Smithfraud Problem/MUTI POPUPS

E

ElloMate

New member
I tried using Spybot, Ad-ware, CCleaner, Hjjack, VundoFix, AVG, but they still can't remove it. This a logfile on the Hjjack I scanned

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:42:18 AM, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\hijackthis\scanner.exe.exe

O2 - BHO: (no name) - {78CBFF0D-2AB9-4E7A-982D-75AFE3E5BB9D} - C:\WINDOWS\system32\sstqp.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 1382 bytes
 
VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 10:35:47 PM 25/05/2007

Listing files found while scanning....


VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 8:06:29 AM 26/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\dxlvsudq.dll
C:\WINDOWS\system32\gvwopxsr.ini
C:\WINDOWS\system32\kbbtgtmp.dll
C:\WINDOWS\system32\nbimjwor.dll
C:\WINDOWS\system32\pmtgtbbk.ini
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\qdusvlxd.ini
C:\WINDOWS\system32\rowjmibn.ini
C:\WINDOWS\system32\rsxpowvg.dll
C:\WINDOWS\system32\sstqp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dxlvsudq.dll
C:\WINDOWS\system32\dxlvsudq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gvwopxsr.ini
C:\WINDOWS\system32\gvwopxsr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kbbtgtmp.dll
C:\WINDOWS\system32\kbbtgtmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nbimjwor.dll
C:\WINDOWS\system32\nbimjwor.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmtgtbbk.ini
C:\WINDOWS\system32\pmtgtbbk.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\pqtss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\qdusvlxd.ini
C:\WINDOWS\system32\qdusvlxd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rowjmibn.ini
C:\WINDOWS\system32\rowjmibn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rsxpowvg.dll
C:\WINDOWS\system32\rsxpowvg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 10:45:52 AM 26/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\sstqp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.

Performing Repairs to the registry.
Done!
 
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:22:45 AM, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\VundoFix.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\hijackthis\HiJackThis_v2.exe

O2 - BHO: (no name) - {AAA3D9FC-22EC-40E5-BCE9-5B46EE5D35ED} - C:\WINDOWS\system32\sstqp.dll
O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\IVAN\Desktop\Spyware Programs\vundofix.exe"
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 1464 bytes
 
Hello ElloMate and welcome to the Forums :)

Your log is quite short. Have you fixed something by yourself or have you whitelisted some entries?

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Scanning for infected files . . .
This typically doesn't take more than 10 minutes

Scan times for badly infected machines may easily double


"C:\DOCUME~1\IVAN\Desktop.\internet explorer.lnk"
"C:\WINDOWS\system32\vbzip11.dll"
C:\WINDOWS\system32\sbqvoaey.dll
 
"IVAN" - 2007-05-28 4:28:32 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\IVAN\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



Purity Folders:

C:\WINDOWS\system32\a?sembly
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\F?nts
C:\WINDOWS\system32\F?nts
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\s?curity
C:\WINDOWS\system32\S?mantec
C:\WINDOWS\system32\s?mbols
C:\WINDOWS\system32\s?stem
C:\WINDOWS\system32\s?stem32
C:\WINDOWS\system32\T?sks
C:\WINDOWS\system32\W?nSxS
C:\WINDOWS\system32\?dobe
C:\WINDOWS\system32\?ppPatch
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\?icrosoft.NET
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\?racle
C:\WINDOWS\system32\?asks
C:\WINDOWS\system32\T?sks
C:\WINDOWS\system32\?ecurity
C:\WINDOWS\system32\?ymantec
C:\WINDOWS\system32\?ymbols
C:\WINDOWS\system32\?ystem
C:\WINDOWS\system32\?ystem32
C:\WINDOWS\system32\s?curity
C:\WINDOWS\system32\S?mantec
C:\WINDOWS\system32\s?mbols
C:\WINDOWS\system32\s?stem
C:\WINDOWS\system32\s?stem32
C:\WINDOWS\system32\?dobe
C:\WINDOWS\system32\?ppPatch
C:\WINDOWS\system32\?ssembly
C:\WINDOWS\system32\a?sembly
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\?icrosoft.NET
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\?racle
C:\WINDOWS\system32\?asks
C:\WINDOWS\system32\T?sks
C:\WINDOWS\assembly
C:\WINDOWS\AppPatch
C:\WINDOWS\Fonts
C:\WINDOWS\Fonts
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\security
C:\WINDOWS\S?mantec
C:\WINDOWS\s?mbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\Tasks
C:\WINDOWS\WinSxS
C:\WINDOWS\?dobe
C:\WINDOWS\AppPatch
C:\WINDOWS\AppPatch
C:\WINDOWS\?icrosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\?racle
C:\WINDOWS\Tasks
C:\WINDOWS\Tasks
C:\WINDOWS\security
C:\WINDOWS\?ymantec
C:\WINDOWS\?ymbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\security
C:\WINDOWS\S?mantec
C:\WINDOWS\s?mbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\?dobe
C:\WINDOWS\AppPatch
C:\WINDOWS\assembly
C:\WINDOWS\assembly
C:\WINDOWS\AppPatch
C:\WINDOWS\?icrosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\?racle
C:\WINDOWS\Tasks
C:\WINDOWS\Tasks
C:\Program Files\Common Files\a?sembly
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\F?nts
C:\Program Files\Common Files\F?nts
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\s?curity
C:\Program Files\Common Files\S?mantec
C:\Program Files\Common Files\s?mbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\s?stem32
C:\Program Files\Common Files\T?sks
C:\Program Files\Common Files\W?nSxS
C:\Program Files\Common Files\?dobe
C:\Program Files\Common Files\?ppPatch
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\?icrosoft
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\?racle
C:\Program Files\Common Files\?asks
C:\Program Files\Common Files\T?sks
C:\Program Files\Common Files\?ecurity
C:\Program Files\Common Files\?ymantec
C:\Program Files\Common Files\?ymbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\?ystem32
C:\Program Files\Common Files\s?curity
C:\Program Files\Common Files\S?mantec
C:\Program Files\Common Files\s?mbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\s?stem32
C:\Program Files\Common Files\?dobe
C:\Program Files\Common Files\?ppPatch
C:\Program Files\Common Files\?ssembly
C:\Program Files\Common Files\a?sembly
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\?icrosoft
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\?racle
C:\Program Files\Common Files\?asks
C:\Program Files\Common Files\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\a?sembly
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\F?nts
C:\DOCUME~1\IVAN\APPLIC~1\F?nts
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\s?curity
C:\DOCUME~1\IVAN\APPLIC~1\S?mantec
C:\DOCUME~1\IVAN\APPLIC~1\s?mbols
C:\DOCUME~1\IVAN\APPLIC~1\s?stem
C:\DOCUME~1\IVAN\APPLIC~1\s?stem32
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\W?nSxS
C:\DOCUME~1\IVAN\APPLIC~1\?dobe
C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\?racle
C:\DOCUME~1\IVAN\APPLIC~1\?asks
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\?ecurity
C:\DOCUME~1\IVAN\APPLIC~1\?ymantec
C:\DOCUME~1\IVAN\APPLIC~1\?ymbols
C:\DOCUME~1\IVAN\APPLIC~1\?ystem
C:\DOCUME~1\IVAN\APPLIC~1\?ystem32
C:\DOCUME~1\IVAN\APPLIC~1\s?curity
C:\DOCUME~1\IVAN\APPLIC~1\S?mantec
C:\DOCUME~1\IVAN\APPLIC~1\s?mbols
C:\DOCUME~1\IVAN\APPLIC~1\s?stem
C:\DOCUME~1\IVAN\APPLIC~1\s?stem32
C:\DOCUME~1\IVAN\APPLIC~1\?dobe
C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
C:\DOCUME~1\IVAN\APPLIC~1\?ssembly
C:\DOCUME~1\IVAN\APPLIC~1\a?sembly
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\?racle
C:\DOCUME~1\IVAN\APPLIC~1\?asks
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
 
