1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Malware problem

Discussion in 'Virus & Other Malware Removal' started by lancel, Aug 18, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. lancel

    lancel Thread Starter

    Joined:
    Aug 18, 2007
    Messages:
    8
    At least I think it is. I keep getting pop ups and I'm getting download requests fron Winantispy 2007. Don't know what else to put in here but here's my hijack this log. Hope I did it right, not sure honestly.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:53:15 PM, on 8/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\taskmgr.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Documents and Settings\Lance\sdadlrow-t2.exe
    C:\WINDOWS\g4356cbvy63.exe
    C:\WINDOWS\System32\KB_963491.exe
    C:\WINDOWS\System32\ocxloader.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\DOCUME~1\Lance\LOCALS~1\Temp\rsysinit.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\DOCUME~1\Lance\LOCALS~1\Temp\18359\gm.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    F3 - REG:win.ini: load=C:\WINDOWS\taskmgr.exe,
    O1 - Hosts: 58.65.239.66 www.veryfastsearch.com
    O1 - Hosts: 58.65.239.66 veryfastsearch.com127.0.0.1 www.trendmicro.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {142540F2-ABDD-41EF-93B1-2123308FF454} - \
    O2 - BHO: (no name) - {18ADFA67-1F0A-458B-893E-245D895B9085} - C:\WINDOWS\shwol.dll
    O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll
    O2 - BHO: (no name) - {5B8A1879-70B1-4723-84EE-EED89EF3AAA7} - C:\WINDOWS\System32\mljgh.dll (file missing)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
    O2 - BHO: (no name) - {E25600A1-015A-4F11-B0FA-C098C26D7599} - C:\WINDOWS\System32\vtutu.dll (file missing)
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: NLogSink Class - {A4CD0C95-628E-4754-A4C5-022405B55FDE} - C:\WINDOWS\System32\logger.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [MemoryManager] rundll32.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [svhost] C:\WINDOWS\twain_32.exe
    O4 - HKLM\..\Run: [{21-14-42-2D-ZN}] C:\DOCUME~1\Lance\LOCALS~1\Temp\thinksnet.exe CHD003
    O4 - HKLM\..\Run: [bantool] C:\Documents and Settings\Lance\sdadlrow-t2.exe
    O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Lance\TISKY008.exe SKY008
    O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
    O4 - HKLM\..\Run: [Winmplayer] "C:\WINDOWS\System32\KB_963491.exe"
    O4 - HKLM\..\Run: [ocxloader.exe] C:\WINDOWS\System32\ocxloader.exe
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [ms] C:\DOCUME~1\Lance\LOCALS~1\Temp\18359\gm.exe
    O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Hjsdf9ui9jkeftdf] C:\DOCUME~1\Lance\LOCALS~1\Temp\svchots.exe
    O4 - HKCU\..\Run: [XP restart system] C:\DOCUME~1\Lance\LOCALS~1\Temp\wnset.exe
    O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Lance\TISKY008.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ConferenceRoom Java Client - http://chat3.cytron.com:8080/java/cr.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{32DAB027-944D-4E5B-A04E-0C0297378F2E}: NameServer = 85.255.116.84,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A795F2A-951C-4DE2-BDCA-686A6668FC87}: NameServer = 85.255.116.84,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{69BDE57A-215F-466C-B0B6-B7D7434E70DD}: NameServer = 85.255.116.84,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{70DEFA87-767E-48A5-B03E-097365638F4D}: NameServer = 85.255.116.84,85.255.112.191
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
    O20 - AppInit_DLLs: C
    O20 - Winlogon Notify: fccawwx - fccawwx.dll (file missing)
    O20 - Winlogon Notify: gebxvuv - gebxvuv.dll (file missing)
    O20 - Winlogon Notify: mljgh - C:\WINDOWS\System32\mljgh.dll (file missing)
    O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing)
    O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\jqwr.dll
    O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll
    O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\jqwr.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: Windows Notification Service (Winnotify) - Unknown owner - C:\WINDOWS\System32\winntify.exe (file missing)
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 10965 bytes
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have a LOT of problems - be patient this will take a while - be sure to do ALL of what I post

    ========================
    Download win32delfkil.exe: http://users.telenet.be/marcvn/tools/win32delfkil.exe
    Save it on your desktop.
    Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil
    Close all windows, open the win32delfkil folder and double click on fix.bat.

