PDA

View Full Version : Smithfraud Problem/MUTI POPUPS


ElloMate
2007-05-26, 14:42
I tried using Spybot, Ad-ware, CCleaner, Hjjack, VundoFix, AVG, but they still can't remove it. This a logfile on the Hjjack I scanned

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:42:18 AM, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\hijackthis\scanner.exe.exe

O2 - BHO: (no name) - {78CBFF0D-2AB9-4E7A-982D-75AFE3E5BB9D} - C:\WINDOWS\system32\sstqp.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 1382 bytes
ElloMate
2007-05-26, 17:21
VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 10:35:47 PM 25/05/2007

Listing files found while scanning....


VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 8:06:29 AM 26/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\dxlvsudq.dll
C:\WINDOWS\system32\gvwopxsr.ini
C:\WINDOWS\system32\kbbtgtmp.dll
C:\WINDOWS\system32\nbimjwor.dll
C:\WINDOWS\system32\pmtgtbbk.ini
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\qdusvlxd.ini
C:\WINDOWS\system32\rowjmibn.ini
C:\WINDOWS\system32\rsxpowvg.dll
C:\WINDOWS\system32\sstqp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dxlvsudq.dll
C:\WINDOWS\system32\dxlvsudq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gvwopxsr.ini
C:\WINDOWS\system32\gvwopxsr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kbbtgtmp.dll
C:\WINDOWS\system32\kbbtgtmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nbimjwor.dll
C:\WINDOWS\system32\nbimjwor.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmtgtbbk.ini
C:\WINDOWS\system32\pmtgtbbk.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\pqtss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\qdusvlxd.ini
C:\WINDOWS\system32\qdusvlxd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rowjmibn.ini
C:\WINDOWS\system32\rowjmibn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rsxpowvg.dll
C:\WINDOWS\system32\rsxpowvg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 10:45:52 AM 26/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\sstqp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.

Performing Repairs to the registry.
Done!
ElloMate
2007-05-26, 17:22
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:22:45 AM, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\VundoFix.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\hijackthis\HiJackThis_v2.exe

O2 - BHO: (no name) - {AAA3D9FC-22EC-40E5-BCE9-5B46EE5D35ED} - C:\WINDOWS\system32\sstqp.dll
O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\IVAN\Desktop\Spyware Programs\vundofix.exe"
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 1464 bytes
Mr_JAk3
2007-05-27, 12:05
Hello ElloMate and welcome to the Forums :)

Your log is quite short. Have you fixed something by yourself or have you whitelisted some entries?

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ElloMate
2007-05-27, 20:30
Scanning for infected files . . .
This typically doesn't take more than 10 minutes

Scan times for badly infected machines may easily double


"C:\DOCUME~1\IVAN\Desktop.\internet explorer.lnk"
"C:\WINDOWS\system32\vbzip11.dll"
C:\WINDOWS\system32\sbqvoaey.dll
Mr_JAk3
2007-05-28, 19:57
Please post the ComboFix log file to here :bigthumb:
ElloMate
2007-05-29, 23:32
"IVAN" - 2007-05-28 4:28:32 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\IVAN\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



Purity Folders:

C:\WINDOWS\system32\a?sembly
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\F?nts
C:\WINDOWS\system32\F?nts
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\s?curity
C:\WINDOWS\system32\S?mantec
C:\WINDOWS\system32\s?mbols
C:\WINDOWS\system32\s?stem
C:\WINDOWS\system32\s?stem32
C:\WINDOWS\system32\T?sks
C:\WINDOWS\system32\W?nSxS
C:\WINDOWS\system32\?dobe
C:\WINDOWS\system32\?ppPatch
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\?icrosoft.NET
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\?racle
C:\WINDOWS\system32\?asks
C:\WINDOWS\system32\T?sks
C:\WINDOWS\system32\?ecurity
C:\WINDOWS\system32\?ymantec
C:\WINDOWS\system32\?ymbols
C:\WINDOWS\system32\?ystem
C:\WINDOWS\system32\?ystem32
C:\WINDOWS\system32\s?curity
C:\WINDOWS\system32\S?mantec
C:\WINDOWS\system32\s?mbols
C:\WINDOWS\system32\s?stem
C:\WINDOWS\system32\s?stem32
C:\WINDOWS\system32\?dobe
C:\WINDOWS\system32\?ppPatch
C:\WINDOWS\system32\?ssembly
C:\WINDOWS\system32\a?sembly
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\?icrosoft.NET
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\?racle
C:\WINDOWS\system32\?asks
C:\WINDOWS\system32\T?sks
C:\WINDOWS\assembly
C:\WINDOWS\AppPatch
C:\WINDOWS\Fonts
C:\WINDOWS\Fonts
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\security
C:\WINDOWS\S?mantec
C:\WINDOWS\s?mbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\Tasks
C:\WINDOWS\WinSxS
C:\WINDOWS\?dobe
C:\WINDOWS\AppPatch
C:\WINDOWS\AppPatch
C:\WINDOWS\?icrosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\?racle
C:\WINDOWS\Tasks
C:\WINDOWS\Tasks
C:\WINDOWS\security
C:\WINDOWS\?ymantec
C:\WINDOWS\?ymbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\security
C:\WINDOWS\S?mantec
C:\WINDOWS\s?mbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\?dobe
C:\WINDOWS\AppPatch
C:\WINDOWS\assembly
C:\WINDOWS\assembly
C:\WINDOWS\AppPatch
C:\WINDOWS\?icrosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\?racle
C:\WINDOWS\Tasks
C:\WINDOWS\Tasks
C:\Program Files\Common Files\a?sembly
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\F?nts
C:\Program Files\Common Files\F?nts
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\s?curity
C:\Program Files\Common Files\S?mantec
C:\Program Files\Common Files\s?mbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\s?stem32
C:\Program Files\Common Files\T?sks
C:\Program Files\Common Files\W?nSxS
C:\Program Files\Common Files\?dobe
C:\Program Files\Common Files\?ppPatch
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\?icrosoft
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\?racle
C:\Program Files\Common Files\?asks
C:\Program Files\Common Files\T?sks
C:\Program Files\Common Files\?ecurity
C:\Program Files\Common Files\?ymantec
C:\Program Files\Common Files\?ymbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\?ystem32
C:\Program Files\Common Files\s?curity
C:\Program Files\Common Files\S?mantec
C:\Program Files\Common Files\s?mbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\s?stem32
C:\Program Files\Common Files\?dobe
C:\Program Files\Common Files\?ppPatch
C:\Program Files\Common Files\?ssembly
C:\Program Files\Common Files\a?sembly
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\?icrosoft
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\?racle
C:\Program Files\Common Files\?asks
C:\Program Files\Common Files\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\a?sembly
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\F?nts
C:\DOCUME~1\IVAN\APPLIC~1\F?nts
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\s?curity
C:\DOCUME~1\IVAN\APPLIC~1\S?mantec
C:\DOCUME~1\IVAN\APPLIC~1\s?mbols
C:\DOCUME~1\IVAN\APPLIC~1\s?stem
C:\DOCUME~1\IVAN\APPLIC~1\s?stem32
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\W?nSxS
C:\DOCUME~1\IVAN\APPLIC~1\?dobe
C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\?racle
C:\DOCUME~1\IVAN\APPLIC~1\?asks
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\?ecurity
C:\DOCUME~1\IVAN\APPLIC~1\?ymantec
C:\DOCUME~1\IVAN\APPLIC~1\?ymbols
C:\DOCUME~1\IVAN\APPLIC~1\?ystem
C:\DOCUME~1\IVAN\APPLIC~1\?ystem32
C:\DOCUME~1\IVAN\APPLIC~1\s?curity
C:\DOCUME~1\IVAN\APPLIC~1\S?mantec
C:\DOCUME~1\IVAN\APPLIC~1\s?mbols
C:\DOCUME~1\IVAN\APPLIC~1\s?stem
C:\DOCUME~1\IVAN\APPLIC~1\s?stem32
C:\DOCUME~1\IVAN\APPLIC~1\?dobe
C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
C:\DOCUME~1\IVAN\APPLIC~1\?ssembly
C:\DOCUME~1\IVAN\APPLIC~1\a?sembly
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\?racle
C:\DOCUME~1\IVAN\APPLIC~1\?asks
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
ElloMate
2007-05-29, 23:33
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))