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))


2007-05-26 17:09 <DIR> d-------- C:\Program Files\Web Page Maker V2
2007-05-26 16:57 233,472 --a------ C:\WINDOWS\system32\Ilda32.dll
2007-05-26 09:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-26 07:16 1,092 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-26 07:11 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-26 07:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-26 07:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-25 19:35 <DIR> d-------- C:\VundoFix Backups
2007-05-22 18:08 <DIR> d-------- C:\Program Files\AxBx
2007-05-22 17:13 21,504 --a------ C:\WINDOWS\system32\1327502ld.exe
2007-05-21 10:47 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-05-21 08:09 <DIR> d-------- C:\Nexon
2007-05-21 06:35 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-20 12:38 0 -ra------ C:\logwmemory.bin
2007-05-19 16:03 22,016 --a------ C:\WINDOWS\system32\winsys32.dll
2007-05-19 14:29 <DIR> d---s---- C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft
2007-05-19 14:29 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2007-05-19 14:28 <DIR> d-------- C:\WINDOWS\system32\?ppPatch
2007-05-19 14:28 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
2007-05-19 14:27 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-05-19 14:26 <DIR> d-------- C:\WINDOWS\A?pPatch
2007-05-19 14:24 <DIR> d-------- C:\WINDOWS\system32\?asks
2007-05-19 14:23 <DIR> d-------- C:\WINDOWS\system32\?dobe
2007-05-19 14:23 <DIR> d-------- C:\Program Files\Common Files\T?sks
2007-05-19 14:23 <DIR> d-------- C:\Program Files\Common Files\?ecurity
2007-05-19 14:23 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
2007-05-19 14:22 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2007-05-19 14:22 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-05-19 14:22 <DIR> d-------- C:\Program Files\Common Files\?asks
2007-05-19 14:22 <DIR> d-------- C:\Program Files\Common Files\??crosoft.NET
2007-05-19 14:22 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??crosoft.NET
2007-05-19 14:21 <DIR> d-------- C:\WINDOWS\system32\W?nSxS
2007-05-19 14:21 <DIR> d-------- C:\WINDOWS\?icrosoft.NET
2007-05-19 14:21 <DIR> d-------- C:\Program Files\Common Files\M?crosoft.NET
2007-05-19 14:21 <DIR> d-------- C:\Program Files\Common Files\?racle
2007-05-19 14:21 <DIR> d-------- C:\Program Files\Common Files\?ppPatch
2007-05-19 14:21 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\F?nts
2007-05-19 14:21 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??stem32
2007-05-19 14:20 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-05-19 14:20 <DIR> d---s---- C:\WINDOWS\?asks
2007-05-19 14:20 <DIR> d-------- C:\WINDOWS\system32\S?mantec
2007-05-19 14:20 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2007-05-19 14:20 <DIR> d-------- C:\WINDOWS\system32\?racle
2007-05-19 14:20 <DIR> d-------- C:\Program Files\Common Files\?ssembly
2007-05-19 14:20 <DIR> d-------- C:\Program Files\Common Files\??sembly
2007-05-19 14:20 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-05-19 14:20 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?racle
2007-05-19 14:20 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??mantec
2007-05-19 14:20 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??curity
2007-05-19 14:19 <DIR> dr--s---- C:\WINDOWS\a?sembly
2007-05-19 14:19 <DIR> d---s---- C:\DOCUME~1\IVAN\APPLIC~1\??crosoft
2007-05-19 14:19 <DIR> d-------- C:\WINDOWS\system32\??sembly
2007-05-19 14:19 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-05-19 14:19 <DIR> d-------- C:\WINDOWS\?ymantec
2007-05-19 14:19 <DIR> d-------- C:\WINDOWS\?ecurity
2007-05-19 14:19 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-05-19 14:19 <DIR> d-------- C:\Program Files\Common Files\?asks
2007-05-19 14:19 <DIR> d-------- C:\Program Files\Common Files\??stem
2007-05-19 14:19 <DIR> d-------- C:\Program Files\Common Files\??pPatch
2007-05-19 14:19 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\s?mbols
2007-05-19 14:19 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\a?sembly
2007-05-19 14:19 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?dobe
2007-05-19 14:19 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?dobe
2007-05-19 14:19 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??sks
2007-05-19 14:18 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft
2007-05-19 14:18 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\system32\T?sks
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\M?crosoft.NET
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\?ystem32
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\?icrosoft.NET
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\?icrosoft
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\??mbols
2007-05-19 14:18 <DIR> d-------- C:\WINDOWS\??crosoft
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\a?sembly
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\?ystem32
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\?racle
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\??stem32
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\??pPatch
2007-05-19 14:18 <DIR> d-------- C:\Program Files\Common Files\??crosoft.NET
2007-05-19 14:18 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\s?curity
2007-05-19 14:18 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
2007-05-19 14:18 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??stem
2007-05-19 14:17 <DIR> d---s---- C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\system32\?racle
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\?ystem
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\?ymbols
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\?ppPatch
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\?icrosoft
2007-05-19 14:17 <DIR> d-------- C:\WINDOWS\?dobe
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\S?mantec
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\?ymbols
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\?ppPatch
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\?dobe