    The computer will reboot automatically
    ====================

    Please download FixWareout from one of these mirrors:
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
    http://downloads.subratam.org/Fixwareout.exe

    Note: You must have an active Internet connection when running this fix, in order to download the Brute Force Uninstaller (BFU).

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
    Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
    Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.
    ============================

    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    or
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall

    =====================
    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me regardless of what it finds with a new HijackThis log.

    This will take some time!!!!!!!!
     
  3. lancel

    lancel Thread Starter

    Joined:
    Aug 18, 2007
    Messages:
    8
    K, did fixwareout and then reran hijack this. Though at the end of fixware out it didn't give me a message about downloading bruteforce, but it said it was complete.

    Fixwareout log:

    Username "Lance" - 2007-08-18 19:31:20 [Fixwareout edited 2007/07/05]

    »»»»»Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kdjgx.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    "nameserver"="85.255.116.84 85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{32DAB027-944D-4E5B-A04E-0C0297378F2E}
    "nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4A795F2A-951C-4DE2-BDCA-686A6668FC87}
    "nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{69BDE57A-215F-466C-B0B6-B7D7434E70DD}
    "nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{70DEFA87-767E-48A5-B03E-097365638F4D}
    "nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{32DAB027-944D-4E5B-A04E-0C0297378F2E}
    "DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{69BDE57A-215F-466C-B0B6-B7D7434E70DD}
    "DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{70DEFA87-767E-48A5-B03E-097365638F4D}
    "DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C7D0BAA6-E74C-4F5F-A151-0DF9DE9AC740}
    "DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.

    Could not flush the DNS Resolver Cache: Function failed during execution.


    System was rebooted successfully.

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    ....
    »»»»» Misc files.
    ....
    »»»»» Checking for older varients.
    ....
    »»»»» Other
    C:\WINDOWS\Temp\kdjgx.ren 71233 2002-09-03

    »»»»» Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="\"RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup\""
    "nwiz"="nwiz.exe "
    "BCMSMMSG"="BCMSMMSG.exe"
    "PRISMSVR.EXE"="\"C:\\WINDOWS\\System32\\PRISMSVR.EXE\" /APPLY"
    "CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
    "CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
    "YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
    "UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "svhost"="\"C:\\WINDOWS\\svhost.exe\""
    "{21-14-42-2D-ZN}"="C:\\DOCUME~1\\Lance\\LOCALS~1\\Temp\\thinksnet.exe CHD003"
    "Winmplayer"="\"C:\\WINDOWS\\System32\\KB_963491.exe\""
    "SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"
    "startdrv"="C:\\WINDOWS\\Temp\\startdrv.exe"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
    "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
    "Hjsdf9ui9jkeftdf"="C:\\DOCUME~1\\Lance\\LOCALS~1\\Temp\\svchots.exe"
    "Fvsqnh"="\"C:\\Documents and Settings\\Lance\\Application Data\\M?crosoft.NET\\w?auboot.exe\""
    "WinTouch"="C:\\Documents and Settings\\Lance\\Application Data\\WinTouch\\WinTouch.exe"
    "SfKg6w"="C:\\Documents and Settings\\Lance\\Application Data\\Microsoft\\Windows\\pqukk.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»



