdmmrnm"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6E44887F-5214-41F2-AB46-4728735C4CC6}"=-
"{1A404685-7563-4d02-B0F6-58B308A406A9}"=-
"{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"NetWork"=-

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\amdk5]

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hdfs]

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\parcls ]

Make sure there are no blank lines before REGEDIT4.
Name the file Fix.reg
Change the "Save as Type" to All Files and save it on the desktop.
Open the Fix.reg file and click Yes when prompted to merge.


Note: Print or copy these instructions, you'll be in safe mode.
Restart in safe mode.

Open AVGAS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report" and save it to the desktop.
Exit AVG AS.

Open the Hoster and try restoring original hosts again. If you receive the prompt again fix all 01 entires with HjT(in safe mode). After fixing, try restoring with the Hoster one more time.

Restart in normal mode.
Download Rootkit Revealer from here.
Create a new folder, named RKR, in C:\
Extract the files to the new folder.
Open RootkitRevealer.exe.
Close all other windows and click the "Scan".
Important: Leave the computer idle while the scan runs.
When the scan is finished, click File > Save... to save the text file to the C:\RKR\ folder.

Run ComboFix again to get a new log.

Post back with the AVG AS report, a new HijackThis log, the Rootkit Revealer log, and please post the ComboFix log in a separate reply.

Thank you for being patient and I apologize once again.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 21. December 2006 @ 14:05
falconv8
Suspended due to non-functional email address
_ 		22. December 2006 @ 03:03 _ Link to this message    Send private message to this user   
...Well the hosts couldnt be restored in Hoster. And access was denied in HjT....???
[ + quote]
Advertisement
_ 		__
 
_
Niobis
Senior Member
_ 		22. December 2006 @ 14:20 _ Link to this message    Send private message to this user   
Access was denied with HijackThis even in safe mode? Hmmm, that's strange. Just please continue with all the other instructions and I'll look into these hosts more. We sure do have our work cut out for us still yet. :) This may take a few weeks to fully clean and if you don't want to wait so long or if you feel more comfortable saving your files, reformatting your hard drive and reinstalling Windows, just let me know. But, I will research these hosts files for you tonight and I'll let you know what I've found out when you post the logs I requested.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
 
Page:12Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > virus... help needed
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork