PDA

View Full Version : malware messing up windows. Making computer unusable. Need help.



dimebagdrl
2007-08-11, 23:21
Okay, I'm currently working on a relatives computer which is having some serious malware problems. THe symptoms thus far have included excessive pop-ups, random programs installing themselves, mostly anti-spyware/adware programs, and most recently when anyone logs into any account on the system, explorer.exe will continues start and end, causing the desktop to blink on and off repeatedly. I've managed "disable" explorer.exe and use the "Run" through the task manager to work around the problem and have been able to us some programs I have on an external HDD to get online via firefox Portable. I've managed to run hijackthis.

here is the logfile.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:09:27 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TGVvbmEgUGVpcmlz\command.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\qwerty12.exe
E:\Files\Programs\FirefoxPortable\App\firefox\firefox.exe
E:\Malware Removal Software\Hijack This\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: (no name) - {00b0fd20-7ac3-43c9-8b4e-fa6e7dc9f9e9} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: 0 - {05A995D0-26B8-42D0-D39D-07237AA0315A} - C:\Program Files\Internet Explorer\qufaxyl.dll
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\compstuic.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0b2b3ffa-c801-42a1-8826-124d4a8d92d4} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\admparsek.dll
O2 - BHO: (no name) - {0e59c456-9916-432e-b857-78d0ff5c4382} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {1050168b-ed1b-468c-94e8-eed03396d1f1} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\podpis.dll
O2 - BHO: (no name) - {13cc925b-7e00-433f-8fd4-403228432e4b} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {1769178E-8D6E-FF99-4B14-828DCE50D5BB} - C:\WINDOWS\system32\ekhxtmr.dll
O2 - BHO: (no name) - {17d14d7b-b825-4cb3-b90d-2af5c456d239} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: CIEIntegrator Object - {22750ADC-C90F-43C4-9B72-0F9E60CB5119} - C:\Program Files\WinAntiVirus Pro 2007\winavpgi.dll
O2 - BHO: (no name) - {292c564c-26c6-4535-a470-26ebcb74bd13} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {328dda83-717e-4414-8481-ce966e2ad8d0} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {34151e9a-2dc8-4e16-aa7d-34205eef224a} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: Bho - {4DF3383C-ACB0-40f3-BCF0-4B09F48D1AB8} - C:\WINDOWS\system32\mtfisvfi.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll (file missing)
O2 - BHO: (no name) - {52a0a5de-0e46-4288-bb9e-5724f9658b80} - C:\WINDOWS\system32\log875.dll
O2 - BHO: (no name) - {555FF497-8DAA-4DB3-A5B7-007DC2249F93} - \
O2 - BHO: IEFW Object - {67121D62-2C97-4EF0-83EA-2DC643D50B01} - C:\Program Files\WinAntiVirus Pro 2007\fwbho.dll
O2 - BHO: (no name) - {6F8FF8BA-3E0D-4FFE-7A77-34B67D3DFEB8} - C:\WINDOWS\system32\cbgipnjq.dll
O2 - BHO: (no name) - {80da9dd1-6191-4787-8c54-75c43aaf6770} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {811d7a66-ad56-4daa-97e9-3717842153a3} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {8138b599-7bde-4488-b800-4edb329feb16} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {8248d694-d4ea-4f5d-85f7-b723239f5546} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\tmp34.tmp.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9aae9f10-7fa5-4608-bc0f-9e70ee877649} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00301} - C:\WINDOWS\adsldpbm.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00302} - C:\WINDOWS\system32\adsldpbx.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - C:\WINDOWS\system32\adsldpby.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - C:\WINDOWS\system32\adsldpbz.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - C:\WINDOWS\system32\compstuia.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - C:\WINDOWS\compstuib.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\system32\compstuid.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\compstuig.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00320} - C:\WINDOWS\system32\compstuif.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - C:\WINDOWS\system32\fontextc.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - C:\WINDOWS\system32\fontextd.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00405} - C:\WINDOWS\fontexte.dll (file missing)
O2 - BHO: (no name) - {B04F7B32-B070-45A9-8670-2CE44F6281C7} - \
O2 - BHO: (no name) - {bb39ebb0-33d1-45ed-bb00-cab4bdadbdeb} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {c07f5831-d178-4505-aa6d-a0d1bd789429} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {ccff8cfc-df25-48b4-b70c-0aafba8656d7} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100407} - C:\WINDOWS\system32\d3dxofa.dll
O2 - BHO: (no name) - {d3c996e3-28e6-4091-9877-9460f7e8e5ef} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {D4C5947D-16E3-462F-A93D-FB718E100406} - C:\WINDOWS\system32\fontext_a.dll (file missing)
O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - C:\WINDOWS\system32\admparsez.dll
O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - C:\WINDOWS\system32\adsldpbm.dll (file missing)
O2 - BHO: (no name) - {dfb19108-4a35-43c4-870e-a1b93c4d09af} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {E55C27EA-AC00-4C1B-B753-89FBB593294A} - C:\Program Files\MSN Gaming Zone\mesof.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\ssqrq.dll
O2 - BHO: (no name) - {ebc97776-1a0e-4f81-b654-8510f346e25c} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {ece344fe-3b0b-4a5b-8cde-a044581e2146} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {eec9f4c3-f91c-4dd8-8c1b-b386bd9e4b56} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {f0f752c8-7edf-4357-b337-6b569c012ead} - C:\WINDOWS\system32\hmourang.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinAntiVirus Pro 2007] "C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe" /min
O4 - HKLM\..\Run: [MAV_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\DNSE.exe" -c
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwinkodt.exe CHD003
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\jkjjki.dll",realset
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://winantivirus.com/download/2007/download.php?file=2&aid=dn_kn_swmplx2_us_en_ed2&lid=keyin&affid=dn__{52a0a5de-0e46-4288-bb9e-5724f9658b80}&lng=en&cnt=us
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivirus.com/download/2007/download.php?file=2&aid=swp_wa7p_us_en&lid=288&affid=pp_1149733525
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\LEONAP~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\system32\cfgmngr321.dll
O20 - Winlogon Notify: harddll - C:\WINDOWS\system32\harddll.dll
O20 - Winlogon Notify: ibywxwyo - C:\WINDOWS\SYSTEM32\ibywxwyo.dll
O20 - Winlogon Notify: log875 - C:\WINDOWS\SYSTEM32\log875.dll
O20 - Winlogon Notify: ssqrq - C:\WINDOWS\SYSTEM32\ssqrq.dll
O20 - Winlogon Notify: waveutil - C:\WINDOWS\system32\waveutil.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Windows Updater - {B29BE267-3A64-4F7E-8A57-75FB5E900509} - C:\WINDOWS\system32\cfgmngr321.dll
O22 - SharedTaskScheduler: Master Browseui - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\admparsek.dll
O22 - SharedTaskScheduler: z - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll (file missing)
O22 - SharedTaskScheduler: z - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll (file missing)
O22 - SharedTaskScheduler: z - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - C:\WINDOWS\system32\fontextc.dll (file missing)
O22 - SharedTaskScheduler: z - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - C:\WINDOWS\system32\fontextd.dll (file missing)
O22 - SharedTaskScheduler: z - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00405} - C:\WINDOWS\fontexte.dll (file missing)
O22 - SharedTaskScheduler: Master Browseui - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - C:\WINDOWS\system32\admparsez.dll
O22 - SharedTaskScheduler: z - {D4C5947D-16E3-462F-A93D-FB718E100406} - C:\WINDOWS\system32\fontext_a.dll (file missing)
O22 - SharedTaskScheduler: za - {D1159422-16E3-462F-A93D-FB718E100407} - C:\WINDOWS\system32\d3dxofa.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGVvbmEgUGVpcmlz\command.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Firewall service (NtTf) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2007\NtFt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 14884 bytes


I also noticed that a program called "qwerty12.exe" is present and running on the system and I can't disable it.

I've got most of the programs I may need to run(vundo,ATF, AVG,ect...) on my external, I just need to know what to do.

Any help would be appreciated. Thanks.

Shaba
2007-08-12, 12:24
Hi dimebagdrl

You are hugely infected.

Let's start with these:

1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Download win32delfkil.exe (http://users.telenet.be/marcvn/tools/win32delfkil.exe).
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c:\windelf.txt, along with a new hijackthislog.

Post:

- a fresh HijackThis log
- combofix report
- c:\windelf.txt

dimebagdrl
2007-08-12, 22:36
Well here are the logs you asked for. All four posts of them... :red:




ComboFix 07-08-09.3 - "Temp" 2007-08-12 11:35:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.284 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\WinAntiVirus Pro 2007\Uninstall WinAntiVirus Pro 2007.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\WinAntiVirus Pro 2007\WinAntiVirus Pro 2007 Manual.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\WinAntiVirus Pro 2007\WinAntiVirus Pro 2007.lnk
C:\DOCUME~1\LEONAP~1\APPLIC~1\..\err.log
C:\DOCUME~1\LEONAP~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\LEONAP~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log
C:\DOCUME~1\LEONAP~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa6Support.log
C:\DOCUME~1\LEONAP~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log
C:\DOCUME~1\LEONAP~1\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat
C:\DOCUME~1\LEONAP~1\APPLIC~1\winantiviruspro2007freeinstall[1].exe
C:\DOCUME~1\MPATRI~1\APPLIC~1\..\err.log
C:\DOCUME~1\MPATRI~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\MPATRI~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log
C:\DOCUME~1\MPATRI~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa6Support.log
C:\DOCUME~1\MPATRI~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log
C:\DOCUME~1\MPATRI~1\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\Common Files\Companion Wizard\CompWiz.xml
C:\Program Files\Common Files\companion wizard\CompWiz.xml
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
C:\Program Files\Common Files\companion wizard\WapCHK.dll
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\sembly~1
C:\Program Files\Common Files\ssembl~1
C:\Program Files\Common Files\winantivirus pro 2007
C:\Program Files\Common Files\WinAntiVirus Pro 2007\atl71.dll
C:\Program Files\Common Files\winantivirus pro 2007\atl71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\DNSE.exe
C:\Program Files\Common Files\winantivirus pro 2007\DNSE.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log
C:\Program Files\Common Files\winantivirus pro 2007\err.log
C:\Program Files\Common Files\winantivirus pro 2007\mav_startupmon.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe
C:\Program Files\Common Files\winantivirus pro 2007\mfc71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\mfc71.dll
C:\Program Files\Common Files\winantivirus pro 2007\msvcp71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcp71.dll
C:\Program Files\Common Files\winantivirus pro 2007\msvcr71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcr71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\SpOrder.dll
C:\Program Files\Common Files\winantivirus pro 2007\SpOrder.dll
C:\Program Files\Common Files\winantivirus pro 2007\up.dat
C:\Program Files\Common Files\WinAntiVirus Pro 2007\up.dat
C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe
C:\Program Files\Common Files\winantivirus pro 2007\uwa7pcw.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll
C:\Program Files\Common Files\winantivirus pro 2007\WAPChk.dll
C:\Program Files\Common Files\WinSoftware
C:\Program Files\Common Files\WinSoftware\FCrXML.dll
C:\Program Files\Common Files\WinSoftware\Prcheck.dll
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\fnts~1
C:\Program Files\icroso~1
C:\Program Files\icroso~1.net
C:\Program Files\Internet Explorer\qufaxyl.dll
C:\Program Files\ipwindows
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\poolsv
C:\Program Files\poolsv\is67389.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\racle~1
C:\Program Files\smante~1
C:\Program Files\webhancer
C:\Program Files\webhancer\whAgent_update.exe
C:\Program Files\winantivirus pro 2007
C:\Program Files\winantivirus pro 2007\~Update2627.exe
C:\Program Files\WinAntiVirus Pro 2007\~Update2627.exe
C:\Program Files\winantivirus pro 2007\Activate.dat
C:\Program Files\WinAntiVirus Pro 2007\Activate.dat
C:\Program Files\winantivirus pro 2007\Activate.exe
C:\Program Files\WinAntiVirus Pro 2007\Activate.exe
C:\Program Files\WinAntiVirus Pro 2007\alerts.txt
C:\Program Files\winantivirus pro 2007\alerts.txt
C:\Program Files\winantivirus pro 2007\alerts.txt111_16_53_39.gz
C:\Program Files\WinAntiVirus Pro 2007\alerts.txt111_16_53_39.gz
C:\Program Files\WinAntiVirus Pro 2007\alerts.txt73_15_15_31.gz
C:\Program Files\winantivirus pro 2007\alerts.txt73_15_15_31.gz
C:\Program Files\winantivirus pro 2007\alerts.txt96_11_23_14.gz
C:\Program Files\WinAntiVirus Pro 2007\alerts.txt96_11_23_14.gz
C:\Program Files\winantivirus pro 2007\ASupdater.dat
C:\Program Files\WinAntiVirus Pro 2007\ASupdater.dat
C:\Program Files\WinAntiVirus Pro 2007\atl71.dll
C:\Program Files\winantivirus pro 2007\atl71.dll
C:\Program Files\WinAntiVirus Pro 2007\avchedule.dat
C:\Program Files\winantivirus pro 2007\avchedule.dat
C:\Program Files\winantivirus pro 2007\avcom.log
C:\Program Files\WinAntiVirus Pro 2007\avcom.log
C:\Program Files\winantivirus pro 2007\avkernel.dll
C:\Program Files\WinAntiVirus Pro 2007\avkernel.dll
C:\Program Files\WinAntiVirus Pro 2007\AVupd.exe
C:\Program Files\winantivirus pro 2007\AVupd.exe
C:\Program Files\WinAntiVirus Pro 2007\AWBase\database\enemies.dat
C:\Program Files\winantivirus pro 2007\AWBase\database\enemies.dat
C:\Program Files\winantivirus pro 2007\AWBase\vbpv.dat
C:\Program Files\WinAntiVirus Pro 2007\AWBase\vbpv.dat
C:\Program Files\winantivirus pro 2007\BkSites.dat
C:\Program Files\WinAntiVirus Pro 2007\BkSites.dat
C:\Program Files\winantivirus pro 2007\bnlink.dat
C:\Program Files\WinAntiVirus Pro 2007\bnlink.dat
C:\Program Files\winantivirus pro 2007\bpupdater.dat
C:\Program Files\WinAntiVirus Pro 2007\bpupdater.dat
C:\Program Files\WinAntiVirus Pro 2007\CompWiz.exe
C:\Program Files\winantivirus pro 2007\CompWiz.exe
C:\Program Files\winantivirus pro 2007\CompWiz.xml
C:\Program Files\WinAntiVirus Pro 2007\CompWiz.xml
C:\Program Files\winantivirus pro 2007\Download\kxebvkrv\UA27304.DLL
C:\Program Files\WinAntiVirus Pro 2007\Download\kxebvkrv\UA27304.DLL
C:\Program Files\WinAntiVirus Pro 2007\Download\kxebvkrv\UADAILY.DLL
C:\Program Files\winantivirus pro 2007\Download\kxebvkrv\UADAILY.DLL
C:\Program Files\winantivirus pro 2007\Download\odikxalu\UA27304.DLL
C:\Program Files\WinAntiVirus Pro 2007\Download\odikxalu\UA27304.DLL
C:\Program Files\winantivirus pro 2007\Download\odikxalu\UADAILY.DLL
C:\Program Files\WinAntiVirus Pro 2007\Download\odikxalu\UADAILY.DLL
C:\Program Files\winantivirus pro 2007\Download\vwxvyaam\update.script
C:\Program Files\WinAntiVirus Pro 2007\Download\vwxvyaam\update.script
C:\Program Files\winantivirus pro 2007\Download\vwxvyaam\Update3226.exe
C:\Program Files\WinAntiVirus Pro 2007\Download\vwxvyaam\Update3226.exe
C:\Program Files\winantivirus pro 2007\Download\wjcdkwio\UA27304.DLL
C:\Program Files\WinAntiVirus Pro 2007\Download\wjcdkwio\UA27304.DLL
C:\Program Files\WinAntiVirus Pro 2007\Download\wjcdkwio\UADAILY.DLL
C:\Program Files\winantivirus pro 2007\Download\wjcdkwio\UADAILY.DLL
C:\Program Files\WinAntiVirus Pro 2007\Download\zfmpdexp\~Update2627.exe
C:\Program Files\winantivirus pro 2007\Download\zfmpdexp\~Update2627.exe
C:\Program Files\winantivirus pro 2007\fat.exe
C:\Program Files\WinAntiVirus Pro 2007\fat.exe
C:\Program Files\winantivirus pro 2007\fopnl.dll
C:\Program Files\WinAntiVirus Pro 2007\fopnl.dll
C:\Program Files\winantivirus pro 2007\fsflt.sys
C:\Program Files\WinAntiVirus Pro 2007\fsflt.sys
C:\Program Files\winantivirus pro 2007\fsflti.exe
C:\Program Files\WinAntiVirus Pro 2007\fsflti.exe
C:\Program Files\WinAntiVirus Pro 2007\fwbho.dll
C:\Program Files\winantivirus pro 2007\fwbho.dll
C:\Program Files\winantivirus pro 2007\history.db
C:\Program Files\WinAntiVirus Pro 2007\history.db
C:\Program Files\WinAntiVirus Pro 2007\IH.exe
C:\Program Files\winantivirus pro 2007\IH.exe
C:\Program Files\winantivirus pro 2007\img\button.gif
C:\Program Files\WinAntiVirus Pro 2007\img\button.gif
C:\Program Files\winantivirus pro 2007\img\button2.gif
C:\Program Files\WinAntiVirus Pro 2007\img\button2.gif
C:\Program Files\WinAntiVirus Pro 2007\img\header.gif
C:\Program Files\winantivirus pro 2007\img\header.gif
C:\Program Files\WinAntiVirus Pro 2007\img\logo.gif
C:\Program Files\winantivirus pro 2007\img\logo.gif
C:\Program Files\WinAntiVirus Pro 2007\img\spacer.gif
C:\Program Files\winantivirus pro 2007\img\spacer.gif
C:\Program Files\winantivirus pro 2007\img\top_line.gif
C:\Program Files\WinAntiVirus Pro 2007\img\top_line.gif
C:\Program Files\winantivirus pro 2007\img\top1.jpg
C:\Program Files\WinAntiVirus Pro 2007\img\top1.jpg
C:\Program Files\WinAntiVirus Pro 2007\img\top2.jpg
C:\Program Files\winantivirus pro 2007\img\top2.jpg
C:\Program Files\winantivirus pro 2007\index.dat
C:\Program Files\WinAntiVirus Pro 2007\index.dat
C:\Program Files\winantivirus pro 2007\install.exe
C:\Program Files\WinAntiVirus Pro 2007\install.exe
C:\Program Files\winantivirus pro 2007\kb.url
C:\Program Files\WinAntiVirus Pro 2007\kb.url
C:\Program Files\WinAntiVirus Pro 2007\lapv.dat
C:\Program Files\winantivirus pro 2007\lapv.dat
C:\Program Files\winantivirus pro 2007\License.rtf
C:\Program Files\WinAntiVirus Pro 2007\License.rtf
C:\Program Files\WinAntiVirus Pro 2007\mfc71.dll
C:\Program Files\winantivirus pro 2007\mfc71.dll
C:\Program Files\WinAntiVirus Pro 2007\mngras.dll
C:\Program Files\winantivirus pro 2007\mngras.dll
C:\Program Files\WinAntiVirus Pro 2007\msvcp71.dll
C:\Program Files\winantivirus pro 2007\msvcp71.dll
C:\Program Files\WinAntiVirus Pro 2007\msvcr71.dll
C:\Program Files\winantivirus pro 2007\msvcr71.dll
C:\Program Files\winantivirus pro 2007\msxml3.dll
C:\Program Files\WinAntiVirus Pro 2007\msxml3.dll
C:\Program Files\winantivirus pro 2007\msxml3a.dll
C:\Program Files\WinAntiVirus Pro 2007\msxml3a.dll
C:\Program Files\winantivirus pro 2007\msxml3r.dll
C:\Program Files\WinAntiVirus Pro 2007\msxml3r.dll
C:\Program Files\winantivirus pro 2007\NtFt.exe
C:\Program Files\WinAntiVirus Pro 2007\NtFt.exe
C:\Program Files\WinAntiVirus Pro 2007\Online.url
C:\Program Files\winantivirus pro 2007\Online.url
C:\Program Files\winantivirus pro 2007\PGBase\vbpv.dat
C:\Program Files\WinAntiVirus Pro 2007\PGBase\vbpv.dat
C:\Program Files\winantivirus pro 2007\PGupdater.dat
C:\Program Files\WinAntiVirus Pro 2007\PGupdater.dat
C:\Program Files\winantivirus pro 2007\PGUpLst.dat
C:\Program Files\WinAntiVirus Pro 2007\PGUpLst.dat
C:\Program Files\WinAntiVirus Pro 2007\phigh.bin
C:\Program Files\winantivirus pro 2007\phigh.bin
C:\Program Files\winantivirus pro 2007\plugins\BORLNDMM.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\BORLNDMM.DLL
C:\Program Files\winantivirus pro 2007\plugins\NEWVIR.DAT
C:\Program Files\WinAntiVirus Pro 2007\plugins\NEWVIR.DAT
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANADWR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANADWR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANBCDR.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANBCDR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANDOS1.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANDOS1.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANFUNC.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANFUNC.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANKRNL.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANKRNL.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANMCR1.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANMCR1.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANOTHR.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANOTHR.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANSCR.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANSCR.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANTOOL.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANTOOL.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANTROJ.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANTROJ.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\SCANWIN1.DLL
C:\Program Files\winantivirus pro 2007\plugins\SCANWIN1.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNACPU.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNACPU.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNADBX.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNADBX.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\unamscan.dll
C:\Program Files\winantivirus pro 2007\plugins\unamscan.dll
C:\Program Files\winantivirus pro 2007\plugins\UNMIME.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNMIME.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNPACK.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPACK.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPACKS.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNPACKS.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNPACKS2.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPACKS2.DLL
C:\Program Files\winantivirus pro 2007\plugins\UNPEPACK.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UNPEPACK.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\.UA27215.DLL.UQvNUR
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\.UA27215.DLL.UQvNUR
C:\Program Files\winantivirus pro 2007\plugins\UpDate\.UADAILY.DLL.SrUTf8
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\.UADAILY.DLL.SrUTf8
C:\Program Files\winantivirus pro 2007\plugins\UpDate\index.html
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\index.html
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27201.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27201.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27202.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27202.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27203.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27203.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27204.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27204.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27205.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27205.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27206.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27206.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27207.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27207.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27208.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27208.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27209.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27209.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27210.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27210.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27211.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27211.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27212.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27212.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27213.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27213.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27214.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27214.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27215.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27215.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27216.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27216.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27217.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27217.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27301.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27301.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27302.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27302.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27303.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27303.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UA27304.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UA27304.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\UADAILY.DLL
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\UADAILY.DLL
C:\Program Files\winantivirus pro 2007\plugins\UpDate\wininit.ini
C:\Program Files\WinAntiVirus Pro 2007\plugins\UpDate\wininit.ini