2007-05-26 17:09 <DIR> d-------- C:\Program Files\Web Page Maker V2
2007-05-26 16:57 233,472 --a------ C:\WINDOWS\system32\Ilda32.dll
2007-05-26 09:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-26 07:16 1,092 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-26 07:11 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-26 07:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-26 07:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-25 19:35 <DIR> d-------- C:\VundoFix Backups
2007-05-22 18:08 <DIR> d-------- C:\Program Files\AxBx
2007-05-22 17:13 21,504 --a------ C:\WINDOWS\system32\1327502ld.exe
2007-05-21 10:47 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-05-21 08:09 <DIR> d-------- C:\Nexon
2007-05-21 06:35 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-20 12:38 0 -ra------ C:\logwmemory.bin
2007-05-19 16:03 22,016 --a------ C:\WINDOWS\system32\winsys32.dll
2007-05-19 14:29 <DIR> d---s---- C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft
2007-05-19 14:29 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2007-05-19 14:28 <DIR> d-------- C:\WINDOWS\system32\?ppPatch
2007-05-19 14:28 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
2007-05-19 14:27 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-05-19 14:26 <DIR> d-------- C:\WINDOWS\A?pPatch
2007-05-19 14:24 <DIR> d-------- C:\WINDOWS\system32\?asks
2007-05-19 14:23 <DIR> d-------- C:\WINDOWS\system32\?dobe
2007-05-19 14:23 <DIR> d-------- C:\Program Files\Common Files\T?sks
2007-05-19 14:23 <DIR> d-------- C:\Program Files\Common Files\?ecurity
2007-05-19 14:23 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
2007-05-19 14:22 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2007-05-19 14:22 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-05-19 14:22 <DIR> d-------- C:\Program Files\Common Files\?asks
2007-05-19 14:22 <DIR> d-------- C:\Program Files\Common Files\??crosoft.NET
2007-05-19 14:22 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??crosoft.NET
2007-05-19 14:21 <DIR> d-------- C:\WINDOWS\system32\W?nSxS
2007-05-19 14:21 <DIR> d-------- C:\WINDOWS\?icrosoft.NET
2007-05-19 14:21 <DIR> d-------- C:\Program Files\Common Files\M?crosoft.NET
2007-05-19 14:21 <DIR> d-------- C:\Program Files\Common Files\?racle
2007-05-19 14:21 <DIR> d-------- C:\Program Files\Common Files\?ppPatch
2007-05-19 14:21 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\F?nts
2007-05-19 14:21 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??stem32
2007-05-19 14:20 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-05-19 14:20 <DIR> d---s---- C:\WINDOWS\?asks
2007-05-19 14:20 <DIR> d-------- C:\WINDOWS\system32\S?mantec
2007-05-19 14:20 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2007-05-19 14:20 <DIR> d-------- C:\WINDOWS\system32\?racle
2007-05-19 14:20 <DIR> d-------- C:\Program Files\Common Files\?ssembly
2007-05-19 14:20 <DIR> d-------- C:\Program Files\Common Files\??sembly
2007-05-19 14:20 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-05-19 14:20 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?racle
2007-05-19 14:20 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??mantec
2007-05-19 14:20 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??curity
2007-05-19 14:19 <DIR> dr--s---- C:\WINDOWS\a?sembly
2007-05-19 14:19 <DIR> d---s---- C:\DOCUME~1\IVAN\APPLIC~1\??crosoft
2007-05-19 14:19 <DIR> d-------- C:\WINDOWS\system32\??sembly
2007-05-19 14:19 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-05-19 14:19 <DIR> d-------- C:\WINDOWS\?ymantec
2007-05-19 14:19 <DIR> d-------- C:\WINDOWS\?ecurity
2007-05-19 14:19 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-05-19 14:19 <DIR> d-------- C:\Program Files\Common Files\?asks
2007-05-19 14:19 <DIR> d-------- C:\Program Files\Common Files\??stem
2007-05-19 14:19 <DIR> d-------- C:\Program Files\Common Files\??pPatch
2007-05-19 14:19 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\s?mbols
2007-05-19 14:19 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\a?sembly
2007-05-19 14:19 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?dobe
2007-05-19 14:19 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?dobe
2007-05-19 14:19 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??sks
2007-05-19 14:18 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft
2007-05-19 14:18 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\system32\T?sks
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\M?crosoft.NET
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\?ystem32
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\?icrosoft.NET
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\?icrosoft
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\??mbols
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\??crosoft
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\a?sembly
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\?ystem32