    Hijack This log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:38, on 2007-08-18
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wuauclt.exe
    c:\windows\system32\notepad.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\svhost.exe
    C:\WINDOWS\System32\KB_963491.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\Documents and Settings\Lance\Application Data\M?crosoft.NET\w?auboot.exe
    C:\Documents and Settings\Lance\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\Lance\Application Data\Microsoft\Windows\pqukk.exe
    c:\progra~1\yahoo!\messen~1\ymsgr_tray.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    c:\docume~1\lance\locals~1\temp\!update.exe
    c:\docume~1\lance\mydocu~1\fnts~1\winword.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
    O4 - HKLM\..\Run: [{21-14-42-2D-ZN}] C:\DOCUME~1\Lance\LOCALS~1\Temp\thinksnet.exe CHD003
    O4 - HKLM\..\Run: [Winmplayer] "C:\WINDOWS\System32\KB_963491.exe"
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Lance\TISKY008.exe SKY008
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Hjsdf9ui9jkeftdf] C:\DOCUME~1\Lance\LOCALS~1\Temp\svchots.exe
    O4 - HKCU\..\Run: [Fvsqnh] "C:\Documents and Settings\Lance\Application Data\M?crosoft.NET\w?auboot.exe"
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Lance\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Lance\Application Data\Microsoft\Windows\pqukk.exe
    O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Lance\MYDOCU~1\FNTS~1\winword.exe" -vt yazb
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Lance\TISKY008.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ConferenceRoom Java Client - http://chat3.cytron.com:8080/java/cr.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O20 - AppInit_DLLs: finger.dll
    O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - (no file)
    O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: Windows Notification Service (Winnotify) - Unknown owner - C:\WINDOWS\System32\winntify.exe (file missing)
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 8114 bytes
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Keep going DO ALL OF IT!
     
  5. lancel

    lancel Thread Starter

    Joined:
    Aug 18, 2007
    Messages:
    8
    Fixwareout log:

    Username "Lance" - 2007-08-18 19:31:20 [Fixwareout edited 2007/07/05]

    »»»»»Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kdjgx.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    "nameserver"="85.255.116.84 85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{32DAB027-944D-4E5B-A04E-0C0297378F2E}
    "nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{4A795F2A-951C-4DE2-BDCA-686A6668FC87}
    "nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{69BDE57A-215F-466C-B0B6-B7D7434E70DD}
    "nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{70DEFA87-767E-48A5-B03E-097365638F4D}
    "nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{32DAB027-944D-4E5B-A04E-0C0297378F2E}
    "DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{69BDE57A-215F-466C-B0B6-B7D7434E70DD}
    "DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{70DEFA87-767E-48A5-B03E-097365638F4D}
    "DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{C7D0BAA6-E74C-4F5F-A151-0DF9DE9AC740}
    "DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.

    Could not flush the DNS Resolver Cache: Function failed during execution.


    System was rebooted successfully.

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    ....
    »»»»» Misc files.
    ....
    »»»»» Checking for older varients.
    ....
    »»»»» Other
    C:\WINDOWS\Temp\kdjgx.ren 71233 2002-09-03

    »»»»» Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="\"RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup\""
    "nwiz"="nwiz.exe "
    "BCMSMMSG"="BCMSMMSG.exe"
    "PRISMSVR.EXE"="\"C:\\WINDOWS\\System32\\PRISMSVR.EXE\" /APPLY"
    "CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
    "CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
    "YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
    "UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "svhost"="\"C:\\WINDOWS\\svhost.exe\""
    "{21-14-42-2D-ZN}"="C:\\DOCUME~1\\Lance\\LOCALS~1\\Temp\\thinksnet.exe CHD003"
    "Winmplayer"="\"C:\\WINDOWS\\System32\\KB_963491.exe\""
    "SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"
    "startdrv"="C:\\WINDOWS\\Temp\\startdrv.exe"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
    "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
    "Hjsdf9ui9jkeftdf"="C:\\DOCUME~1\\Lance\\LOCALS~1\\Temp\\svchots.exe"
    "Fvsqnh"="\"C:\\Documents and Settings\\Lance\\Application Data\\M?crosoft.NET\\w?auboot.exe\""
    "WinTouch"="C:\\Documents and Settings\\Lance\\Application Data\\WinTouch\\WinTouch.exe"
    "SfKg6w"="C:\\Documents and Settings\\Lance\\Application Data\\Microsoft\\Windows\\pqukk.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»
     
  6. lancel

    lancel Thread Starter

    Joined:
    Aug 18, 2007
    Messages:
    8
    Combofix log:

    ComboFix 07-08-14.4 - "Lance" 2007-08-18 20:04:07.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.59 [GMT -5:00]