dimebagdrl
2007-08-12, 22:37
C:\Program Files\WinAntiVirus Pro 2007\plugins\vbpv.dat
C:\Program Files\winantivirus pro 2007\plugins\vbpv.dat
C:\Program Files\winantivirus pro 2007\pmedium.bin
C:\Program Files\WinAntiVirus Pro 2007\pmedium.bin
C:\Program Files\WinAntiVirus Pro 2007\prc.dat
C:\Program Files\winantivirus pro 2007\prc.dat
C:\Program Files\WinAntiVirus Pro 2007\prerules.xml
C:\Program Files\winantivirus pro 2007\prerules.xml
C:\Program Files\winantivirus pro 2007\programs.bin
C:\Program Files\WinAntiVirus Pro 2007\programs.bin
C:\Program Files\winantivirus pro 2007\ps.dat
C:\Program Files\WinAntiVirus Pro 2007\ps.dat
C:\Program Files\winantivirus pro 2007\pv.dat
C:\Program Files\WinAntiVirus Pro 2007\pv.dat
C:\Program Files\winantivirus pro 2007\pv.exe
C:\Program Files\WinAntiVirus Pro 2007\pv.exe
C:\Program Files\winantivirus pro 2007\report.dll
C:\Program Files\WinAntiVirus Pro 2007\report.dll
C:\Program Files\winantivirus pro 2007\res\cross.gif
C:\Program Files\WinAntiVirus Pro 2007\res\cross.gif
C:\Program Files\winantivirus pro 2007\res\Register.gif
C:\Program Files\WinAntiVirus Pro 2007\res\Register.gif
C:\Program Files\WinAntiVirus Pro 2007\res\wa7p.gif
C:\Program Files\winantivirus pro 2007\res\wa7p.gif
C:\Program Files\WinAntiVirus Pro 2007\Restart.exe
C:\Program Files\winantivirus pro 2007\Restart.exe
C:\Program Files\WinAntiVirus Pro 2007\RSrv.dll
C:\Program Files\winantivirus pro 2007\RSrv.dll
C:\Program Files\WinAntiVirus Pro 2007\settings.bin
C:\Program Files\winantivirus pro 2007\settings.bin
C:\Program Files\WinAntiVirus Pro 2007\SpOrder.dll
C:\Program Files\winantivirus pro 2007\SpOrder.dll
C:\Program Files\WinAntiVirus Pro 2007\sqlite3.dll
C:\Program Files\winantivirus pro 2007\sqlite3.dll
C:\Program Files\winantivirus pro 2007\sr.log
C:\Program Files\WinAntiVirus Pro 2007\sr.log
C:\Program Files\WinAntiVirus Pro 2007\st.dat
C:\Program Files\winantivirus pro 2007\st.dat
C:\Program Files\winantivirus pro 2007\Support.url
C:\Program Files\WinAntiVirus Pro 2007\Support.url
C:\Program Files\winantivirus pro 2007\traffic.txt
C:\Program Files\WinAntiVirus Pro 2007\traffic.txt
C:\Program Files\winantivirus pro 2007\UBUpdater.dat
C:\Program Files\WinAntiVirus Pro 2007\UBUpdater.dat
C:\Program Files\WinAntiVirus Pro 2007\unins000.dat
C:\Program Files\winantivirus pro 2007\unins000.dat
C:\Program Files\winantivirus pro 2007\unins000.exe
C:\Program Files\WinAntiVirus Pro 2007\unins000.exe
C:\Program Files\winantivirus pro 2007\uninstall.ico
C:\Program Files\WinAntiVirus Pro 2007\uninstall.ico
C:\Program Files\winantivirus pro 2007\UninstallPage.html
C:\Program Files\WinAntiVirus Pro 2007\UninstallPage.html
C:\Program Files\winantivirus pro 2007\up.dat
C:\Program Files\WinAntiVirus Pro 2007\up.dat
C:\Program Files\WinAntiVirus Pro 2007\UpdateData\upd1610072007.dat
C:\Program Files\winantivirus pro 2007\UpdateData\upd1610072007.dat
C:\Program Files\WinAntiVirus Pro 2007\updater.dat
C:\Program Files\winantivirus pro 2007\updater.dat
C:\Program Files\winantivirus pro 2007\WAV6COM.dll
C:\Program Files\WinAntiVirus Pro 2007\WAV6COM.dll
C:\Program Files\winantivirus pro 2007\WinAV.exe
C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe
C:\Program Files\winantivirus pro 2007\WinAV.xml
C:\Program Files\WinAntiVirus Pro 2007\WinAV.xml
C:\Program Files\winantivirus pro 2007\winavpgi.dll
C:\Program Files\WinAntiVirus Pro 2007\winavpgi.dll
C:\Program Files\WinAntiVirus Pro 2007\worldmap.swf
C:\Program Files\winantivirus pro 2007\worldmap.swf
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\Program Files\winpop\winpop.exe
C:\Program Files\wnsxs~1
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WA7P\
C:\WINDOWS\aaacfe.ini
C:\WINDOWS\aaaybc.ini
C:\WINDOWS\adfeeg.ini
C:\WINDOWS\awtuur.dll
C:\WINDOWS\awwxvs.dll
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b129.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\bbeggh.ini
C:\WINDOWS\bdefgh.ini
C:\WINDOWS\befijl.ini
C:\WINDOWS\byvuts.dll
C:\WINDOWS\bywtrq.dll
C:\WINDOWS\bywvtu.dll
C:\WINDOWS\bywwut.dll
C:\WINDOWS\bywxxy.dll
C:\WINDOWS\byyxxy.dll
C:\WINDOWS\cbbdgh.ini
C:\WINDOWS\cbbxww.dll
C:\WINDOWS\cbbyww.dll
C:\WINDOWS\cbxuvu.dll
C:\WINDOWS\cbxxyy.dll
C:\WINDOWS\cbyaaa.dll
C:\WINDOWS\ddbayy.dll
C:\WINDOWS\dffiii.ini
C:\WINDOWS\dggghk.ini
C:\WINDOWS\DOWNLO~1\USDR6_0001_D08M0404NetInstaller.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\efcaaa.dll
C:\WINDOWS\efcaax.dll
C:\WINDOWS\efdefe.dll
C:\WINDOWS\efedfe.ini
C:\WINDOWS\eggjkj.ini
C:\WINDOWS\ehihkj.ini
C:\WINDOWS\fcbxvu.dll
C:\WINDOWS\fccdax.dll
C:\WINDOWS\fijiii.ini
C:\WINDOWS\filoqr.ini
C:\WINDOWS\fnts~1
C:\WINDOWS\gc_407.cnf
C:\WINDOWS\gedaby.dll
C:\WINDOWS\geddbx.dll
C:\WINDOWS\geefda.dll
C:\WINDOWS\ghikjl.ini
C:\WINDOWS\gsc_407.cnf
C:\WINDOWS\hgdbbc.dll
C:\WINDOWS\hgfedb.dll
C:\WINDOWS\hggebb.dll
C:\WINDOWS\hggffc.dll
C:\WINDOWS\ihgiii.ini
C:\WINDOWS\iiheby.dll
C:\WINDOWS\iiiffd.dll
C:\WINDOWS\iiighi.dll
C:\WINDOWS\iiijif.dll
C:\WINDOWS\ikjjkj.ini
C:\WINDOWS\ikjjkj.ini2
C:\WINDOWS\ikjjkj.tmp
C:\WINDOWS\jjklmp.ini
C:\WINDOWS\jjmopo.ini
C:\WINDOWS\jkhihe.dll
C:\WINDOWS\jkjgge.dll
C:\WINDOWS\jkjjki.dll
C:\WINDOWS\jlnmnn.ini
C:\WINDOWS\jmopru.ini
C:\WINDOWS\khebyy.dll
C:\WINDOWS\khgggd.dll
C:\WINDOWS\kjjkmp.ini
C:\WINDOWS\kllnoq.ini
C:\WINDOWS\klmpqr.ini
C:\WINDOWS\kmlnmp.ini
C:\WINDOWS\kmorru.ini
C:\WINDOWS\ljifeb.dll
C:\WINDOWS\ljkihg.dll
C:\WINDOWS\lkkmoq.ini
C:\WINDOWS\mmmnoq.ini
C:\WINDOWS\moprtv.ini
C:\WINDOWS\nnmnlj.dll
C:\WINDOWS\nnnqss.ini
C:\WINDOWS\nqstvw.ini
C:\WINDOWS\onnpru.ini
C:\WINDOWS\ooorru.ini
C:\WINDOWS\opomjj.dll
C:\WINDOWS\pmkjjk.dll
C:\WINDOWS\pmlkjj.dll
C:\WINDOWS\pmnlmk.dll
C:\WINDOWS\poolsv.exe
C:\WINDOWS\ppatch~1
C:\WINDOWS\qomkkl.dll
C:\WINDOWS\qonllk.dll
C:\WINDOWS\qonmmm.dll
C:\WINDOWS\qpqrqr.ini
C:\WINDOWS\qrtwyb.ini
C:\WINDOWS\qtuwvw.ini
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\rqolif.dll
C:\WINDOWS\rqpmlk.dll
C:\WINDOWS\rqrqpq.dll
C:\WINDOWS\rqttss.ini
C:\WINDOWS\rrqsut.ini
C:\WINDOWS\rsrtvw.ini
C:\WINDOWS\rtuvut.ini
C:\WINDOWS\ruutwa.ini
C:\WINDOWS\sks~1
C:\WINDOWS\ssqnnn.dll
C:\WINDOWS\ssttqr.dll
C:\WINDOWS\stem32~1
C:\WINDOWS\stuvyb.ini
C:\WINDOWS\svxwwa.ini
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\av.cpl
C:\WINDOWS\system32\byxuvvt.dll
C:\WINDOWS\system32\byxyywx.dll
C:\WINDOWS\system32\cbgipnjq.dll
C:\WINDOWS\system32\ddccbbx.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\fsflt.sys
C:\WINDOWS\system32\drivers\vspf_hk5.sys
C:\WINDOWS\system32\drivers\vspf5.sys
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\efcawvv.dll
C:\WINDOWS\system32\efcbcab.dll
C:\WINDOWS\system32\efcyawt.dll
C:\WINDOWS\system32\ekhxtmr.dll
C:\WINDOWS\system32\fccyvst.dll
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~2
C:\WINDOWS\system32\harddll.dll
C:\WINDOWS\system32\hggedcy.dll
C:\WINDOWS\system32\hggefgh.dll
C:\WINDOWS\system32\iifecca.dll
C:\WINDOWS\system32\iifefgh.dll
C:\WINDOWS\system32\iiffgee.dll
C:\WINDOWS\system32\jkkjihi.dll
C:\WINDOWS\system32\khfcaax.dll
C:\WINDOWS\SYSTEM32\lituevaw.ini
C:\WINDOWS\system32\ljjgfge.dll
C:\WINDOWS\system32\ljjijjj.dll
C:\WINDOWS\SYSTEM32\llddrah.ini
C:\WINDOWS\SYSTEM32\llddrah.ini2
C:\WINDOWS\SYSTEM32\llddrah.tmp
C:\WINDOWS\system32\log875.dll
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\mcroso~1.net
C:\WINDOWS\system32\mljghgg.dll
C:\WINDOWS\system32\mljhfee.dll
C:\WINDOWS\system32\mljklki.dll
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\njdsregj.exe
C:\WINDOWS\system32\nnnonmn.dll
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
C:\WINDOWS\system32\opnklkj.dll
C:\WINDOWS\system32\pmnljge.dll
C:\WINDOWS\system32\pmnoljg.dll
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\qommjii.dll
C:\WINDOWS\system32\qwerty12.exe
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\rqropom.dll
C:\WINDOWS\system32\rqrppom.dll
C:\WINDOWS\system32\rqrrpnl.dll
C:\WINDOWS\system32\ssqpqrs.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ssqrqno.dll
C:\WINDOWS\system32\stera.exe
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T3\dlltk67.exe
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T4\d5ll.exe
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T6\dlwr.exe
C:\WINDOWS\system32\T7
C:\WINDOWS\system32\T7\mycleanerpc.exe
C:\WINDOWS\system32\tmp10.tmp.dll
C:\WINDOWS\system32\tmp108.tmp.dll
C:\WINDOWS\system32\tmp10A.tmp.dll
C:\WINDOWS\system32\tmp10E.tmp.dll
C:\WINDOWS\system32\tmp10F.tmp.dll
C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\system32\tmp116.tmp.dll
C:\WINDOWS\system32\tmp118.tmp.dll
C:\WINDOWS\system32\tmp12.tmp.dll
C:\WINDOWS\system32\tmp13.tmp.dll
C:\WINDOWS\system32\tmp13C.tmp.dll
C:\WINDOWS\system32\tmp14.tmp.dll
C:\WINDOWS\system32\tmp144.tmp.dll
C:\WINDOWS\system32\tmp14C.tmp.dll
C:\WINDOWS\system32\tmp15.tmp.dll
C:\WINDOWS\system32\tmp153.tmp.dll
C:\WINDOWS\system32\tmp159.tmp.dll
C:\WINDOWS\system32\tmp16.tmp.dll
C:\WINDOWS\system32\tmp168.tmp.dll
C:\WINDOWS\system32\tmp16A.tmp.dll
C:\WINDOWS\system32\tmp16B.tmp.dll
C:\WINDOWS\system32\tmp17.tmp.dll
C:\WINDOWS\system32\tmp175.tmp.dll
C:\WINDOWS\system32\tmp179.tmp.dll
C:\WINDOWS\system32\tmp17A.tmp.dll
C:\WINDOWS\system32\tmp17B.tmp.dll
C:\WINDOWS\system32\tmp18.tmp.dll
C:\WINDOWS\system32\tmp18B.tmp.dll
C:\WINDOWS\system32\tmp18C.tmp.dll
C:\WINDOWS\system32\tmp19.tmp.dll
C:\WINDOWS\system32\tmp191.tmp.dll
C:\WINDOWS\system32\tmp192.tmp.dll
C:\WINDOWS\system32\tmp198.tmp.dll
C:\WINDOWS\system32\tmp1A.tmp.dll
C:\WINDOWS\system32\tmp1A1.tmp.dll
C:\WINDOWS\system32\tmp1A3.tmp.dll
C:\WINDOWS\system32\tmp1A6.tmp.dll
C:\WINDOWS\system32\tmp1A7.tmp.dll
C:\WINDOWS\system32\tmp1B0.tmp.dll
C:\WINDOWS\system32\tmp1B9.tmp.dll
C:\WINDOWS\system32\tmp1C.tmp.dll
C:\WINDOWS\system32\tmp1CA.tmp.dll
C:\WINDOWS\system32\tmp1CC.tmp.dll
C:\WINDOWS\system32\tmp1D.tmp.dll
C:\WINDOWS\system32\tmp1D0.tmp.dll
C:\WINDOWS\system32\tmp1D8.tmp.dll
C:\WINDOWS\system32\tmp1E.tmp.dll
C:\WINDOWS\system32\tmp1ED.tmp.dll
C:\WINDOWS\system32\tmp1F.tmp.dll
C:\WINDOWS\system32\tmp1F2.tmp.dll
C:\WINDOWS\system32\tmp1F3.tmp.dll
C:\WINDOWS\system32\tmp1FB.tmp.dll
C:\WINDOWS\system32\tmp200.tmp.dll
C:\WINDOWS\system32\tmp207.tmp.dll
C:\WINDOWS\system32\tmp20E.tmp.dll
C:\WINDOWS\system32\tmp22.tmp.dll
C:\WINDOWS\system32\tmp221.tmp.dll
C:\WINDOWS\system32\tmp22C.tmp.dll
C:\WINDOWS\system32\tmp22F.tmp.dll
C:\WINDOWS\system32\tmp23.tmp.dll
C:\WINDOWS\system32\tmp232.tmp.dll
C:\WINDOWS\system32\tmp234.tmp.dll
C:\WINDOWS\system32\tmp246.tmp.dll

