Help Too Many Viruses...!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jayshari

Thread Starter
Joined
Jul 5, 2007
Messages
23
I have some many viruses on this system that i cannot cope with the removal it is just too hard...
After my nephew used this computer - to do homework - it has just too many problems.

SUPERantispyware detected 145 viruses etc!!!!!!
I can't even log in to my profile as the screen has gone completely black with only the icons visible - no text visible at ALL!
On this profile i keep getting windows security warnings and 1000 internet explorers opening...

here is the HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 12:47:26, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1175724214\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {CE22ABA3-B540-4D26-9BE2-425AF0F411E8} - C:\WINDOWS\system32\rqrqnlj.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Earn2Life Bar - {93344865-74BD-4873-BE65-56539D41A65C} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175724214\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} (Earn2Life Bar) - http://www.earn2life.com/plugin/Earn2Life.cab
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://kartstart.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: rqrqnlj - rqrqnlj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: KbdChk - {f4e444e8-fc77-4a5f-81f0-fbe7fd468f54} - C:\WINDOWS\Installer\{f4e444e8-fc77-4a5f-81f0-fbe7fd468f54}\KbdChk.dll (file missing)
O21 - SSODL: vbgtorfd - {839298CA-BD01-41BF-BDF3-C12516EF81FB} - C:\WINDOWS\vbgtorfd.dll
O21 - SSODL: dwnrpofk - {354AE0EA-6619-4BC3-84EE-F953D2FF7FEC} - C:\WINDOWS\dwnrpofk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

HELP HELP HELP HELP HELP HELP HELP.....

:mad: :mad: :mad: :confused: :eek: :confused: :mad: :mad: :mad:
 

jayshari

Thread Starter
Joined
Jul 5, 2007
Messages
23
I have added a list of all the viruses that been found on this system
NOW pages are opening by themselves and any open windows keep maximising and minimising on there own - its like being haunted........

VIRUSES ON THIS SYSTEM

Mirar
SXGAdvisor
Vundo
Vundo Rel
Vundo-varient
internet delivery
Trojan downloader oreon
Trojan downloader oreon a Resident
Trojan Net MSV/VPS
Trojan Net MU/Gen
Trojan unclassified affiliate bundle
Trojan unclassifed GTS
Trojan Unkown origin
Trojan Winfixer
Browser hijacker internet explorer settings hijacker
desktop hijacker about your privacy



AGGHHH

as i am typing this Norton has blocked Downloader but the pages keep changing and it keeps coming up...

Oh Pants
please help...

thanks
 

jayshari

Thread Starter
Joined
Jul 5, 2007
Messages
23
i FOUND THIS LOG

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/24/2008 at 07:14 PM

Application Version : 3.9.1008

Core Rules Database Version : 3423
Trace Rules Database Version: 1415

Scan type : Complete Scan
Total Scan Time : 03:17:53

Memory items scanned : 514
Memory threats detected : 2
Registry items scanned : 7117
Registry threats detected : 56
File items scanned : 103206
File threats detected : 347

Trojan.Downloader-Oreon-A/Resident
C:\WINDOWS\INSTALLER\{F4E444E8-FC77-4A5F-81F0-FBE7FD468F54}\KBDCHK.DLL
C:\WINDOWS\INSTALLER\{F4E444E8-FC77-4A5F-81F0-FBE7FD468F54}\KBDCHK.DLL
C:\WINDOWS\INSTALLER\{9F573EF2-8833-49FC-8FD8-81B76B5D42DB}\COMPONENTSETUP.DLL
C:\WINDOWS\INSTALLER\{9F573EF2-8833-49FC-8FD8-81B76B5D42DB}\COMPONENTSETUP.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
HKCR\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{C8FA77D8-BD05-4829-A8A5-690BE3B7DEA5}
HKCR\CLSID\{C8FA77D8-BD05-4829-A8A5-690BE3B7DEA5}
HKCR\CLSID\{C8FA77D8-BD05-4829-A8A5-690BE3B7DEA5}\InprocServer32
HKCR\CLSID\{C8FA77D8-BD05-4829-A8A5-690BE3B7DEA5}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSTTQ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8FA77D8-BD05-4829-A8A5-690BE3B7DEA5}