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\?racle
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\??stem32
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\??pPatch
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\??crosoft.NET
2007-05-19 14:18 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\s?curity
2007-05-19 14:18 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
2007-05-19 14:18 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??stem
2007-05-19 14:17 <DIR> d---s---- C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\system32\?racle
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\?ystem
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\?ymbols
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\?ppPatch
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\?icrosoft
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\?dobe
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\S?mantec
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\?ymbols
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\?ppPatch
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\?dobe
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\??sks
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\??sks
2007-05-19 14:17 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\F?nts
2007-05-19 14:17 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?asks
2007-05-19 14:16 <DIR> dr--s---- C:\WINDOWS\?ssembly
2007-05-19 14:16 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft
2007-05-19 14:16 <DIR> d---s---- C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\s?curity
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??stem32
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??stem
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??mantec
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??curity
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\s?stem32
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\?racle
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\?racle
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\??curity
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\??crosoft.NET
2007-05-19 14:16 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2007-05-19 14:16 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2007-05-19 14:16 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
2007-05-19 14:16 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ssembly
2007-05-19 14:16 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?racle
2007-05-19 14:16 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ecurity
2007-05-19 14:16 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??crosoft.NET
2007-05-19 14:15 <DIR> dr--s---- C:\WINDOWS\F?nts
2007-05-19 14:15 <DIR> dr--s---- C:\WINDOWS\??sembly
2007-05-19 14:15 <DIR> d---s---- C:\WINDOWS\T?sks
2007-05-19 14:15 <DIR> d---s---- C:\WINDOWS\system32\M?crosoft
2007-05-19 14:15 <DIR> d---s---- C:\WINDOWS\??sks
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\W?nSxS
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\s?stem
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?ystem
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?ssembly
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?ppPatch
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?ecurity
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?dobe
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\s?mbols
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\s?curity
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\?dobe
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\??stem32
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\??pPatch
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\??crosoft.NET
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\W?nSxS
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\s?stem32
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\s?stem
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\F?nts
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\F?nts
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\?ystem
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\?ymantec
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\?dobe
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\??mbols
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\??mantec
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\??curity
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\T?sks
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\s?stem32
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ystem32
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ystem
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??sks
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??sembly
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??pPatch