dimebagdrl
2007-08-12, 22:38
C:\WINDOWS\system32\tmp248.tmp.dll
C:\WINDOWS\system32\tmp249.tmp.dll
C:\WINDOWS\system32\tmp25.tmp.dll
C:\WINDOWS\system32\tmp256.tmp.dll
C:\WINDOWS\system32\tmp25A.tmp.dll
C:\WINDOWS\system32\tmp25B.tmp.dll
C:\WINDOWS\system32\tmp25C.tmp.dll
C:\WINDOWS\system32\tmp25D.tmp.dll
C:\WINDOWS\system32\tmp26.tmp.dll
C:\WINDOWS\system32\tmp260.tmp.dll
C:\WINDOWS\system32\tmp265.tmp.dll
C:\WINDOWS\system32\tmp26D.tmp.dll
C:\WINDOWS\system32\tmp26E.tmp.dll
C:\WINDOWS\system32\tmp27.tmp.dll
C:\WINDOWS\system32\tmp271.tmp.dll
C:\WINDOWS\system32\tmp272.tmp.dll
C:\WINDOWS\system32\tmp273.tmp.dll
C:\WINDOWS\system32\tmp27A.tmp.dll
C:\WINDOWS\system32\tmp28.tmp.dll
C:\WINDOWS\system32\tmp28A.tmp.dll
C:\WINDOWS\system32\tmp28B.tmp.dll
C:\WINDOWS\system32\tmp29.tmp.dll
C:\WINDOWS\system32\tmp2A.tmp.dll
C:\WINDOWS\system32\tmp2B.tmp.dll
C:\WINDOWS\system32\tmp2B1.tmp.dll
C:\WINDOWS\system32\tmp2B5.tmp.dll
C:\WINDOWS\system32\tmp2B6.tmp.dll
C:\WINDOWS\system32\tmp2D.tmp.dll
C:\WINDOWS\system32\tmp2E4.tmp.dll
C:\WINDOWS\system32\tmp2FE.tmp.dll
C:\WINDOWS\system32\tmp31.tmp.dll
C:\WINDOWS\system32\tmp31C.tmp.dll
C:\WINDOWS\system32\tmp32.tmp.dll
C:\WINDOWS\system32\tmp323.tmp.dll
C:\WINDOWS\system32\tmp32A.tmp.dll
C:\WINDOWS\system32\tmp32C.tmp.dll
C:\WINDOWS\system32\tmp32F.tmp.dll
C:\WINDOWS\system32\tmp33.tmp.dll
C:\WINDOWS\system32\tmp34.tmp.dll
C:\WINDOWS\system32\tmp347.tmp.dll
C:\WINDOWS\system32\tmp349.tmp.dll
C:\WINDOWS\system32\tmp358.tmp.dll
C:\WINDOWS\system32\tmp36.tmp.dll
C:\WINDOWS\system32\tmp375.tmp.dll
C:\WINDOWS\system32\tmp38.tmp.dll
C:\WINDOWS\system32\tmp384.tmp.dll
C:\WINDOWS\system32\tmp38D.tmp.dll
C:\WINDOWS\system32\tmp38F.tmp.dll
C:\WINDOWS\system32\tmp3A.tmp.dll
C:\WINDOWS\system32\tmp3AB.tmp.dll
C:\WINDOWS\system32\tmp3B7.tmp.dll
C:\WINDOWS\system32\tmp3BB.tmp.dll
C:\WINDOWS\system32\tmp3C5.tmp.dll
C:\WINDOWS\system32\tmp3EE.tmp.dll
C:\WINDOWS\system32\tmp3F.tmp.dll
C:\WINDOWS\system32\tmp3F5.tmp.dll
C:\WINDOWS\system32\tmp3FA.tmp.dll
C:\WINDOWS\system32\tmp3FE.tmp.dll
C:\WINDOWS\system32\tmp40.tmp.dll
C:\WINDOWS\system32\tmp400.tmp.dll
C:\WINDOWS\system32\tmp418.tmp.dll
C:\WINDOWS\system32\tmp42F.tmp.dll
C:\WINDOWS\system32\tmp432.tmp.dll
C:\WINDOWS\system32\tmp434.tmp.dll
C:\WINDOWS\system32\tmp43A.tmp.dll
C:\WINDOWS\system32\tmp450.tmp.dll
C:\WINDOWS\system32\tmp46A.tmp.dll
C:\WINDOWS\system32\tmp46E.tmp.dll
C:\WINDOWS\system32\tmp47F.tmp.dll
C:\WINDOWS\system32\tmp4A.tmp.dll
C:\WINDOWS\system32\tmp4B.tmp.dll
C:\WINDOWS\system32\tmp4BF.tmp.dll
C:\WINDOWS\system32\tmp4D.tmp.dll
C:\WINDOWS\system32\tmp4D5.tmp.dll
C:\WINDOWS\system32\tmp4E.tmp.dll
C:\WINDOWS\system32\tmp4E4.tmp.dll
C:\WINDOWS\system32\tmp509.tmp.dll
C:\WINDOWS\system32\tmp526.tmp.dll
C:\WINDOWS\system32\tmp534.tmp.dll
C:\WINDOWS\system32\tmp550.tmp.dll
C:\WINDOWS\system32\tmp55A.tmp.dll
C:\WINDOWS\system32\tmp561.tmp.dll
C:\WINDOWS\system32\tmp58.tmp.dll
C:\WINDOWS\system32\tmp583.tmp.dll
C:\WINDOWS\system32\tmp5AD.tmp.dll
C:\WINDOWS\system32\tmp5BA.tmp.dll
C:\WINDOWS\system32\tmp5D.tmp.dll
C:\WINDOWS\system32\tmp5F7.tmp.dll
C:\WINDOWS\system32\tmp610.tmp.dll
C:\WINDOWS\system32\tmp622.tmp.dll
C:\WINDOWS\system32\tmp62D.tmp.dll
C:\WINDOWS\system32\tmp62F.tmp.dll
C:\WINDOWS\system32\tmp649.tmp.dll
C:\WINDOWS\system32\tmp6CE.tmp.dll
C:\WINDOWS\system32\tmp6DF.tmp.dll
C:\WINDOWS\system32\tmp71.tmp.dll
C:\WINDOWS\system32\tmp728.tmp.dll
C:\WINDOWS\system32\tmp72A.tmp.dll
C:\WINDOWS\system32\tmp76C.tmp.dll
C:\WINDOWS\system32\tmp77B.tmp.dll
C:\WINDOWS\system32\tmp786.tmp.dll
C:\WINDOWS\system32\tmp79.tmp.dll
C:\WINDOWS\system32\tmp796.tmp.dll
C:\WINDOWS\system32\tmp7A4.tmp.dll
C:\WINDOWS\system32\tmp7D6.tmp.dll
C:\WINDOWS\system32\tmp7E.tmp.dll
C:\WINDOWS\system32\tmp7F5.tmp.dll
C:\WINDOWS\system32\tmp81.tmp.dll
C:\WINDOWS\system32\tmp82.tmp.dll
C:\WINDOWS\system32\tmp835.tmp.dll
C:\WINDOWS\system32\tmp838.tmp.dll
C:\WINDOWS\system32\tmp861.tmp.dll
C:\WINDOWS\system32\tmp88.tmp.dll
C:\WINDOWS\system32\tmp8BF.tmp.dll
C:\WINDOWS\system32\tmp8CB.tmp.dll
C:\WINDOWS\system32\tmp9A.tmp.dll
C:\WINDOWS\system32\tmp9EC.tmp.dll
C:\WINDOWS\system32\tmpA.tmp.dll
C:\WINDOWS\system32\tmpA2.tmp.dll
C:\WINDOWS\system32\tmpA8.tmp.dll
C:\WINDOWS\system32\tmpAA.tmp.dll
C:\WINDOWS\system32\tmpAE9.tmp.dll
C:\WINDOWS\system32\tmpB.tmp.dll
C:\WINDOWS\system32\tmpB1.tmp.dll
C:\WINDOWS\system32\tmpB28.tmp.dll
C:\WINDOWS\system32\tmpB7B.tmp.dll
C:\WINDOWS\system32\tmpB8F.tmp.dll
C:\WINDOWS\system32\tmpBD.tmp.dll
C:\WINDOWS\system32\tmpC.tmp.dll
C:\WINDOWS\system32\tmpC5.tmp.dll
C:\WINDOWS\system32\tmpCB.tmp.dll
C:\WINDOWS\system32\tmpD2.tmp.dll
C:\WINDOWS\system32\tmpD3.tmp.dll
C:\WINDOWS\system32\tmpE.tmp.dll
C:\WINDOWS\system32\tmpEB.tmp.dll
C:\WINDOWS\system32\tmpEC.tmp.dll
C:\WINDOWS\system32\tmpED.tmp.dll
C:\WINDOWS\system32\tmpF.tmp.dll
C:\WINDOWS\system32\tmpF0.tmp.dll
C:\WINDOWS\system32\tmpF5.tmp.dll
C:\WINDOWS\system32\togauksp.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\urqnmji.dll
C:\WINDOWS\system32\urqoppm.dll
C:\WINDOWS\system32\vtstqqr.dll
C:\WINDOWS\system32\vtuvsro.dll
C:\WINDOWS\system32\waveutil.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\xxyxvss.dll
C:\WINDOWS\system32\yayxuut.dll
C:\WINDOWS\system32\yayxwut.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\TGVvbmEgUGVpcmlz\asappsrv.dll
C:\WINDOWS\TGVvbmEgUGVpcmlz\command.exe
C:\WINDOWS\tssrtv.ini
C:\WINDOWS\tusqrr.dll
C:\WINDOWS\tuvutr.dll
C:\WINDOWS\tuwwyb.ini
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\urpnno.dll
C:\WINDOWS\urpomj.dll
C:\WINDOWS\urromk.dll
C:\WINDOWS\urrooo.dll
C:\WINDOWS\utvwyb.ini
C:\WINDOWS\uuwaay.ini
C:\WINDOWS\uuxyxx.ini
C:\WINDOWS\uvuxbc.ini
C:\WINDOWS\uvxbcf.ini
C:\WINDOWS\vtrpom.dll
C:\WINDOWS\vtrsst.dll
C:\WINDOWS\vuxxxx.ini
C:\WINDOWS\wabaay.ini
C:\WINDOWS\wr.txt
C:\WINDOWS\wvtrsr.dll
C:\WINDOWS\wvtsqn.dll
C:\WINDOWS\wvwutq.dll
C:\WINDOWS\wvyxxx.ini
C:\WINDOWS\wwxbbc.ini
C:\WINDOWS\wwybbc.ini
C:\WINDOWS\wxbaay.ini
C:\WINDOWS\xaacfe.ini
C:\WINDOWS\xbddeg.ini
C:\WINDOWS\xxxxuv.dll
C:\WINDOWS\xxxyvw.dll
C:\WINDOWS\xxyxay.ini
C:\WINDOWS\xxyxuu.dll
C:\WINDOWS\yaabaw.dll
C:\WINDOWS\yaabcy.dll
C:\WINDOWS\yaabxw.dll
C:\WINDOWS\yaawuu.dll
C:\WINDOWS\yaxyxx.dll
C:\WINDOWS\ybadeg.ini
C:\WINDOWS\ybehii.ini
C:\WINDOWS\ycbaay.tmp
C:\WINDOWS\yxxwyb.ini
C:\WINDOWS\yxxyyb.ini
C:\WINDOWS\yyabdd.ini
C:\WINDOWS\yyxxbc.ini