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\??sks
2007-05-19 14:17 <DIR> d-------- C:\Program Files\Common Files\??sks
2007-05-19 14:17 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\F?nts
2007-05-19 14:17 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?asks
2007-05-19 14:16 <DIR> dr--s---- C:\WINDOWS\?ssembly
2007-05-19 14:16 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft
2007-05-19 14:16 <DIR> d---s---- C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\s?curity
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??stem32
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??stem
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??mantec
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??curity
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\s?stem32
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\?racle
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\?racle
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\??curity
2007-05-19 14:16 <DIR> d-------- C:\WINDOWS\??crosoft.NET
2007-05-19 14:16 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2007-05-19 14:16 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2007-05-19 14:16 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
2007-05-19 14:16 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ssembly
2007-05-19 14:16 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?racle
2007-05-19 14:16 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ecurity
2007-05-19 14:16 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??crosoft.NET
2007-05-19 14:15 <DIR> dr--s---- C:\WINDOWS\F?nts
2007-05-19 14:15 <DIR> dr--s---- C:\WINDOWS\??sembly
2007-05-19 14:15 <DIR> d---s---- C:\WINDOWS\T?sks
2007-05-19 14:15 <DIR> d---s---- C:\WINDOWS\system32\M?crosoft
2007-05-19 14:15 <DIR> d---s---- C:\WINDOWS\??sks
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\W?nSxS
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\s?stem
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?ystem
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?ssembly
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?ppPatch
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?ecurity
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\?dobe
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\s?mbols
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\s?curity
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\?dobe
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\??stem32
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\??pPatch
2007-05-19 14:15 <DIR> d-------- C:\WINDOWS\??crosoft.NET
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\W?nSxS
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\s?stem32
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\s?stem
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\F?nts
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\F?nts
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\?ystem
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\?ymantec
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\?dobe
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\??mbols
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\??mantec
2007-05-19 14:15 <DIR> d-------- C:\Program Files\Common Files\??curity
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\T?sks
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\s?stem32
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ystem32
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ystem
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??sks
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??sembly
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??pPatch
2007-05-19 14:15 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??mbols
2007-05-19 14:14 <DIR> d---s---- C:\WINDOWS\?asks
2007-05-19 14:14 <DIR> d---s---- C:\DOCUME~1\IVAN\APPLIC~1\??crosoft
2007-05-19 14:14 <DIR> d-------- C:\WINDOWS\system32\F?nts
2007-05-19 14:14 <DIR> d-------- C:\WINDOWS\system32\?ymbols
2007-05-19 14:14 <DIR> d-------- C:\WINDOWS\system32\?asks
2007-05-19 14:14 <DIR> d-------- C:\WINDOWS\system32\??mbols
2007-05-19 14:14 <DIR> d-------- C:\WINDOWS\??crosoft
2007-05-19 14:14 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\W?nSxS
2007-05-19 14:14 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?asks
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\s?stem
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\S?mantec
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\M?crosoft
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\?ppPatch
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\??stem
2007-05-19 13:01 <DIR> d-------- C:\WINDOWS\??pPatch
2007-05-19 13:01 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\s?stem
2007-05-19 13:01 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\S?mantec
2007-05-19 13:01 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\??pPatch
2007-05-19 13:00 <DIR> dr--s---- C:\WINDOWS\F?nts
2007-05-19 13:00 <DIR> d---s---- C:\WINDOWS\??sks
2007-05-19 13:00 <DIR> d-------- C:\WINDOWS\system32\F?nts
2007-05-19 13:00 <DIR> d-------- C:\WINDOWS\system32\?ystem32
2007-05-19 13:00 <DIR> d-------- C:\WINDOWS\??mantec
2007-05-19 13:00 <DIR> d-------- C:\Program Files\Common Files\s?mbols
2007-05-19 13:00 <DIR> d-------- C:\Program Files\Common Files\s?curity
2007-05-19 13:00 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ymbols
2007-05-19 13:00 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\?ymantec
2007-05-17 16:52 <DIR> d-------- C:\Program Files\FlashGet
2007-05-17 16:39 1,807 --a------ C:\WINDOWS\system32\cpwbase2005.dat
2007-05-13 17:33 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\uTorrent
2007-05-13 14:49 <DIR> d-------- C:\Fraps
2007-05-12 12:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-11 18:08 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\iMesh
2007-05-08 12:22 <DIR> d-------- C:\WINDOWS\RebirthRO Full Client
2007-05-06 14:44 <DIR> d-------- C:\Downloads
2007-05-06 05:01 <DIR> d-------- C:\Program Files\Free Download Manager
2007-05-05 18:36 <DIR> d-------- C:\Soldat
 