Adware.SXGAdvisor-A
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04618753-8BCC-4227-AE2A-4981EB17FCEF}
HKCR\CLSID\{04618753-8BCC-4227-AE2A-4981EB17FCEF}
HKCR\CLSID\{04618753-8BCC-4227-AE2A-4981EB17FCEF}
HKCR\CLSID\{04618753-8BCC-4227-AE2A-4981EB17FCEF}\InprocServer32
HKCR\CLSID\{04618753-8BCC-4227-AE2A-4981EB17FCEF}\InprocServer32#ThreadingModel
HKCR\CLSID\{04618753-8BCC-4227-AE2A-4981EB17FCEF}\ProgID
HKCR\CLSID\{04618753-8BCC-4227-AE2A-4981EB17FCEF}\Programmable
HKCR\CLSID\{04618753-8BCC-4227-AE2A-4981EB17FCEF}\TypeLib
HKCR\CLSID\{04618753-8BCC-4227-AE2A-4981EB17FCEF}\VersionIndependentProgID
C:\WINDOWS\KDFTLBOERQL.DLL

Trojan.Unclassified/GTS
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0250B459-0F71-48F6-9784-CB7F2C338A0A}
HKCR\CLSID\{0250B459-0F71-48F6-9784-CB7F2C338A0A}
HKCR\CLSID\{0250B459-0F71-48F6-9784-CB7F2C338A0A}
HKCR\CLSID\{0250B459-0F71-48F6-9784-CB7F2C338A0A}\InprocServer32
HKCR\CLSID\{0250B459-0F71-48F6-9784-CB7F2C338A0A}\InprocServer32#ThreadingModel
HKCR\CLSID\{0250B459-0F71-48F6-9784-CB7F2C338A0A}\ProgID
HKCR\CLSID\{0250B459-0F71-48F6-9784-CB7F2C338A0A}\Programmable
HKCR\CLSID\{0250B459-0F71-48F6-9784-CB7F2C338A0A}\TypeLib
HKCR\CLSID\{0250B459-0F71-48F6-9784-CB7F2C338A0A}\VersionIndependentProgID
HKCR\qvdntlmw.1
HKCR\qvdntlmw
HKCR\TypeLib\{2AEC1DBC-9B63-4D34-AE5C-7C646ABBB9A0}
HKCR\TypeLib\{2AEC1DBC-9B63-4D34-AE5C-7C646ABBB9A0}\1.0
HKCR\TypeLib\{2AEC1DBC-9B63-4D34-AE5C-7C646ABBB9A0}\1.0\0
HKCR\TypeLib\{2AEC1DBC-9B63-4D34-AE5C-7C646ABBB9A0}\1.0\0\win32
HKCR\TypeLib\{2AEC1DBC-9B63-4D34-AE5C-7C646ABBB9A0}\1.0\FLAGS
HKCR\TypeLib\{2AEC1DBC-9B63-4D34-AE5C-7C646ABBB9A0}\1.0\HELPDIR
C:\WINDOWS\QVDNTLMW.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\Harry_Colquhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_own[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_own[email protected][4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][5].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][6].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
 

jayshari

Thread Starter
Joined
Jul 5, 2007
Messages
23
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][5].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][6].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Jayshari_Skye\Cookies\[email protected][2].txt
C:\Documents and Settings\Metalmanager\Cookies\[email protected][1].txt
C:\Documents and Settings\Metalmanager\Cookies\[email protected][1].txt
C:\Documents and Settings\Post_Production\Cookies\[email protected][2].txt
Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR
HKLM\Software\xpre
HKLM\Software\xpre#execount

Trojan.Net-MSV/VPS
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer

Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

Trojan.Downloader-Oreon
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#ComponentSetup [ {9f573ef2-8833-49fc-8fd8-81b76b5d42db} ]