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NTTF
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\ApiMon
-------\cmdService
-------\core
-------\DomainService
-------\Network Monitor
-------\NtTf
-------\vspf
-------\vspf_hk


((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


2007-08-12 12:16 <DIR> d-------- C:\DOCUME~1\TEMP~1.DG2\APPLIC~1\GTek
2007-08-12 11:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 15:05 6,356,615 --a------ C:\Firefox_Portable_2.0.0.6_en-us.paf.exe
2007-08-11 12:18 786,432 --ah----- C:\DOCUME~1\TEMP~1.DG2\NTUSER.DAT
2007-08-11 12:18 <DIR> d-------- C:\DOCUME~1\TEMP~1.DG2\APPLIC~1\Jasc Software Inc
2007-07-26 09:07 <DIR> d-------- C:\DOCUME~1\LEONAP~1\APPLIC~1\?asks
2007-07-24 09:56 49,678 --a------ C:\WINDOWS\SYSTEM32\m01.exe
2007-07-17 10:20 <DIR> d-------- C:\DOCUME~1\LEONAP~1\APPLIC~1\s?stem
2007-07-17 10:07 20,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PxHelp20.sys
2007-07-17 10:07 108,544 --a------ C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-07-17 10:07 104,960 --a------ C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-07-17 10:06 <DIR> d-------- C:\DOCUME~1\LEONAP~1\APPLIC~1\Musicmatch
2007-07-15 14:01 <DIR> d---s---- C:\DOCUME~1\LEONAP~1\APPLIC~1\??crosoft

dimebagdrl
2007-08-12, 22:39
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 12:16 103 --a------ C:\WINDOWS\ztaskmen32.pif
2007-08-12 12:16 103 --a------ C:\WINDOWS\taskmen32.pif
2007-08-11 12:50 --------- d-------- C:\Program Files\Viewpoint
2007-08-11 12:36 --------- d-------- C:\Program Files\WordPerfect Office 12
2007-08-11 12:36 --------- d-------- C:\Program Files\Verizon Online
2007-08-11 12:36 --------- d-------- C:\Program Files\Modem Helper
2007-08-11 12:36 --------- d-------- C:\Program Files\Intel
2007-08-11 12:36 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-11 12:03 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-11 11:50 105434 --a------ C:\WINDOWS\qwr67.exe
2007-07-17 10:07 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-17 10:07 --------- d-------- C:\Program Files\MUSICMATCH
2007-06-27 10:13 503808 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-27 10:13 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-20 09:28 81491 --a------ C:\Program Files\client.rar
2007-06-20 09:28 198144 --a------ C:\Program Files\unrar.exe
2007-05-30 02:53 192623 --a------ C:\WINDOWS\system32\nwinkodt.exe
2007-05-20 14:14 184396 --a--c--- C:\WINDOWS\system32\nwinkodv.exe
2007-05-16 08:12 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2004-12-17 06:42:24 848 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\TGVvbmEgUGVpcmlz\n3pSvAH0o3pDwA5W.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b0fd20-7ac3-43c9-8b4e-fa6e7dc9f9e9}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{062492AF-392E-479D-BF52-A7A4BCA00307}]
C:\WINDOWS\compstuic.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b2b3ffa-c801-42a1-8826-124d4a8d92d4}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}]
2006-09-17 23:24 49664 --a------ C:\WINDOWS\admparsek.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0e59c456-9916-432e-b857-78d0ff5c4382}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1050168b-ed1b-468c-94e8-eed03396d1f1}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-2222-408A-9842-CDBE1C6D37EB}]
2006-05-03 19:51 71680 --a------ C:\WINDOWS\podpis.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13cc925b-7e00-433f-8fd4-403228432e4b}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17d14d7b-b825-4cb3-b90d-2af5c456d239}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{292c564c-26c6-4535-a470-26ebcb74bd13}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{328dda83-717e-4414-8481-ce966e2ad8d0}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34151e9a-2dc8-4e16-aa7d-34205eef224a}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DF3383C-ACB0-40f3-BCF0-4B09F48D1AB8}]
2005-10-11 20:49 118804 --a------ C:\WINDOWS\system32\mtfisvfi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{555FF497-8DAA-4DB3-A5B7-007DC2249F93}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80da9dd1-6191-4787-8c54-75c43aaf6770}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{811d7a66-ad56-4daa-97e9-3717842153a3}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8138b599-7bde-4488-b800-4edb329feb16}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8248d694-d4ea-4f5d-85f7-b723239f5546}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9aae9f10-7fa5-4608-bc0f-9e70ee877649}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00301}]
C:\WINDOWS\adsldpbm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00302}]
C:\WINDOWS\system32\adsldpbx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00303}]
C:\WINDOWS\system32\adsldpby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00304}]
C:\WINDOWS\system32\adsldpbz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00305}]
C:\WINDOWS\system32\compstuia.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00306}]
C:\WINDOWS\compstuib.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00309}]
C:\WINDOWS\system32\compstuid.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}]
C:\WINDOWS\compstuig.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00320}]
C:\WINDOWS\system32\compstuif.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}]
C:\WINDOWS\system32\fontexta.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}]
C:\WINDOWS\system32\fontextb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00403}]
C:\WINDOWS\system32\fontextc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}]
C:\WINDOWS\system32\fontextd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00405}]
C:\WINDOWS\fontexte.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B04F7B32-B070-45A9-8670-2CE44F6281C7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb39ebb0-33d1-45ed-bb00-cab4bdadbdeb}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c07f5831-d178-4505-aa6d-a0d1bd789429}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ccff8cfc-df25-48b4-b70c-0aafba8656d7}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1159422-16E3-462F-A93D-FB718E100407}]
2007-04-23 20:35 70656 --a------ C:\WINDOWS\system32\d3dxofa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3c996e3-28e6-4091-9877-9460f7e8e5ef}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4C5947D-16E3-462F-A93D-FB718E100406}]
C:\WINDOWS\system32\fontext_a.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DDEC2387-6435-46B6-AF8C-1075F6EBF08B}]
2006-12-28 18:55 49664 --a------ C:\WINDOWS\system32\admparsez.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C}]
C:\WINDOWS\system32\adsldpbm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfb19108-4a35-43c4-870e-a1b93c4d09af}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E55C27EA-AC00-4C1B-B753-89FBB593294A}]
2007-04-06 12:27 139264 --a------ C:\Program Files\MSN Gaming Zone\mesof.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebc97776-1a0e-4f81-b654-8510f346e25c}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ece344fe-3b0b-4a5b-8cde-a044581e2146}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eec9f4c3-f91c-4dd8-8c1b-b386bd9e4b56}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f0f752c8-7edf-4357-b337-6b569c012ead}]
2005-12-08 16:43 94228 --a------ C:\WINDOWS\system32\hmourang.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 14:33]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 17:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 20:50]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 03:50 C:\WINDOWS\LOGI_MWX.EXE]
"P2P Networking"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" [2004-12-27 14:30]
"DXDllRegExe"="dxdllreg.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]

C:\Documents and Settings\Temp.DG2YM361\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 12:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 12:04:12]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-11-15 14:26:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{B29BE267-3A64-4F7E-8A57-75FB5E900509}"= C:\WINDOWS\system32\cfgmngr321.dll [2006-04-09 18:35 52256]
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"= C:\WINDOWS\admparsek.dll [2006-09-17 23:24 49664]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"= C:\WINDOWS\system32\fontexta.dll [ ]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}"= C:\WINDOWS\system32\fontextb.dll [ ]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00403}"= C:\WINDOWS\system32\fontextc.dll [ ]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}"= C:\WINDOWS\system32\fontextd.dll [ ]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00405}"= C:\WINDOWS\fontexte.dll [ ]
"{DDEC2387-6435-46B6-AF8C-1075F6EBF08B}"= C:\WINDOWS\system32\admparsez.dll [2006-12-28 18:55 49664]
"{D4C5947D-16E3-462F-A93D-FB718E100406}"= C:\WINDOWS\system32\fontext_a.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32]
C:\WINDOWS\system32\cfgmngr321.dll 2006-04-09 18:35 52256 C:\WINDOWS\SYSTEM32\cfgmngr321.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ibywxwyo]
ibywxwyo.dll 2006-03-06 19:13 38932 C:\WINDOWS\SYSTEM32\ibywxwyo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Leona Peiris^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\Leona Peiris\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1125981865\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\myCleanerPC]
C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe regrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smiley District]
C:\Program Files\SmileyDistrict\plugin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysRestore]
"C:\DOCUME~1\LEONAP~1\LOCALS~1\Temp\tmp23.tmp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2007]
C:\Program Files\WinAntiVirus Pro 2007\winav.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFixer2005]
"C:\Program Files\WinFixer_2005\uwfx5.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Program Files\WinTouch\WinTouch.exe

R1 MPFIREWL;MPFIREWL;C:\WINDOWS\system32\Drivers\MpFirewall.sys
R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys
S0 fsflt;fsflt;C:\WINDOWS\system32\Drivers\fsflt.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 12:15:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\zw0er_!.txt
C:\WINDOWS\system32\zw0er_!.dat
C:\WINDOWS\system32\zw0er_!f.sys

scan completed successfully
hidden files: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\zw0er_!f.sys]
"ImagePath"="system32\zw0er_!f.sys"

Completion time: 2007-08-12 12:18:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 12:18

--- E O F ---

dimebagdrl
2007-08-12, 22:40
WIN32DELFKIL LOGFILE - by Marckie


version 3.130
Sun 08/12/2007 12:21:33.00
running from: "C:\Documents and Settings\Temp.DG2YM361\Desktop"


--- File(s) found in Windows directory ---
adsldpbn.dll
cpblpbc17.log
cpblpbc18.log
cpblpbc20.log
cpblpbc21.log
cpblpbc22.log
cpblpbc23.log
cpblpbc24.log
cpblpbc25.log
cpblpbc28.log
cpblpbc32.log
cpblpbc35.log
cpblpbc36.log
cpblpbc38.log
cpblpbc40.log
cpblpbc42.log
cpblpbc44.log
cpblpbc45.log
cpblpbc46.log
cpblpbc52.log
cpblpbc53.log
cpblpbc54.log
gc403.cnf
gsc403.cnf
gc404.cnf
gsc404.cnf
gc405.cnf
gsc405.cnf
gc_406.cnf
gsc_406.cnf
gc_407.cnf
gsc_407.cnf
podpis.dll
ztaskmen32.pif

--- File(s) found in system32 folder ---
admparsek.dll
admparsel.dll
admparsez.dll
cfgmngr321.dll
d3dxofa.dll
d4xofa.dll
nhldr.exe

--- Services ---

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{B29BE267-3A64-4F7E-8A57-75FB5E900509}"="Windows Updater"
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}"="z"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00403}"="z"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}"="z"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00405}"="z"
"{DDEC2387-6435-46B6-AF8C-1075F6EBF08B}"="Master Browseui"
"{D4C5947D-16E3-462F-A93D-FB718E100406}"="z"



--- sharedtaskkey (1): B29BE267-3A64-4F7E-8A57-75FB5E900509 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B29BE267-3A64-4F7E-8A57-75FB5E900509}]
@="C:\\WINDOWS\\system32\\cfgmngr321.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B29BE267-3A64-4F7E-8A57-75FB5E900509}\InprocServer32]
@="C:\\WINDOWS\\system32\\cfgmngr321.dll"
"ThreadingModel"="Apartment"

checking for file:
cfgmngr321.dll found
cfgmngr321.dll deleted!