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\50745315.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
    C:\DOCUME~1\Lance\APPLIC~1.\mcroso~1.net
    C:\DOCUME~1\Lance\APPLIC~1.\mcroso~1.net\w?auboot.exe
    C:\DOCUME~1\Lance\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\Lance\APPLIC~1.\winantispyware 2007 free
    C:\DOCUME~1\Lance\APPLIC~1.\winantispyware 2007 free\description.txt
    C:\DOCUME~1\Lance\APPLIC~1.\winantispyware 2007\Logs\update.log
    C:\DOCUME~1\Lance\APPLIC~1\..\err.log
    C:\DOCUME~1\Lance\APPLIC~1\Microsoft\25319.dat
    C:\DOCUME~1\Lance\APPLIC~1\WinAntiSpyware 2006
    C:\DOCUME~1\Lance\APPLIC~1\WinAntiSpyware 2006\Logs\update.log
    C:\DOCUME~1\Lance\APPLIC~1\WinAntiSpyware 2007 Free\description.txt
    C:\DOCUME~1\Lance\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
    C:\DOCUME~1\Lance\APPLIC~1\WinTouch\wintouch.cfg
    C:\DOCUME~1\Lance\APPLIC~1\WinTouch\WinTouch.exe
    C:\DOCUME~1\Lance\APPLIC~1\WinTouch\WTUninstaller.exe
    C:\DOCUME~1\Lance\MYDOCU~1.\fnts~1
    C:\DOCUME~1\Lance\MYDOCU~1.\fnts~1\?ymantec\
    C:\DOCUME~1\Lance\MYDOCU~1.\fnts~1\winword.exe
    C:\DOCUME~1\Lance\STARTM~1\Programs.\Outerinfo
    C:\DOCUME~1\Lance\STARTM~1\Programs.\Outerinfo\Terms.lnk
    C:\DOCUME~1\Lance\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
    C:\DOCUME~1\Lance\STARTM~1\Programs\Startup.\TA_Start.lnk
    C:\Program Files\Common Files\microsoft shared\web folders\ibm00003.dll
    C:\Program Files\Common Files\microsoft shared\web folders\ibm00004.dll
    C:\Program Files\Common Files\winantispyware 2007
    C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
    C:\Program Files\Common Files\winantispyware 2007\err.log
    C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
    C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
    C:\Program Files\inetget2
    C:\Program Files\network monitor
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\OiUninstaller.exe
    C:\Program Files\outerinfo\outerinfo.ico
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\svhost
    C:\Program Files\svhost\wr-1-0000077.exe
    C:\Program Files\TTC.dll
    C:\Program Files\winantispyware 2007
    C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d7490054b427d2ec4bb\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d7490054b427d2ec4bb\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d7490054b427d2ec4bb\#internal
    C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d7490054b427d2ec4bb\#internal
    C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d7490054b427d2ec4bb\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d7490054b427d2ec4bb\#name
    C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8df07774157a18f4f92\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8df07774157a18f4f92\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8df07774157a18f4f92\#internal
    C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8df07774157a18f4f92\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8df07774157a18f4f92\#name
    C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8df07774157a18f4f92\#name
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\temp\brr
    C:\Temp\fse
    C:\Temp\fse\tmpZTF.log
    C:\WINDOWS\b104.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\b128.exe
    C:\WINDOWS\b138.exe
    C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