InternetDelivery
C:\PROGRAM FILES\INET DELIVERY\INTDEL.EXE

Adware.Mirar/NetNucleus
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VERSION69IE7FIX.DLL.VIR

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D8696F73-2D76-412A-A981-4300C43EF86F}\RP134\A0028678.DLL

Trojan.Unclassified/AffiliateBundle
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D8696F73-2D76-412A-A981-4300C43EF86F}\RP134\A0028679.DLL

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\GEEBY.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\KNNMP.INI
C:\WINDOWS\SYSTEM32\KNNMP.INI2
C:\WINDOWS\SYSTEM32\QTTSS.INI
 

jayshari

Thread Starter
Joined
Jul 5, 2007
Messages
23
ComboFix 08-03-25.1 - Harry_Colquhoun 2008-03-25 17:04:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.262 [GMT 0:00]
Running from: C:\Documents and Settings\Harry_Colquhoun\Desktop\ComboFix.exe
* Created a new restore point
.
TimedOut: progfile.dat
-- Script messages for sUBs --
Findstr -MIF:/ sursen
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\documents\setup.exe
C:\Documents and Settings\Guest\Application Data\.rdr.ini
C:\Documents and Settings\Harry_Colquhoun\Favorites\Error Cleaner.url
C:\Documents and Settings\Harry_Colquhoun\Favorites\Privacy Protector.url
C:\Documents and Settings\Harry_Colquhoun\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Metalmanager\Application Data\.rdr.ini
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\ispn2.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\reginia_unknown.exe
C:\WINDOWS\system32\svkp2.dll
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-24 20:00 . 2008-03-24 20:00 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\SUPERAntiSpyware.com
2008-03-24 15:55 . 2008-03-24 15:55 <DIR> d-------- C:\Documents and Settings\Harry_Colquhoun\Application Data\SUPERAntiSpyware.com
2008-03-24 13:10 . 2008-03-24 13:10 <DIR> d-------- C:\WINDOWS\system32smp
2008-03-24 13:10 . 2008-03-24 19:46 <DIR> d-------- C:\Program Files\Inet Delivery
2008-03-24 12:56 . 2008-03-24 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fszgzwlk
2008-03-24 12:56 . 2008-03-24 10:38 221,184 --a------ C:\WINDOWS\vbgtorfd.dll
2008-03-24 12:56 . 2008-03-24 10:38 81,920 --a------ C:\WINDOWS\norlatmx.exe
2008-03-24 11:59 . 2008-03-24 11:59 <DIR> d-------- C:\videodvdmaker
2008-03-24 11:58 . 2008-03-24 11:59 <DIR> d-------- C:\Program Files\Video DVD Maker
2008-03-23 21:03 . 2008-03-25 08:20 76 --a------ C:\WINDOWS\musicmaker.INI
2008-03-23 20:50 . 2008-03-23 20:50 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-03-23 20:49 . 2008-03-23 20:50 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-03-23 20:49 . 2008-03-23 20:49 <DIR> d-------- C:\MAGIX
2008-03-23 20:49 . 2006-07-05 11:21 638,976 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-03-23 20:49 . 1998-10-15 17:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-03-23 20:49 . 2008-03-23 20:50 5,729 --a------ C:\WINDOWS\mgxoschk.ini
2008-03-22 07:52 . 2008-03-22 07:52 1,234,846 --a------ C:\soundeffect.wav
2008-03-22 07:51 . 2008-03-22 07:51 <DIR> d-------- C:\Program Files\SoundEffectMaker
2008-03-22 07:51 . 2005-05-21 00:45 77,824 --a------ C:\WINDOWS\system32\afxwavdest.ax
2008-03-21 11:48 . 2008-03-21 11:48 <DIR> d-------- C:\Program Files\iWatermark