--- sharedtaskkey (2): 0B5F7FDF-0717-45BF-B49D-695F3168C7FE ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}\InprocServer32]
@="C:\\WINDOWS\\admparsek.dll"
"ThreadingModel"="Apartment"

checking for file:
admparsek.dll found
admparsek.dll deleted!


--- sharedtaskkey (3): A4F94C0C-54A7-4DB1-9AF3-B22E63D00401 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InprocServer32]
@="C:\\WINDOWS\\system32\\fontexta.dll"
"ThreadingModel"="Apartment"

checking for file:
fontexta.dll NOT found


--- sharedtaskkey (4): A4F94C0C-54A7-4DB1-9AF3-B22E63D00402 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}\InprocServer32]
@="C:\\WINDOWS\\system32\\fontextb.dll"
"ThreadingModel"="Apartment"

checking for file:
fontextb.dll NOT found


--- sharedtaskkey (5): A4F94C0C-54A7-4DB1-9AF3-B22E63D00403 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00403}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00403}\InprocServer32]
@="C:\\WINDOWS\\system32\\fontextc.dll"
"ThreadingModel"="Apartment"

checking for file:
fontextc.dll NOT found


--- sharedtaskkey (6): A4F94C0C-54A7-4DB1-9AF3-B22E63D00404 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}\InprocServer32]
@="C:\\WINDOWS\\system32\\fontextd.dll"
"ThreadingModel"="Apartment"

checking for file:
fontextd.dll NOT found


--- sharedtaskkey (7): A4F94C0C-54A7-4DB1-9AF3-B22E63D00405 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00405}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00405}\InprocServer32]
@="C:\\WINDOWS\\fontexte.dll"
"ThreadingModel"="Apartment"

checking for file:
fontexte.dll NOT found


--- sharedtaskkey (8): DDEC2387-6435-46B6-AF8C-1075F6EBF08B ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDEC2387-6435-46B6-AF8C-1075F6EBF08B}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDEC2387-6435-46B6-AF8C-1075F6EBF08B}\InprocServer32]
@="C:\\WINDOWS\\system32\\admparsez.dll"
"ThreadingModel"="Apartment"

checking for file:
admparsez.dll found
admparsez.dll deleted!


--- sharedtaskkey (9): D4C5947D-16E3-462F-A93D-FB718E100406 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4C5947D-16E3-462F-A93D-FB718E100406}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4C5947D-16E3-462F-A93D-FB718E100406}\InprocServer32]
@="C:\\WINDOWS\\system32\\fontext_a.dll"
"ThreadingModel"="Apartment"

checking for file:
fontext_a.dll NOT found

--- Notify key ---
subkey cfgmngr32 is present!


--- rebooting the computer ---


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



--- Notify key ---

Finished!

dimebagdrl
2007-08-12, 22:41
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:24 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\DellSupport\DSAgnt.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
E:\Tech\Malware Removal Software\Hijack This\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {00b0fd20-7ac3-43c9-8b4e-fa6e7dc9f9e9} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0b2b3ffa-c801-42a1-8826-124d4a8d92d4} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {0e59c456-9916-432e-b857-78d0ff5c4382} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {1050168b-ed1b-468c-94e8-eed03396d1f1} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {13cc925b-7e00-433f-8fd4-403228432e4b} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {17d14d7b-b825-4cb3-b90d-2af5c456d239} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {292c564c-26c6-4535-a470-26ebcb74bd13} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {328dda83-717e-4414-8481-ce966e2ad8d0} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {34151e9a-2dc8-4e16-aa7d-34205eef224a} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: Bho - {4DF3383C-ACB0-40f3-BCF0-4B09F48D1AB8} - C:\WINDOWS\system32\mtfisvfi.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll (file missing)
O2 - BHO: (no name) - {555FF497-8DAA-4DB3-A5B7-007DC2249F93} - \
O2 - BHO: (no name) - {80da9dd1-6191-4787-8c54-75c43aaf6770} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {811d7a66-ad56-4daa-97e9-3717842153a3} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {8138b599-7bde-4488-b800-4edb329feb16} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {8248d694-d4ea-4f5d-85f7-b723239f5546} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9aae9f10-7fa5-4608-bc0f-9e70ee877649} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00301} - C:\WINDOWS\adsldpbm.dll (file missing)
O2 - BHO: (no name) - {B04F7B32-B070-45A9-8670-2CE44F6281C7} - \
O2 - BHO: (no name) - {bb39ebb0-33d1-45ed-bb00-cab4bdadbdeb} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {c07f5831-d178-4505-aa6d-a0d1bd789429} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {ccff8cfc-df25-48b4-b70c-0aafba8656d7} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {d3c996e3-28e6-4091-9877-9460f7e8e5ef} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {dfb19108-4a35-43c4-870e-a1b93c4d09af} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {E55C27EA-AC00-4C1B-B753-89FBB593294A} - C:\Program Files\MSN Gaming Zone\mesof.dll
O2 - BHO: (no name) - {ebc97776-1a0e-4f81-b654-8510f346e25c} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {ece344fe-3b0b-4a5b-8cde-a044581e2146} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {eec9f4c3-f91c-4dd8-8c1b-b386bd9e4b56} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {f0f752c8-7edf-4357-b337-6b569c012ead} - C:\WINDOWS\system32\hmourang.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivirus.com/download/2007/download.php?file=2&aid=swp_wa7p_us_en&lid=288&affid=pp_1149733525
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\LEONAP~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - Winlogon Notify: ibywxwyo - C:\WINDOWS\SYSTEM32\ibywxwyo.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9285 bytes

dimebagdrl
2007-08-12, 22:42
Okay, that was definitely more than 4 posts... :red:

Sorry... :sad:

Shaba
2007-08-13, 11:55
Hi

No problem :)

Still lots of things to do.

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {00b0fd20-7ac3-43c9-8b4e-fa6e7dc9f9e9} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {0b2b3ffa-c801-42a1-8826-124d4a8d92d4} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {0e59c456-9916-432e-b857-78d0ff5c4382} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {1050168b-ed1b-468c-94e8-eed03396d1f1} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {13cc925b-7e00-433f-8fd4-403228432e4b} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {17d14d7b-b825-4cb3-b90d-2af5c456d239} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {292c564c-26c6-4535-a470-26ebcb74bd13} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {328dda83-717e-4414-8481-ce966e2ad8d0} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {34151e9a-2dc8-4e16-aa7d-34205eef224a} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: Bho - {4DF3383C-ACB0-40f3-BCF0-4B09F48D1AB8} - C:\WINDOWS\system32\mtfisvfi.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll (file missing)
O2 - BHO: (no name) - {555FF497-8DAA-4DB3-A5B7-007DC2249F93} - \
O2 - BHO: (no name) - {80da9dd1-6191-4787-8c54-75c43aaf6770} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {811d7a66-ad56-4daa-97e9-3717842153a3} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {8138b599-7bde-4488-b800-4edb329feb16} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {8248d694-d4ea-4f5d-85f7-b723239f5546} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {9aae9f10-7fa5-4608-bc0f-9e70ee877649} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00301} - C:\WINDOWS\adsldpbm.dll (file missing)
O2 - BHO: (no name) - {B04F7B32-B070-45A9-8670-2CE44F6281C7} - \
O2 - BHO: (no name) - {bb39ebb0-33d1-45ed-bb00-cab4bdadbdeb} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {c07f5831-d178-4505-aa6d-a0d1bd789429} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {ccff8cfc-df25-48b4-b70c-0aafba8656d7} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {d3c996e3-28e6-4091-9877-9460f7e8e5ef} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {dfb19108-4a35-43c4-870e-a1b93c4d09af} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {E55C27EA-AC00-4C1B-B753-89FBB593294A} - C:\Program Files\MSN Gaming Zone\mesof.dll
O2 - BHO: (no name) - {ebc97776-1a0e-4f81-b654-8510f346e25c} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {ece344fe-3b0b-4a5b-8cde-a044581e2146} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {eec9f4c3-f91c-4dd8-8c1b-b386bd9e4b56} - C:\WINDOWS\system32\hmourang.dll
O2 - BHO: (no name) - {f0f752c8-7edf-4357-b337-6b569c012ead} - C:\WINDOWS\system32\hmourang.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivirus.com/download...=pp_1149733525
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\LEONAP~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - Winlogon Notify: ibywxwyo - C:\WINDOWS\SYSTEM32\ibywxwyo.dll

Close all windows including browser and press fix checked.

Reboot.

Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\WINDOWS\SYSTEM32\m01.exe
C:\WINDOWS\ztaskmen32.pif
C:\WINDOWS\taskmen32.pif
C:\WINDOWS\qwr67.exe
C:\WINDOWS\system32\nwinkodt.exe
C:\WINDOWS\system32\nwinkodv.exe
C:\WINDOWS\system32\hmourang.dll
C:\Program Files\MSN Gaming Zone\mesof.dll
C:\WINDOWS\system32\mtfisvfi.dll
C:\WINDOWS\SYSTEM32\ibywxwyo.dll

Folder::
C:\WINDOWS\TGVvbmEgUGVpcmlz
C:\WINDOWS\system32\P2P Networking
C:\DOCUME~1\LEONAP~1\APPLIC~1\?asks
C:\DOCUME~1\LEONAP~1\APPLIC~1\s?stem
C:\DOCUME~1\LEONAP~1\APPLIC~1\??crosoft
C:\Program Files\SmileyDistrict

Rootkit::
C:\WINDOWS\zw0er_!.txt
C:\WINDOWS\system32\zw0er_!.dat
C:\WINDOWS\system32\zw0er_!f.sys

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\zw0er_!f.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Leona Peiris^Start Menu^Programs^Startup^Think-Adz.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\myCleanerPC]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smiley District]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysRestore]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2007]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFixer2005]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]



Save this as "CFScript"

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Re-run win32delfkil

Post:

- a fresh HijackThis log
- combofix report
- c:\windelf.txt

dimebagdrl
2007-08-13, 22:53
Here is the next set of logs. Much less text this time. :laugh:


ComboFix 07-08-09.3 - "Leona Peiris" 2007-08-13 12:38:06.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247 [GMT -7:00]
Command switches used :: E:\Tech\Malware Removal Software\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\m01.exe
C:\WINDOWS\ztaskmen32.pif
C:\WINDOWS\taskmen32.pif
C:\WINDOWS\qwr67.exe
C:\WINDOWS\system32\nwinkodt.exe
C:\WINDOWS\system32\nwinkodv.exe
C:\WINDOWS\system32\hmourang.dll
C:\Program Files\MSN Gaming Zone\mesof.dll
C:\WINDOWS\system32\mtfisvfi.dll
C:\WINDOWS\SYSTEM32\ibywxwyo.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\LEONAP~1\APPLIC~1.\asks~1
C:\DOCUME~1\LEONAP~1\APPLIC~1.\crosof~1
C:\DOCUME~1\LEONAP~1\APPLIC~1.\fnts~1
C:\DOCUME~1\LEONAP~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\HL949D29\www.broadcaster.com
C:\DOCUME~1\LEONAP~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\LEONAP~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\LEONAP~1\APPLIC~1.\racle~1
C:\DOCUME~1\LEONAP~1\APPLIC~1.\smante~1
C:\DOCUME~1\LEONAP~1\APPLIC~1.\sstem~1
C:\DOCUME~1\LEONAP~1\APPLIC~1.\sstem3~1
C:\DOCUME~1\LEONAP~1\APPLIC~1.\ystem3~1
C:\DOCUME~1\LEONAP~1\APPLIC~1.\ystem3~1\?ystem32\
C:\DOCUME~1\LEONAP~1\APPLIC~1.\ystem3~1\chkntfs.exe
C:\DOCUME~1\LEONAP~1\MYDOCU~1.\crosof~1.net
C:\DOCUME~1\LEONAP~1\MYDOCU~1.\crosof~1.net\n?pdb.exe
C:\DOCUME~1\LEONAP~1\MYDOCU~1.\mcroso~1.net
C:\DOCUME~1\LEONAP~1\MYDOCU~1.\racle~1
C:\DOCUME~1\LEONAP~1\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\LEONAP~1\STARTM~1\Programs.\Outerinfo\Terms.lnk
C:\DOCUME~1\LEONAP~1\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
C:\Program Files\Internet Explorer\rtenemufs.html
C:\Program Files\MSN Gaming Zone\mesof.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\SmileyDistrict
C:\Program Files\SmileyDistrict\plugin.dll
C:\Program Files\SmileyDistrict\plugin.exe
C:\Program Files\SmileyDistrict\WrdSmile.dll
C:\WA7P
C:\WINDOWS\qwr67.exe
C:\WINDOWS\system32\hmourang.dll
C:\WINDOWS\SYSTEM32\m01.exe
C:\WINDOWS\system32\mtfisvfi.dll
C:\WINDOWS\system32\nwinkodt.exe
C:\WINDOWS\system32\nwinkodv.exe
C:\WINDOWS\system32\P2P Networking
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-94.sig
C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\WINDOWS\system32\sstem~1
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wtscc.exe
C:\WINDOWS\system32\zqn.dll
C:\WINDOWS\system32\zw0er_!.dat
C:\WINDOWS\system32\zw0er_!f.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\taskmen32.pif
C:\WINDOWS\TGVvbmEgUGVpcmlz
C:\WINDOWS\TGVvbmEgUGVpcmlz\n3pSvAH0o3pDwA5W.vbs
C:\WINDOWS\zw0er_!.txt


((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-12 13:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2007-08-12 12:21 90,112 --a------ C:\WINDOWS\SYSTEM32\regdacl.exe
2007-08-12 12:21 53,248 --a------ C:\WINDOWS\SYSTEM32\process.exe
2007-08-12 12:21 4,096 --a------ C:\WINDOWS\SYSTEM32\reboot.exe
2007-08-12 12:21 280,230 --a------ C:\win32delfkil.exe
2007-08-12 12:21 16,384 --a------ C:\WINDOWS\SYSTEM32\restart.exe
2007-08-12 12:21 <DIR> d-------- C:\WINDOWS\SYSTEM32\regdacl
2007-08-12 12:21 <DIR> d-------- C:\_backupD
2007-08-12 12:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\ibywxwyo.dll
2007-08-12 12:16 <DIR> d-------- C:\DOCUME~1\TEMP~1.DG2\APPLIC~1\GTek
2007-08-12 11:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 15:05 6,356,615 --a------ C:\Firefox_Portable_2.0.0.6_en-us.paf.exe
2007-08-11 12:18 786,432 --ah----- C:\DOCUME~1\TEMP~1.DG2\NTUSER.DAT
2007-08-11 12:18 <DIR> d-------- C:\DOCUME~1\TEMP~1.DG2\APPLIC~1\Jasc Software Inc
2007-07-17 10:07 20,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PxHelp20.sys
2007-07-17 10:07 108,544 --a------ C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-07-17 10:07 104,960 --a------ C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-07-17 10:06 <DIR> d-------- C:\DOCUME~1\LEONAP~1\APPLIC~1\Musicmatch


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-13 12:41 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-11 12:50 --------- d-------- C:\Program Files\Viewpoint
2007-08-11 12:36 --------- d-------- C:\Program Files\WordPerfect Office 12
2007-08-11 12:36 --------- d-------- C:\Program Files\Verizon Online
2007-08-11 12:36 --------- d-------- C:\Program Files\Modem Helper
2007-08-11 12:36 --------- d-------- C:\Program Files\Intel
2007-08-11 12:36 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-17 10:07 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-17 10:07 --------- d-------- C:\Program Files\MUSICMATCH
2007-06-27 10:13 503808 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-27 10:13 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-20 09:28 81491 --a------ C:\Program Files\client.rar
2007-06-20 09:28 198144 --a------ C:\Program Files\unrar.exe
2007-05-16 08:12 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2004-12-17 06:42:24 848 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 14:33]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 17:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 20:50]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 03:50 C:\WINDOWS\LOGI_MWX.EXE]
"DXDllRegExe"="dxdllreg.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 11:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Sen"="C:\DOCUME~1\LEONAP~1\APPLIC~1\YSTEM3~1\chkntfs.exe" []
"Itoh"="C:\Documents and Settings\Leona Peiris\Application Data\F?nts\n?lookup.exe" []
"zwkk"="C:\PROGRA~1\COMMON~1\zwkk\zwkkm.exe" []
"Umpgfd"="C:\Documents and Settings\Leona Peiris\Application Data\s?stem32\?hkdsk.exe" []
"Rmmxuap"="C:\Documents and Settings\Leona Peiris\My Documents\??crosoft.NET\n?pdb.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]

C:\Documents and Settings\Leona Peiris\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 12:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 12:04:12]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-11-15 14:26:50]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Internet Explorer\rtenemufs.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1125981865\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe regrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

R1 MPFIREWL;MPFIREWL;C:\WINDOWS\system32\Drivers\MpFirewall.sys
R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys
S0 fsflt;fsflt;C:\WINDOWS\system32\Drivers\fsflt.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f94d1a2-468e-11da-8ecf-00038a000015}]
AutoRun\command- F:\JDSecure\Windows\JDSecure31.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 12:42:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-13 12:45:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-13 12:45
C:\ComboFix2.txt ... 2007-08-12 12:18

--- E O F ---






WIN32DELFKIL LOGFILE - by Marckie


version 3.130
Mon 08/13/2007 12:48:03.89
running from: "C:\Documents and Settings\Leona Peiris\Desktop"


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


--- Notify key ---


--- rebooting the computer ---


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



--- Notify key ---

Finished!

dimebagdrl
2007-08-13, 22:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:18 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Tech\Malware Removal Software\Hijack This\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\LEONAP~1\APPLIC~1\YSTEM3~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [Itoh] "C:\Documents and Settings\Leona Peiris\Application Data\F?nts\n?lookup.exe"
O4 - HKCU\..\Run: [zwkk] C:\PROGRA~1\COMMON~1\zwkk\zwkkm.exe
O4 - HKCU\..\Run: [Umpgfd] "C:\Documents and Settings\Leona Peiris\Application Data\s?stem32\?hkdsk.exe"
O4 - HKCU\..\Run: [Rmmxuap] "C:\Documents and Settings\Leona Peiris\My Documents\??crosoft.NET\n?pdb.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\rtenemufs.html

--
End of file - 7079 bytes

Shaba
2007-08-14, 10:05
Hi

Open HijackThis, click do a system scan only and checkmark these:

O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\LEONAP~1\APPLIC~1\YSTEM3~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [Itoh] "C:\Documents and Settings\Leona Peiris\Application Data\F?nts\n?lookup.exe"
O4 - HKCU\..\Run: [zwkk] C:\PROGRA~1\COMMON~1\zwkk\zwkkm.exe
O4 - HKCU\..\Run: [Umpgfd] "C:\Documents and Settings\Leona Peiris\Application Data\s?stem32\?hkdsk.exe"
O4 - HKCU\..\Run: [Rmmxuap] "C:\Documents and Settings\Leona Peiris\My Documents\??crosoft.NET\n?pdb.exe"
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\rtenemufs.html

Close all windows including browser and press fix checked.

Reboot.

Re-run combofix

Post:

- a fresh HijackThis log
- combofix report

Shaba
2007-08-21, 17:26
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.