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??mbols
2007-05-19 14:14 <DIR> d---s---- C:\WINDOWS\?asks
2007-05-19 14:14 <DIR> d---s---- C:\DOCUME~1\IVAN\APPLIC~1\??crosoft
2007-05-19 14:14 <DIR> d-------- C:\WINDOWS\system32\F?nts
2007-05-19 14:14 <DIR> d-------- C:\WINDOWS\system32\?ymbols
2007-05-19 14:14 <DIR> d-------- C:\WINDOWS\system32\?asks
2007-05-19 14:14 <DIR> d-------- C:\WINDOWS\system32\??mbols
2007-05-19 14:14 <DIR> d-------- C:\WINDOWS\??crosoft
2007-05-19 14:14 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\W?nSxS
2007-05-19 14:14 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?asks
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\s?stem
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\S?mantec
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\M?crosoft
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\?ppPatch
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\??stem
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\??pPatch
2007-05-19 13:01 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\s?stem
2007-05-19 13:01 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\S?mantec
2007-05-19 13:01 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??pPatch
2007-05-19 13:00 <DIR> dr--s---- C:\WINDOWS\F?nts
2007-05-19 13:00 <DIR> d---s---- C:\WINDOWS\??sks
2007-05-19 13:00 <DIR> d-------- C:\WINDOWS\system32\F?nts
2007-05-19 13:00 <DIR> d-------- C:\WINDOWS\system32\?ystem32
2007-05-19 13:00 <DIR> d-------- C:\WINDOWS\??mantec
2007-05-19 13:00 <DIR> d-------- C:\Program Files\Common Files\s?mbols
2007-05-19 13:00 <DIR> d-------- C:\Program Files\Common Files\s?curity
2007-05-19 13:00 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ymbols
2007-05-19 13:00 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ymantec
2007-05-17 16:52 <DIR> d-------- C:\Program Files\FlashGet
2007-05-17 16:39 1,807 --a------ C:\WINDOWS\system32\cpwbase2005.dat
2007-05-13 17:33 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\uTorrent
2007-05-13 14:49 <DIR> d-------- C:\Fraps
2007-05-12 12:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-11 18:08 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\iMesh
2007-05-08 12:22 <DIR> d-------- C:\WINDOWS\RebirthRO Full Client
2007-05-06 14:44 <DIR> d-------- C:\Downloads
2007-05-06 05:01 <DIR> d-------- C:\Program Files\Free Download Manager
2007-05-05 18:36 <DIR> d-------- C:\Soldat
ElloMate
2007-05-29, 23:33
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-27 18:07:54 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\gtk-2.0
2007-05-27 00:02:49 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-24 00:36:30 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-22 20:13:16 -------- d-----w C:\Program Files\DivX
2007-05-20 19:23:17 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\Xfire
2007-05-20 18:55:26 -------- d-----w C:\Program Files\MSN Messenger
2007-05-20 02:30:54 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\PC Tools
2007-05-20 02:30:18 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-19 21:29:48 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-05-19 21:29:01 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft
2007-05-19 21:27:56 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-05-19 21:23:33 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
2007-05-19 21:23:10 -------- d-----w C:\Program Files\Common Files\?ecurity
2007-05-19 21:22:46 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-05-19 21:22:42 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-05-19 21:22:33 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??crosoft.NET
2007-05-19 21:22:10 -------- d-----w C:\Program Files\Common Files\?asks
2007-05-19 21:21:50 -------- d-----w C:\Program Files\Common Files\?racle
2007-05-19 21:21:20 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-05-19 21:21:06 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??stem32
2007-05-19 21:20:57 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-05-19 21:20:48 -------- d-----w C:\Program Files\Common Files\?ssembly
2007-05-19 21:20:37 -------- d-----w C:\Program Files\Common Files\??sembly
2007-05-19 21:20:25 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??mantec
2007-05-19 21:20:18 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??curity
2007-05-19 21:20:06 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?racle
2007-05-19 21:19:59 -------- d-----w C:\Program Files\Common Files\??stem
2007-05-19 21:19:50 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-05-19 21:19:48 -------- d-----w C:\Program Files\Common Files\?asks
2007-05-19 21:19:35 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-05-19 21:19:34 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?dobe
2007-05-19 21:19:31 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?dobe
2007-05-19 21:19:22 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??sks