2008-03-21 08:35 . 2008-03-21 08:35 <DIR> d-------- C:\Program Files\Mindstar
2008-03-19 11:20 . 2008-03-19 11:20 <DIR> d-------- C:\Program Files\Wondershare
2008-03-17 13:11 . 2008-03-17 13:11 <DIR> d-------- C:\Program Files\Game_Maker7
2008-03-15 00:00 . 2008-03-15 00:00 <DIR> d---s---- C:\WINDOWS\system32\%SystemDrive%
2008-03-15 00:00 . 2008-03-15 00:00 <DIR> d-------- C:\WINDOWS\Google Toolbar
2008-03-14 17:02 . 2008-03-14 17:02 <DIR> d-------- C:\Program Files\AdorageI-SAL
2008-03-14 17:02 . 2008-03-14 17:05 <DIR> d-------- C:\Program Files\AdorageI-GfxDatas
2008-03-14 11:39 . 2008-03-19 11:20 17 --a------ C:\WINDOWS\MovingPicture.ini
2008-03-14 11:37 . 2008-03-14 17:27 <DIR> d-------- C:\Program Files\BIAS
2008-03-14 11:34 . 2008-03-14 17:20 <DIR> d-------- C:\Program Files\proDAD
2008-03-14 10:56 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2008-03-14 10:55 . 2004-03-03 11:50 2,079,232 --------- C:\WINDOWS\system32\LTCLR13s.dll
2008-03-14 10:55 . 2004-03-03 11:50 1,013,248 --------- C:\WINDOWS\system32\Ltwvc13n.dll
2008-03-14 10:55 . 2004-03-03 11:50 930,992 --------- C:\WINDOWS\system32\Ltr13n.dll
2008-03-14 10:55 . 2004-03-03 11:50 884,736 --------- C:\WINDOWS\system32\LMUIRes.dll
2008-03-14 10:55 . 2004-03-03 12:50 409,600 --------- C:\WINDOWS\system32\LFCMP13s.DLL
2008-03-14 10:55 . 2004-03-03 11:50 306,352 --------- C:\WINDOWS\system32\Ltrio13n.dll
2008-03-14 10:55 . 2004-03-03 11:50 110,080 --------- C:\WINDOWS\system32\lfpsd13s.dll
2008-03-14 10:55 . 2004-03-03 11:50 70,144 --------- C:\WINDOWS\system32\lfbmp13s.dll
2008-03-14 10:55 . 2004-03-03 11:50 64,512 --------- C:\WINDOWS\system32\lftga13s.dll
2008-03-14 10:55 . 2004-03-03 11:50 12,288 --------- C:\WINDOWS\system32\LMLRes.dll
2008-03-14 10:48 . 2007-01-26 02:04 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2008-03-14 10:48 . 2007-01-26 02:04 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2008-03-14 10:48 . 2007-01-26 02:04 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2008-03-14 10:48 . 2007-01-26 02:04 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2008-03-14 10:48 . 2007-01-26 02:04 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2008-03-14 10:45 . 2004-02-24 13:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2008-03-14 10:41 . 2008-03-14 10:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-03-13 00:36 . 2008-03-13 00:36 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-12 19:29 . 2008-03-12 19:29 <DIR> d-------- C:\Program Files\Common Files\Enterbrain
2008-03-12 15:48 . 2008-03-12 15:48 90,624 --a------ C:\WINDOWS\system32\svkpnd.dll
2008-03-12 15:48 . 2008-03-12 15:48 2,368 --a------ C:\WINDOWS\system32\SVKP.sys
2008-03-12 15:47 . 2008-03-12 15:47 <DIR> d-------- C:\Program Files\3DSFMM2
2008-03-11 15:23 . 2008-03-11 15:23 <DIR> d-------- C:\Program Files\CCGM
2008-03-09 12:11 . 1996-12-11 01:00 32,768 --------- C:\WINDOWS\SKUNINST.EXE
2008-03-09 12:11 . 1996-12-26 01:00 31,744 --------- C:\WINDOWS\SonicKUS.DLL
2008-03-09 12:11 . 1996-12-11 01:00 22,528 --------- C:\WINDOWS\MsgV2US.DLL
2008-03-09 12:11 . 2008-03-09 12:11 355 --a------ C:\WINDOWS\Sonic3K.INI
2008-03-09 12:10 . 2008-03-09 12:10 <DIR> d-------- C:\SEGA
2008-03-06 19:31 . 2008-03-06 19:31 379,214 --a------ C:\WINDOWS\jjokesscr2.exe