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-27 18:07:54 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\gtk-2.0
2007-05-27 00:02:49 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-24 00:36:30 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-22 20:13:16 -------- d-----w C:\Program Files\DivX
2007-05-20 19:23:17 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\Xfire
2007-05-20 18:55:26 -------- d-----w C:\Program Files\MSN Messenger
2007-05-20 02:30:54 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\PC Tools
2007-05-20 02:30:18 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-19 21:29:48 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-05-19 21:29:01 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft
2007-05-19 21:27:56 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-05-19 21:23:33 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
2007-05-19 21:23:10 -------- d-----w C:\Program Files\Common Files\?ecurity
2007-05-19 21:22:46 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-05-19 21:22:42 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-05-19 21:22:33 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??crosoft.NET
2007-05-19 21:22:10 -------- d-----w C:\Program Files\Common Files\?asks
2007-05-19 21:21:50 -------- d-----w C:\Program Files\Common Files\?racle
2007-05-19 21:21:20 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-05-19 21:21:06 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??stem32
2007-05-19 21:20:57 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-05-19 21:20:48 -------- d-----w C:\Program Files\Common Files\?ssembly
2007-05-19 21:20:37 -------- d-----w C:\Program Files\Common Files\??sembly
2007-05-19 21:20:25 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??mantec
2007-05-19 21:20:18 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??curity
2007-05-19 21:20:06 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?racle
2007-05-19 21:19:59 -------- d-----w C:\Program Files\Common Files\??stem
2007-05-19 21:19:50 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-05-19 21:19:48 -------- d-----w C:\Program Files\Common Files\?asks
2007-05-19 21:19:35 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-05-19 21:19:34 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?dobe
2007-05-19 21:19:31 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?dobe
2007-05-19 21:19:22 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??sks
2007-05-19 21:19:02 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??crosoft
2007-05-19 21:18:54 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
2007-05-19 21:18:49 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??stem
2007-05-19 21:18:36 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-05-19 21:18:35 -------- d-----w C:\Program Files\Common Files\??stem32
2007-05-19 21:18:14 -------- d-----w C:\Program Files\Common Files\?ystem32
2007-05-19 21:18:13 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-05-19 21:18:01 -------- d-----w C:\Program Files\Common Files\?racle
2007-05-19 21:17:57 -------- d-----w C:\Program Files\Common Files\?ymbols
2007-05-19 21:17:54 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-05-19 21:17:43 -------- d-----w C:\Program Files\Common Files\??sks
2007-05-19 21:17:38 -------- d-----w C:\Program Files\Common Files\??sks
2007-05-19 21:17:33 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?asks
2007-05-19 21:17:29 -------- d-----w C:\Program Files\Common Files\?dobe
2007-05-19 21:16:55 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ecurity
2007-05-19 21:16:26 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??crosoft.NET
2007-05-19 21:16:21 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft
2007-05-19 21:16:08 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?racle
2007-05-19 21:16:07 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ssembly
2007-05-19 21:15:53 -------- d-----w C:\Program Files\Common Files\??mbols
2007-05-19 21:15:52 -------- d-----w C:\Program Files\Common Files\?ystem
2007-05-19 21:15:48 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ystem
2007-05-19 21:15:46 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??mbols
2007-05-19 21:15:43 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ystem32
2007-05-19 21:15:42 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
2007-05-19 21:15:27 -------- d-----w C:\Program Files\Common Files\??mantec
2007-05-19 21:15:25 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??sks
2007-05-19 21:15:24 -------- d-----w C:\Program Files\Common Files\?ymantec
2007-05-19 21:15:21 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-05-19 21:15:17 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??pPatch
2007-05-19 21:15:11 -------- d-----w C:\Program Files\Common Files\?dobe
2007-05-19 21:15:07 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??sembly
2007-05-19 21:15:03 -------- d-----w C:\Program Files\Common Files\??curity
2007-05-19 21:15:00 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
2007-05-19 21:14:59 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?asks
2007-05-19 21:14:55 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??crosoft
2007-05-19 20:01:01 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\??pPatch
2007-05-19 20:00:55 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ymantec
2007-05-19 20:00:54 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\?ymbols
2007-05-17 00:14:47 1,548 -c--a-w C:\WINDOWS\mozver.dat
2007-04-21 20:33:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-15 00:43:16 30 ----a-w C:\deleteprefetch.bat
2007-04-13 00:53:53 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\Opera
2007-04-13 00:53:34 -------- d-----w C:\Program Files\Opera
2007-04-13 00:44:27 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\WinPatrol
2007-04-11 01:37:50 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\Ventrilo
2007-04-09 16:54:32 0 ----a-w C:\WINDOWS\system32\w32apiw.dll
2007-04-08 20:30:16 -------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-04-05 03:04:03 -------- d-----w C:\Program Files\Paint.NET
2007-04-04 22:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-04-01 20:50:13 -------- d-----w C:\DOCUME~1\IVAN\APPLIC~1\SystemRequirementsLab
2007-03-29 23:12:14 664 -c--a-w C:\WINDOWS\system32\d3d9caps.dat
2007-03-15 20:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
2007-03-12 20:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
2007-03-12 20:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 -c--a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 16:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dl
 