    C:\WINDOWS\g4356cbvy63.exe
    C:\WINDOWS\notedad.exe
    C:\WINDOWS\retadpu77.exe
    C:\WINDOWS\svhost.exe
    C:\WINDOWS\system32\0_exception.nls
    C:\WINDOWS\system32\ahui.dll
    C:\WINDOWS\system32\append.dll
    C:\WINDOWS\system32\arp.dll
    C:\WINDOWS\system32\attrib.dll
    C:\WINDOWS\system32\b02FdUe
    C:\WINDOWS\system32\B1
    C:\WINDOWS\system32\B1\chkq22011.exe
    C:\WINDOWS\system32\charmap.dll
    C:\WINDOWS\system32\chkdsk.dll
    C:\WINDOWS\system32\chkntfs.dll
    C:\WINDOWS\system32\cisvc.dll
    C:\WINDOWS\system32\ckcnv.dll
    C:\WINDOWS\system32\cleanmgr.dll
    C:\WINDOWS\system32\clipbrd.dll
    C:\WINDOWS\system32\clipsrv.dll
    C:\WINDOWS\system32\csrss.dll
    C:\WINDOWS\system32\ctfmon.dll
    C:\WINDOWS\system32\czgjcnx.dll
    C:\WINDOWS\system32\dllhost.dll
    C:\WINDOWS\system32\drivers\ip6fw.sys
    C:\WINDOWS\system32\drivers\runtime2.sys
    C:\WINDOWS\system32\drwtsn32.dll
    C:\WINDOWS\system32\dvdplay.dll
    C:\WINDOWS\system32\dwdsrngt.exe
    C:\WINDOWS\system32\evdcnlm.dll
    C:\WINDOWS\system32\explorer.dll
    C:\windows\system32\explorer.exe
    C:\WINDOWS\system32\explorer.exe
    C:\WINDOWS\system32\f02WtR
    C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
    C:\WINDOWS\system32\f10WtR
    C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
    C:\WINDOWS\system32\G1
    C:\WINDOWS\system32\G1\by88.exe
    C:\WINDOWS\system32\iexplorer.dll .dbt
    C:\WINDOWS\system32\javaw.dll
    C:\WINDOWS\system32\KB04080293.exe
    C:\WINDOWS\system32\KB18428516.exe
    C:\WINDOWS\system32\KB29665359.exe
    C:\WINDOWS\system32\KB44105609.exe
    C:\WINDOWS\system32\KB53321968.exe
    C:\WINDOWS\system32\KB86265833.exe
    C:\WINDOWS\system32\koos.exe
    C:\WINDOWS\system32\kprof
    C:\WINDOWS\system32\ksys.sys
    C:\WINDOWS\system32\kwinpmdt.exe
    C:\WINDOWS\system32\l3acdb.dll
    C:\WINDOWS\system32\logonui.dll
    C:\WINDOWS\system32\lsass.dll
    C:\WINDOWS\system32\mp43.exe
    C:\WINDOWS\system32\msbind32.exe
    C:\WINDOWS\system32\msdtc.dll
    C:\WINDOWS\system32\mshta.dll
    C:\WINDOWS\system32\msiexec.dll
    C:\WINDOWS\system32\netdde.dll
    C:\WINDOWS\system32\notepad.dll
    C:\WINDOWS\system32\nslookup.dll
    C:\WINDOWS\system32\ntoskrnl.dll
    C:\WINDOWS\system32\ntvdm.dll
    C:\WINDOWS\system32\ocxapi.dll
    C:\WINDOWS\system32\ocxloader.exe
    C:\WINDOWS\system32\ping.dll
    C:\WINDOWS\system32\poof
    C:\WINDOWS\system32\qmopt.dll
    C:\WINDOWS\system32\regsvr32.dll
    C:\WINDOWS\system32\rundll32.dll
    C:\WINDOWS\system32\services.dll
    C:\WINDOWS\system32\smss.dll
    C:\WINDOWS\system32\spoolsv.dll
    C:\WINDOWS\system32\spupdsvc.dll
    C:\WINDOWS\system32\stimon.dll
    C:\WINDOWS\system32\svchost.dll
    C:\WINDOWS\system32\syskey.dll
    C:\WINDOWS\system32\taskmgr.dll
    C:\WINDOWS\system32\tracert.dll
    C:\WINDOWS\system32\user.dll
    C:\WINDOWS\system32\userinit.dll
    C:\WINDOWS\system32\win
    C:\WINDOWS\system32\winlogon.dll
    C:\WINDOWS\system32\winpfz32.sys
    C:\WINDOWS\system32\winspool.dll
    C:\WINDOWS\system32\wintsvtr.exe
    C:\WINDOWS\system32\wowexec.dll
    C:\WINDOWS\system32\wuauclt.dll
    C:\WINDOWS\system32\Y1
    C:\WINDOWS\system32\Y2
    C:\WINDOWS\uni_eh44.exe
    C:\WINDOWS\uninst1014.exe
    C:\WINDOWS\WebAssist.dll
    C:\WINDOWS\wr.txt
    C:\WINDOWS\xhelper.dll