2008-03-06 19:31 . 2008-03-06 19:31 143,936 --a------ C:\WINDOWS\jjokesscr2.scr
2008-03-06 19:31 . 2008-03-06 19:31 28,672 --a------ C:\WINDOWS\gscr.dll
2008-03-04 18:17 . 2008-03-04 18:17 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-03-04 18:16 . 2008-03-04 18:17 <DIR> d-------- C:\Program Files\001
2008-03-03 21:11 . 2008-03-03 21:11 <DIR> d-------- C:\Program Files\Dobermann
2008-03-02 19:37 . 2008-03-02 19:37 <DIR> d-------- C:\Program Files\FMOD SoundSystem
2008-02-29 18:33 . 2008-02-29 18:33 <DIR> d-------- C:\DiamondGameStudio
2008-02-28 12:59 . 2008-02-28 13:00 <DIR> d-------- C:\ENC
2008-02-28 12:59 . 1996-01-26 14:48 40,960 --a------ C:\WINDOWS\system32\flccodec32.dll
2008-02-28 12:59 . 1996-04-03 09:30 24,064 --a------ C:\WINDOWS\system32\aasc32.dll
2008-02-28 12:59 . 1996-04-03 15:58 16,896 --a------ C:\WINDOWS\system32\flcfile32.dll
2008-02-27 15:40 . 2008-02-27 15:40 <DIR> d-------- C:\Program Files\Enterbrain
2008-02-27 10:29 . 2002-02-13 13:52 32,256 --a------ C:\WINDOWS\system32\kailleraclient.dll
2008-02-27 09:40 . 2008-02-27 09:40 <DIR> d-------- C:\gameSpaceLight
2008-02-27 09:40 . 2008-02-27 09:46 143 --a------ C:\WINDOWS\Caligari.ini
2008-02-25 12:38 . 2008-02-25 12:42 <DIR> d-------- C:\Program Files\3D Rad
2008-02-25 12:38 . 2004-11-09 17:20 87,552 --a------ C:\WINDOWS\system32\trltmpct.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 17:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-25 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-25 14:56 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-24 13:10 4,096 ----a-w C:\WINDOWS\winsystem.exe
2008-03-21 19:13 529 ----a-w C:\Program Files\HyCam2.hc2lic
2008-03-14 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 11:33 --------- d-----w C:\Program Files\Pinnacle
2008-03-14 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-03-13 09:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-08 15:40 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-08 15:37 --------- d-----w C:\Program Files\Microsoft Games
2008-03-06 21:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 21:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 21:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-01 16:45 --------- d-----w C:\Program Files\Abe's Exoddus
2008-02-29 20:15 --------- d-----w C:\Program Files\PetrLite
2008-02-28 01:23 --------- d-----w C:\Program Files\Windows Live
2008-02-27 15:45 19,698,021 ----a-w C:\ailen encounter.exe
2008-02-27 10:47 --------- d-----w C:\Program Files\Sonic
2008-02-25 10:05 --------- d-----w C:\Program Files\EA GAMES
2008-02-19 19:53 --------- d-----w C:\Program Files\GStudio7
2008-02-19 19:52 3,026 ----a-w C:\WINDOWS\system32\drivers\hwinterface.sys
2008-02-19 19:49 17,408 ----a-w C:\psapi.dll
2008-02-19 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-19 15:05 --------- d-----w C:\Program Files\Azureus
2008-02-19 13:26 --------- d-----w C:\Program Files\Atari
2008-02-12 08:12 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-11 12:55 --------- d--h--w C:\Program Files\Game_Maker6
2008-02-11 09:22 --------- d-----w C:\Program Files\The Game Creators
2008-02-11 08:56 --------- d-----w C:\Program Files\SFXEngine Demo
2008-02-08 15:57 --------- d-----w C:\Program Files\emagic
2008-02-07 14:19 --------- d-----w C:\Program Files\Moyea