2007-05-19 21:19:02 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??crosoft
2007-05-19 21:18:54 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
2007-05-19 21:18:49 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??stem
2007-05-19 21:18:36 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-05-19 21:18:35 -------- d-----w C:\Program Files\Common Files\??stem32
2007-05-19 21:18:14 -------- d-----w C:\Program Files\Common Files\?ystem32
2007-05-19 21:18:13 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-05-19 21:18:01 -------- d-----w C:\Program Files\Common Files\?racle
2007-05-19 21:17:57 -------- d-----w C:\Program Files\Common Files\?ymbols
2007-05-19 21:17:54 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-05-19 21:17:43 -------- d-----w C:\Program Files\Common Files\??sks
2007-05-19 21:17:38 -------- d-----w C:\Program Files\Common Files\??sks
2007-05-19 21:17:33 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?asks
2007-05-19 21:17:29 -------- d-----w C:\Program Files\Common Files\?dobe
2007-05-19 21:16:55 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ecurity
2007-05-19 21:16:26 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??crosoft.NET
2007-05-19 21:16:21 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft
2007-05-19 21:16:08 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?racle
2007-05-19 21:16:07 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ssembly
2007-05-19 21:15:53 -------- d-----w C:\Program Files\Common Files\??mbols
2007-05-19 21:15:52 -------- d-----w C:\Program Files\Common Files\?ystem
2007-05-19 21:15:48 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ystem
2007-05-19 21:15:46 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??mbols
2007-05-19 21:15:43 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ystem32
2007-05-19 21:15:42 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
2007-05-19 21:15:27 -------- d-----w C:\Program Files\Common Files\??mantec
2007-05-19 21:15:25 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??sks
2007-05-19 21:15:24 -------- d-----w C:\Program Files\Common Files\?ymantec
2007-05-19 21:15:21 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-05-19 21:15:17 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??pPatch
2007-05-19 21:15:11 -------- d-----w C:\Program Files\Common Files\?dobe
2007-05-19 21:15:07 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??sembly
2007-05-19 21:15:03 -------- d-----w C:\Program Files\Common Files\??curity
2007-05-19 21:15:00 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
2007-05-19 21:14:59 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?asks
2007-05-19 21:14:55 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??crosoft
2007-05-19 20:01:01 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??pPatch
2007-05-19 20:00:55 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ymantec
2007-05-19 20:00:54 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ymbols
2007-05-17 00:14:47 1,548 -c--a-w C:\WINDOWS\mozver.dat
2007-04-21 20:33:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-15 00:43:16 30 ----a-w C:\deleteprefetch.bat
2007-04-13 00:53:53 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\Opera
2007-04-13 00:53:34 -------- d-----w C:\Program Files\Opera
2007-04-13 00:44:27 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\WinPatrol
2007-04-11 01:37:50 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\Ventrilo
2007-04-09 16:54:32 0 ----a-w C:\WINDOWS\system32\w32apiw.dll
2007-04-08 20:30:16 -------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-04-05 03:04:03 -------- d-----w C:\Program Files\Paint.NET
2007-04-04 22:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-04-01 20:50:13 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\SystemRequirementsLab
2007-03-29 23:12:14 664 -c--a-w C:\WINDOWS\system32\d3d9caps.dat
2007-03-15 20:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
2007-03-12 20:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
2007-03-12 20:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 -c--a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 16:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dl
ElloMate
2007-05-29, 23:34
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 05:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 09:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"RestrictCpl"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoInstrumentation"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 07:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqp]
C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys32]
C:\WINDOWS\system32\winsys32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis entries set to ignore ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 05:18:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-28 5:22:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-28 05:22