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CMDSERVICE
    -------\LEGACY_FOPN
    -------\LEGACY_LANMANDRV
    -------\LEGACY_NDNET1
    -------\LEGACY_NTMLSVC
    -------\LEGACY_POOF
    -------\LEGACY_RUNTIME
    -------\LEGACY_RUNTIME2
    -------\LEGACY_WINNOTIFY
    -------\ApiMon
    -------\NDnet1
    -------\NtmlSvc
    -------\Winnotify


    ((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))


    2007-08-18 19:31 10,057 --a------ C:\dnsbak.reg
    2007-08-18 19:16 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-18 19:09 2,007 --a------ C:\WINDOWS\system32\ielog.dll
    2007-08-18 18:04 <DIR> d-------- C:\_backupD
    2007-08-18 18:00 90,112 --a------ C:\WINDOWS\system32\regdacl.exe
    2007-08-18 18:00 4,096 --a------ C:\WINDOWS\system32\reboot.exe
    2007-08-18 18:00 280,230 --a------ C:\win32delfkil.exe
    2007-08-18 18:00 16,384 --a------ C:\WINDOWS\system32\restart.exe
    2007-08-18 18:00 <DIR> d-------- C:\WINDOWS\system32\regdacl
    2007-08-18 17:29 6,473 ---hs---- C:\WINDOWS\system32\xybeg.bak1
    2007-08-18 17:26 298,080 --------- C:\WINDOWS\system32\gebyx.dll
    2007-08-18 17:21 43,542 --a------ C:\WINDOWS\system32\wvutuss.dll
    2007-08-18 16:58 15,360 --a------ C:\WINDOWS\ietemp.exe
    2007-08-18 16:50 4,096 --a------ C:\WINDOWS\system32\compact.dll
    2007-08-18 16:50 <DIR> d-------- C:\Program Files\Trend Micro
    2007-08-18 16:49 4,096 --a------ C:\WINDOWS\system32\wpabaln.dll
    2007-08-18 16:49 4,096 --a------ C:\WINDOWS\system32\shutdown.dll
    2007-08-18 16:49 4,096 --a------ C:\WINDOWS\system32\rexec.dll
    2007-08-18 16:49 4,096 --a------ C:\WINDOWS\system32\nvudisp.dll
    2007-08-18 16:49 4,096 --a------ C:\WINDOWS\system32\netsetup.dll
    2007-08-18 16:48 4,096 --a------ C:\WINDOWS\system32\dosx.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\wupdmgr.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\write.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\winver.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\upnpcont.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\tscon.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\tourstart.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\swreg.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\SrchSTS.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\spider.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\spdwnwxp.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\sigverif.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\shadow.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\setup.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\sessmgr.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\savedump.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\runonce.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\regwiz.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\regini.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\rdshost.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\rdsaddin.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\rasphone.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\qmnielfg.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\pxinsa64.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\pathping.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\packager.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\odbcad32.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\nvsvc32.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\nvappbar.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\ntkrnlpa.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\magnify.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\lpr.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\logoff.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\locator.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\krnl386.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\KB44105609.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\help.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\gdi.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\find.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\fastopen.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\dwwin.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\dfrgfat.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\comp.dll
    2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\at.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\YPcservice.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\xpsp1hfm.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\wpnpinst.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\winhlp32.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\tsshutdn.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\tcpsvcs.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\swsc.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\SpoonUninstall.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\routemon.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\redir.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\pxhpinst.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\pxcpyi64.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\ping6.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\pentnt.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\netstat.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\nddeapir.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\mscdexnt.