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 05:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 09:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"RestrictCpl"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoInstrumentation"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 07:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqp]
C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys32]
C:\WINDOWS\system32\winsys32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis entries set to ignore ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 05:18:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-28 5:22:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-28 05:22

--- E O F ---
 
Hi again :)

We'll continue...


Look in your control panels add/remove programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
and any other programs you didn't install or don't recognize - if your not sure please ask first

Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Run ComboFix again and post the log to here along with a fresh HijackThis log.

:bigthumb:
 
"IVAN" - 2007-05-29 4:59:28 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\IVAN\Desktop\Spyware Programs\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



Purity Folders:

C:\WINDOWS\system32\a?sembly
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\F?nts
C:\WINDOWS\system32\F?nts
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\s?curity
C:\WINDOWS\system32\S?mantec
C:\WINDOWS\system32\s?mbols
C:\WINDOWS\system32\s?stem
C:\WINDOWS\system32\s?stem32
C:\WINDOWS\system32\T?sks
C:\WINDOWS\system32\W?nSxS
C:\WINDOWS\system32\?dobe
C:\WINDOWS\system32\?ppPatch
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\?icrosoft.NET
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\?racle
C:\WINDOWS\system32\?asks
C:\WINDOWS\system32\T?sks
C:\WINDOWS\system32\?ecurity
C:\WINDOWS\system32\?ymantec
C:\WINDOWS\system32\?ymbols
C:\WINDOWS\system32\?ystem
C:\WINDOWS\system32\?ystem32
C:\WINDOWS\system32\s?curity
C:\WINDOWS\system32\S?mantec
C:\WINDOWS\system32\s?mbols
C:\WINDOWS\system32\s?stem
C:\WINDOWS\system32\s?stem32
C:\WINDOWS\system32\?dobe
C:\WINDOWS\system32\?ppPatch
C:\WINDOWS\system32\?ssembly
C:\WINDOWS\system32\a?sembly
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\?icrosoft.NET
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\?racle
C:\WINDOWS\system32\?asks
C:\WINDOWS\system32\T?sks
C:\WINDOWS\assembly
C:\WINDOWS\AppPatch
C:\WINDOWS\Fonts
C:\WINDOWS\Fonts
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\security
C:\WINDOWS\S?mantec
C:\WINDOWS\s?mbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\Tasks
C:\WINDOWS\WinSxS
C:\WINDOWS\?dobe
C:\WINDOWS\AppPatch
C:\WINDOWS\AppPatch
C:\WINDOWS\?icrosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\?racle
C:\WINDOWS\Tasks
C:\WINDOWS\Tasks
C:\WINDOWS\security
C:\WINDOWS\?ymantec
C:\WINDOWS\?ymbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\security
C:\WINDOWS\S?mantec
C:\WINDOWS\s?mbols