--- E O F ---
Mr_JAk3
2007-05-30, 20:14
Hi again :)

We'll continue...


Look in your control panels add/remove programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
and any other programs you didn't install or don't recognize - if your not sure please ask first

Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed (http://www.outerinfo.com/howto.html)

Run ComboFix again and post the log to here along with a fresh HijackThis log.

:bigthumb:
ElloMate
2007-05-30, 22:42
http://img239.imageshack.us/img239/5535/untitledbw7.png (http://imageshack.us)
ElloMate
2007-05-30, 23:13
:present:http://img440.imageshack.us/img440/6516/17914488hn3.png (http://imageshack.us)
ElloMate
2007-05-31, 00:27
"IVAN" - 2007-05-29 4:59:28 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\IVAN\Desktop\Spyware Programs\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



Purity Folders:

C:\WINDOWS\system32\a?sembly
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\F?nts
C:\WINDOWS\system32\F?nts
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\s?curity
C:\WINDOWS\system32\S?mantec
C:\WINDOWS\system32\s?mbols
C:\WINDOWS\system32\s?stem
C:\WINDOWS\system32\s?stem32
C:\WINDOWS\system32\T?sks
C:\WINDOWS\system32\W?nSxS
C:\WINDOWS\system32\?dobe
C:\WINDOWS\system32\?ppPatch
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\?icrosoft.NET
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\?racle
C:\WINDOWS\system32\?asks
C:\WINDOWS\system32\T?sks
C:\WINDOWS\system32\?ecurity
C:\WINDOWS\system32\?ymantec
C:\WINDOWS\system32\?ymbols
C:\WINDOWS\system32\?ystem
C:\WINDOWS\system32\?ystem32
C:\WINDOWS\system32\s?curity
C:\WINDOWS\system32\S?mantec
C:\WINDOWS\system32\s?mbols
C:\WINDOWS\system32\s?stem
C:\WINDOWS\system32\s?stem32
C:\WINDOWS\system32\?dobe
C:\WINDOWS\system32\?ppPatch
C:\WINDOWS\system32\?ssembly
C:\WINDOWS\system32\a?sembly
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\?icrosoft.NET
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\?racle
C:\WINDOWS\system32\?asks
C:\WINDOWS\system32\T?sks
C:\WINDOWS\assembly
C:\WINDOWS\AppPatch
C:\WINDOWS\Fonts
C:\WINDOWS\Fonts
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\security
C:\WINDOWS\S?mantec
C:\WINDOWS\s?mbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\Tasks
C:\WINDOWS\WinSxS
C:\WINDOWS\?dobe
C:\WINDOWS\AppPatch
C:\WINDOWS\AppPatch
C:\WINDOWS\?icrosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\?racle
C:\WINDOWS\Tasks
C:\WINDOWS\Tasks
C:\WINDOWS\security
C:\WINDOWS\?ymantec
C:\WINDOWS\?ymbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\security
C:\WINDOWS\S?mantec
C:\WINDOWS\s?mbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\?dobe
C:\WINDOWS\AppPatch
C:\WINDOWS\assembly
C:\WINDOWS\assembly
C:\WINDOWS\AppPatch
C:\WINDOWS\?icrosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\?racle
C:\WINDOWS\Tasks
C:\WINDOWS\Tasks
C:\Program Files\Common Files\a?sembly
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\F?nts
C:\Program Files\Common Files\F?nts
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\s?curity
C:\Program Files\Common Files\S?mantec
C:\Program Files\Common Files\s?mbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\s?stem32
C:\Program Files\Common Files\T?sks
C:\Program Files\Common Files\W?nSxS
C:\Program Files\Common Files\?dobe
C:\Program Files\Common Files\?ppPatch
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\?icrosoft
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\?racle
C:\Program Files\Common Files\?asks
C:\Program Files\Common Files\T?sks
C:\Program Files\Common Files\?ecurity
C:\Program Files\Common Files\?ymantec
C:\Program Files\Common Files\?ymbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\?ystem32
C:\Program Files\Common Files\s?curity
C:\Program Files\Common Files\S?mantec
C:\Program Files\Common Files\s?mbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\s?stem32
C:\Program Files\Common Files\?dobe
C:\Program Files\Common Files\?ppPatch
C:\Program Files\Common Files\?ssembly
C:\Program Files\Common Files\a?sembly
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\?icrosoft
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\?racle
C:\Program Files\Common Files\?asks
C:\Program Files\Common Files\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\a?sembly
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\F?nts
C:\DOCUME~1\IVAN\APPLIC~1\F?nts
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\s?curity
C:\DOCUME~1\IVAN\APPLIC~1\S?mantec
C:\DOCUME~1\IVAN\APPLIC~1\s?mbols
C:\DOCUME~1\IVAN\APPLIC~1\s?stem
C:\DOCUME~1\IVAN\APPLIC~1\s?stem32
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\W?nSxS
C:\DOCUME~1\IVAN\APPLIC~1\?dobe
C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\?racle
C:\DOCUME~1\IVAN\APPLIC~1\?asks
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\?ecurity
C:\DOCUME~1\IVAN\APPLIC~1\?ymantec
C:\DOCUME~1\IVAN\APPLIC~1\?ymbols
C:\DOCUME~1\IVAN\APPLIC~1\?ystem
C:\DOCUME~1\IVAN\APPLIC~1\?ystem32
C:\DOCUME~1\IVAN\APPLIC~1\s?curity
C:\DOCUME~1\IVAN\APPLIC~1\S?mantec
C:\DOCUME~1\IVAN\APPLIC~1\s?mbols
C:\DOCUME~1\IVAN\APPLIC~1\s?stem
C:\DOCUME~1\IVAN\APPLIC~1\s?stem32
C:\DOCUME~1\IVAN\APPLIC~1\?dobe
C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
C:\DOCUME~1\IVAN\APPLIC~1\?ssembly
C:\DOCUME~1\IVAN\APPLIC~1\a?sembly
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\?racle
C:\DOCUME~1\IVAN\APPLIC~1\?asks
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
ElloMate
2007-05-31, 00:28
((((((((((((((((((((((((((((((( Files Created from 29/0-01-07 to 29/05/2007 ))))))))))))))))))))))))))))))))))