2008-02-04 20:54 --------- d-----w C:\Program Files\Spyware and Virus Control Panel
2008-02-01 11:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 09:41 --------- d-----w C:\Program Files\SecondLife
2008-01-25 15:53 --------- d-----w C:\Program Files\Stop Motion Pro v6
2007-12-25 09:42 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-23 12:45 882,000 ----a-w C:\Program Files\HyCam2.exe
2007-10-23 12:45 87,400 ----a-w C:\Program Files\UnHyCam2.exe
2007-10-22 15:09 106,496 ----a-w C:\Program Files\CamRes2.dll
2007-09-27 14:31 5,272 ----a-w C:\Program Files\HyCam2.tlb
2007-08-11 18:15 57,344 ----a-w C:\Program Files\MClick2.dll
2007-04-04 17:55 10,834 ---ha-w C:\Program Files\HyCam2.GID
2007-01-15 20:48 592 ----a-w C:\Documents and Settings\Jayshari_Skye\Application Data\wklnhst.dat
2006-12-14 13:13 113,628 ----a-w C:\Program Files\HyCam2.chm
2006-12-14 10:18 3,274 ----a-w C:\Program Files\agreement.txt
2006-09-14 14:55 136,440 ----a-w C:\Documents and Settings\Jayshari_Skye\Application Data\GDIPFONTCACHEV1.DAT
2006-07-09 05:13 82 ----a-w C:\Program Files\HomePage.url
2006-05-28 09:37 560 ----a-w C:\Documents and Settings\Jayshari_Skye\Application Data\ViewerApp.dat
2006-05-06 12:28 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-03-09 14:13 11,008 ----a-w C:\WINDOWS\inf\EB100Usb.sys
2006-03-02 17:07 0 -c--a-w C:\Program Files\the3d game maker.avi
2004-06-07 13:48 183,196 ----a-w C:\Program Files\HyCam2.hlp
2004-05-05 12:57 2,018 ----a-w C:\Program Files\readme.txt
2004-04-22 13:00 626 ----a-w C:\Program Files\HyCam2.exe.manifest
2004-04-16 14:07 675 ----a-w C:\Program Files\HyCam2.cnt
2000-02-24 16:07 570,128 ----a-w C:\Program Files\Common Files\DAO350.DLL
1999-06-24 11:49 587 ----a-w C:\Program Files\8-44100d.wav
1999-06-24 11:49 421 ----a-w C:\Program Files\8-44100u.wav
1999-06-24 11:47 317 ----a-w C:\Program Files\8-22050d.wav
1999-06-24 11:47 225 ----a-w C:\Program Files\8-22050u.wav
1999-06-24 11:46 183 ----a-w C:\Program Files\8-11025d.wav
1999-06-24 11:46 135 ----a-w C:\Program Files\8-11025u.wav
1999-06-24 11:44 127 ----a-w C:\Program Files\8-8000u.wav
1999-06-24 11:43 151 ----a-w C:\Program Files\8-8000d.wav
1999-06-24 11:41 220 ----a-w C:\Program Files\16-8000u.wav
1999-06-24 11:40 260 ----a-w C:\Program Files\16-8000d.wav
1999-06-24 11:38 956 ----a-w C:\Program Files\16-44100u.wav
1999-06-24 11:37 1,186 ----a-w C:\Program Files\16-44100d.wav
1999-06-24 11:34 652 ----a-w C:\Program Files\16-22050d.wav
1999-06-24 11:34 442 ----a-w C:\Program Files\16-22050u.wav
1999-06-24 10:54 340 ----a-w C:\Program Files\16-11025d.wav
1999-06-24 10:50 326 ----a-w C:\Program Files\16-11025u.wav
1999-06-17 11:10 73,184 ----a-w C:\Program Files\Common Files\DAO2535.TLB
1996-11-17 15:18 48,770 ----a-w C:\Program Files\Common Files\dao2532.tlb
1996-08-05 22:00 456,464 ----a-w C:\Program Files\Common Files\DAO3032.DLL
2007-06-29 09:05 1,844,563 --sha-w C:\WINDOWS\system32\knnmp.bak1
2007-06-29 19:50 1,844,002 --sha-w C:\WINDOWS\system32\knnmp.bak2
.
Code:
<pre>
----a-w        19,730,233 2006-09-11 19:55:42  C:\Program Files\Dark Basic Software\The 3D Gamemaker\Exes\Default\Cops .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{93344865-74BD-4873-BE65-56539D41A65C}"= "C:\WINDOWS\Downloaded Program Files\Earn2Life.dll" [2007-05-14 18:18 303104]