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\?dobe
C:\WINDOWS\AppPatch
C:\WINDOWS\assembly
C:\WINDOWS\assembly
C:\WINDOWS\AppPatch
C:\WINDOWS\?icrosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\?racle
C:\WINDOWS\Tasks
C:\WINDOWS\Tasks
C:\Program Files\Common Files\a?sembly
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\F?nts
C:\Program Files\Common Files\F?nts
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\s?curity
C:\Program Files\Common Files\S?mantec
C:\Program Files\Common Files\s?mbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\s?stem32
C:\Program Files\Common Files\T?sks
C:\Program Files\Common Files\W?nSxS
C:\Program Files\Common Files\?dobe
C:\Program Files\Common Files\?ppPatch
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\?icrosoft
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\?racle
C:\Program Files\Common Files\?asks
C:\Program Files\Common Files\T?sks
C:\Program Files\Common Files\?ecurity
C:\Program Files\Common Files\?ymantec
C:\Program Files\Common Files\?ymbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\?ystem32
C:\Program Files\Common Files\s?curity
C:\Program Files\Common Files\S?mantec
C:\Program Files\Common Files\s?mbols
C:\Program Files\Common Files\System
C:\Program Files\Common Files\s?stem32
C:\Program Files\Common Files\?dobe
C:\Program Files\Common Files\?ppPatch
C:\Program Files\Common Files\?ssembly
C:\Program Files\Common Files\a?sembly
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\?icrosoft
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\?racle
C:\Program Files\Common Files\?asks
C:\Program Files\Common Files\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\a?sembly
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\F?nts
C:\DOCUME~1\IVAN\APPLIC~1\F?nts
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\s?curity
C:\DOCUME~1\IVAN\APPLIC~1\S?mantec
C:\DOCUME~1\IVAN\APPLIC~1\s?mbols
C:\DOCUME~1\IVAN\APPLIC~1\s?stem
C:\DOCUME~1\IVAN\APPLIC~1\s?stem32
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\W?nSxS
C:\DOCUME~1\IVAN\APPLIC~1\?dobe
C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\?racle
C:\DOCUME~1\IVAN\APPLIC~1\?asks
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
C:\DOCUME~1\IVAN\APPLIC~1\?ecurity
C:\DOCUME~1\IVAN\APPLIC~1\?ymantec
C:\DOCUME~1\IVAN\APPLIC~1\?ymbols
C:\DOCUME~1\IVAN\APPLIC~1\?ystem
C:\DOCUME~1\IVAN\APPLIC~1\?ystem32
C:\DOCUME~1\IVAN\APPLIC~1\s?curity
C:\DOCUME~1\IVAN\APPLIC~1\S?mantec
C:\DOCUME~1\IVAN\APPLIC~1\s?mbols
C:\DOCUME~1\IVAN\APPLIC~1\s?stem
C:\DOCUME~1\IVAN\APPLIC~1\s?stem32
C:\DOCUME~1\IVAN\APPLIC~1\?dobe
C:\DOCUME~1\IVAN\APPLIC~1\?ppPatch
C:\DOCUME~1\IVAN\APPLIC~1\?ssembly
C:\DOCUME~1\IVAN\APPLIC~1\a?sembly
C:\DOCUME~1\IVAN\APPLIC~1\A?pPatch
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\?icrosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\Microsoft
C:\DOCUME~1\IVAN\APPLIC~1\M?crosoft.NET
C:\DOCUME~1\IVAN\APPLIC~1\?racle
C:\DOCUME~1\IVAN\APPLIC~1\?asks
C:\DOCUME~1\IVAN\APPLIC~1\T?sks
 