29/05/2007 04:59 AM C:\64 ComboFix.txt.bat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"RestrictCpl"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoInstrumentation"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [28/09/2006 07:13 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys32]
C:\WINDOWS\system32\winsys32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 05:21:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 29/05/2007 5:24:02
C:\ComboFix-quarantined-files.txt ... 29/05/2007 05:24 AM
C:\ComboFix2.txt ... 28/05/2007 05:22 AM

--- E O F ---
ElloMate
2007-05-31, 00:30
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:29:46 AM, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\hijackthis\HiJackThis_v2.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 1189 bytes
ElloMate
2007-05-31, 00:31
Oh yeah, one my thing, why is my Internet explorer is removed from my Desktop, and my Hd I think
Mr_JAk3
2007-05-31, 20:30
Hello :)

So you ran purity uninstaller?

The log looks a BIT odd.. Let's see what kind of a logfile the previous version gives. please delete your version of HijackThis...

Download HijackThis 1.99.1 to your desktop from here (http://downloads.malwareremoval.com/HijackThis.exe)

Create a new folder for HijackThis and move HijackThis.exe into it.

Rename HijackThis.exe to Scanner.exe

:bigthumb:
ElloMate
2007-05-31, 23:24
Hello :)

So you ran purity uninstaller?

The log looks a BIT odd.. Let's see what kind of a logfile the previous version gives. please delete your version of HijackThis...

Download HijackThis 1.99.1 to your desktop from here (http://downloads.malwareremoval.com/HijackThis.exe)

Create a new folder for HijackThis and move HijackThis.exe into it.

Rename HijackThis.exe to Scanner.exe

:bigthumb:
Logfile of HijackThis v1.99.1
Scan saved at 5:24:16 AM, on 31/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IVAN\Desktop\Scanner.exe.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: winsys32 - C:\WINDOWS\system32\winsys32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Mr_JAk3
2007-06-01, 10:27
Ok...

Download F-Secure Blacklight (http://www.f-secure.com/blacklight/try_blacklight.html) and save it to your desktop.

Doubleclick fsbl.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)
ElloMate
2007-06-02, 03:14
06/02/07 08:14:29 [Info]: BlackLight Engine 1.0.61 initialized
06/02/07 08:14:29 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/02/07 08:14:29 [Note]: 7019 4
06/02/07 08:14:29 [Note]: 7005 0
06/02/07 08:14:30 [Note]: 7006 0
06/02/07 08:14:30 [Note]: 7011 1704
06/02/07 08:14:30 [Note]: 7026 0
06/02/07 08:14:31 [Note]: 7026 0
06/02/07 08:14:37 [Note]: FSRAW library version 1.7.1021
06/02/07 08:22:08 [Note]: 7007 0
Mr_JAk3
2007-06-03, 14:59
Hi again, we'll continue :)

Your HijackThis log is quite short. Have you fixed something by yourself or have you whitelisted some entries?

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.

Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

==================

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O20 - Winlogon Notify: winsys32 - C:\WINDOWS\system32\winsys32.dll

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following files (if present):
C:\WINDOWS\system32\winsys32.dll

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
tashi
2007-06-10, 00:17
Still with us ElloMate?
tashi
2007-06-11, 23:32
Due to lack of a response, :sick: this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.