[HKEY_CLASSES_ROOT\clsid\{93344865-74bd-4873-be65-56539d41a65c}]
[HKEY_CLASSES_ROOT\Earn2Life.LeadBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{92F9C4A2-C2A5-41f6-9829-49B8C6FF0709}]
[HKEY_CLASSES_ROOT\Earn2Life.LeadBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 15:04 68856]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 22:06 2321600]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2005-09-20 06:12 36972]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 03:05 344064]
"PCDrProfiler"="" []
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 11:06 71216]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 15:42 79448]
"HostManager"="C:\Program Files\Common Files\AOL\1175724214\ee\AOLSoftware.exe" [2006-11-17 13:21 50736]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 07:11 771704]
"SpyHunter"="" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-26 22:30 185896]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 16:37 286720]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]

C:\Documents and Settings\Jayshari_Skye\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
MoonPhase.lnk - C:\Program Files\Moon\moon.exe [1998-02-08 90112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0b\aoltray.exe [2007-03-30 19:23:40 156784]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 16:41:38 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"KbdChk"= {f4e444e8-fc77-4a5f-81f0-fbe7fd468f54} - C:\WINDOWS\Installer\{f4e444e8-fc77-4a5f-81f0-fbe7fd468f54}\KbdChk.dll [ ]
"vbgtorfd"= {839298CA-BD01-41BF-BDF3-C12516EF81FB} - C:\WINDOWS\vbgtorfd.dll [2008-03-24 10:38 221184]
"dwnrpofk"= {354AE0EA-6619-4BC3-84EE-F953D2FF7FEC} - C:\WINDOWS\dwnrpofk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqnlj]
rqrqnlj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
winjvd32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2008-02-19 19:52]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-03-12 15:48]
R2 U3sHlpDr;U3sHlpDr;C:\WINDOWS\System32\Drivers\U3sHlpDr.sys [2007-10-20 10:05]
S3 smp_lpt;smp_lpt;C:\WINDOWS\system32\DRIVERS\smp_lpt.sys [2007-01-24 12:25]
S3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27cc5b8a-262e-11da-9088-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 17:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-19 18:20:19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-10-13 23:25:38 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1144668639.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-01-14 19:05:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1192384603.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-03-24 18:02:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1194631176.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-03-04 15:55:09 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2008-03-24 20:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Compaq_Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 17:40:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\vbgtorfd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-25 17:55:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-25 17:55:00
.
2008-03-13 00:36:53 --- E O F ---
 

jayshari

Thread Starter
Joined
Jul 5, 2007
Messages
23
Ok above is the combo fix log and I have taken another HJT log too

Combo fix seems to have sorted the issues on this profile...
I haven't logged into my profile yet so i don't know if the black screen has been sorted


Please came someone read over all of these and check them for me

Thanks
 

jayshari

Thread Starter
Joined
Jul 5, 2007
Messages
23
OKAY ....
really need help now...
i cannot log into my profile AT ALL....

I also cannot access it from other profiles as for some reason it is 'access denied'...

The screen background is black and the taskbar is black and the icon text is black and can't be read...
i can't see ANYTHING to run programs.!!!!!

I have tried to run SUPERantispyware but I can't click on the scan button cos i can't see it!!!!


I CAN'T DO ANYTHING!!!!

I seem to have sorted the problem above, on my sons profile but we really need access to my profile as it has vital information on it and i can't get at it!

PLEASE PLEASE help i am completely stuck...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top