((((((((((((((((((((((((((((((( Files Created from 29/0-01-07 to 29/05/2007 ))))))))))))))))))))))))))))))))))


29/05/2007 04:59 AM C:\64 ComboFix.txt.bat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"RestrictCpl"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoInstrumentation"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [28/09/2006 07:13 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys32]
C:\WINDOWS\system32\winsys32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 05:21:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 29/05/2007 5:24:02
C:\ComboFix-quarantined-files.txt ... 29/05/2007 05:24 AM
C:\ComboFix2.txt ... 28/05/2007 05:22 AM

--- E O F ---
 
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:29:46 AM, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\hijackthis\HiJackThis_v2.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 1189 bytes
 
Hello :)

So you ran purity uninstaller?

The log looks a BIT odd.. Let's see what kind of a logfile the previous version gives. please delete your version of HijackThis...

Download HijackThis 1.99.1 to your desktop from here

Create a new folder for HijackThis and move HijackThis.exe into it.

Rename HijackThis.exe to Scanner.exe

:bigthumb:
 
Mr_JAk3 said:
Hello :)

So you ran purity uninstaller?

The log looks a BIT odd.. Let's see what kind of a logfile the previous version gives. please delete your version of HijackThis...

Download HijackThis 1.99.1 to your desktop from here

Create a new folder for HijackThis and move HijackThis.exe into it.

Rename HijackThis.exe to Scanner.exe

:bigthumb:
Click to expand...
Logfile of HijackThis v1.99.1
Scan saved at 5:24:16 AM, on 31/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IVAN\Desktop\Scanner.exe.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: winsys32 - C:\WINDOWS\system32\winsys32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
 
Ok...

Download F-Secure Blacklight and save it to your desktop.

Doubleclick fsbl.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)
 
You must log in or register to reply here.
Back
Top