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\mnmsrvc.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\logagent.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\lnkstub.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\KB86265833.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\ipxroute.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\ftp.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\fontview.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\eudcedit.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\edlin.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\dpvsetup.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\dllhst3g.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\diskperf.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\diskpart.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\diantz.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\ddeshare.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\bootok.dll
    2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\autolfn.dll
    2007-08-18 16:45 4,096 --a------ C:\WINDOWS\system32\wuauclt1.dll
    2007-08-18 16:45 4,096 --a------ C:\WINDOWS\system32\wscript.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-18 20:13 6513 ---hs---- C:\WINDOWS\system32\xybeg.bak2
    2007-08-18 17:03 4096 --a------ C:\WINDOWS\system32\cliconfg.dll
    2007-08-18 01:32 --------- d-------- C:\Program Files\BearShare
    2007-08-18 01:31 --------- d-------- C:\Program Files\BearFlix
    2007-08-17 13:16 934400 --a------ C:\WINDOWS\system32\dllcache\kernel32.dll
    2007-08-17 13:16 587264 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-17 01:55 --------- d-------- C:\Program Files\Microsoft ActiveSync
    2007-08-16 13:30 --------- d-------- C:\Program Files\SBC LightSpeed Self Support Tool
    2007-08-16 13:30 --------- d-------- C:\Program Files\QuickTime
    2007-08-16 13:30 --------- d-------- C:\Program Files\Movie Maker
    2007-08-16 13:30 --------- d-------- C:\Program Files\mIRC
    2007-08-16 13:30 --------- d-------- C:\Program Files\Common Files\aolshare
    2007-08-16 13:30 --------- d-------- C:\Program Files\Common Files\AOL
    2007-08-16 13:30 --------- d-------- C:\Program Files\America Online 9.0
    2007-08-10 18:30 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-10 18:30 --------- d-------- C:\Program Files\Common Files\InstallShield
    2007-08-06 21:20 --------- d-------- C:\Program Files\MSN Messenger
    2007-07-26 03:37 879832 --a------ C:\WINDOWS\system32\drivers\VetEFile.1
    2007-07-26 03:37 26787 --a------ C:\WINDOWS\system32\drivers\VetMonNT.1
    2007-07-26 03:37 108360 --a------ C:\WINDOWS\system32\drivers\VetEBoot.1
    2007-07-26 03:36 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.1
    2007-07-26 03:36 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.1
    2007-07-26 03:36 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.1
    2007-07-26 03:36 --------- d-------- C:\Program Files\Yahoo!
    2007-07-22 16:06 --------- d-------- C:\Program Files\Dexster
    2007-07-22 16:06 --------- d-------- C:\Program Files\Astonsoft
    2007-07-16 01:32 --------- d-------- C:\Program Files\dvd43
    2007-07-16 01:05 --------- d-------- C:\Program Files\WinMX
    2007-07-13 17:56 --------- d-------- C:\Program Files\Tunebite
    2007-07-13 17:51 --------- d-------- C:\DOCUME~1\Lance\APPLIC~1\tunebite
    2007-07-13 17:50 --------- d-------- C:\DOCUME~1\Lance\APPLIC~1\RTPlayer
    2007-07-13 17:23 --------- d-------- C:\Program Files\Mp3 My Mp3 2.0
    2007-07-13 16:24 4215160 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
    2007-07-08 19:37 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-07 06:36 --------- d-------- C:\DOCUME~1\Lance\APPLIC~1\Apple Computer
    2007-07-01 18:45 --------- d-------- C:\Program Files\iTunes
    2007-07-01 18:44 --------- d-------- C:\Program Files\iPod
    2007-07-01 18:41 --------- d-------- C:\Program Files\Common Files\Apple
    2007-01-30 23:04 3072 --------- C:\Program Files\Thumbs.db
    2006-12-26 20:21 80129014 --a------ C:\Program Files\TMPScreeched - Dustin Diamond.wmv
    2005-08-02 21:46:54 187,904 --sha-r C:\WINDOWS\TGFuY2U\asappsrv.dll
    2005-08-02 21:58:38 293,888 --sha-r C:\WINDOWS\TGFuY2U\command.exe
    2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\TGFuY2U\n3IRsZo.vbs


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{142540F2-ABDD-41EF-93B1-2123308FF454}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18ADFA67-1F0A-458B-893E-245D895B9085}]
    2007-08-16 14:35 28160 --a------ C:\WINDOWS\shwol.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}]
    C:\WINDOWS\System32\mljgh.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9072813-1664-4178-84B8-20287C16926D}]
    2007-08-18 17:26 298080 --------- C:\WINDOWS\System32\gebyx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
    2007-08-18 17:21 43542 --a------ C:\WINDOWS\System32\wvutuss.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E25600A1-015A-4F11-B0FA-C098C26D7599}]
    C:\WINDOWS\System32\vtutu.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 17:16]
    "nwiz"="nwiz.exe" [2003-10-06 17:16 C:\WINDOWS\system32\nwiz.exe]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 07:59 C:\WINDOWS\BCMSMMSG.exe]
    "PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" []
    "CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-08-17 03:31]
    "CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-08-17 03:31]
    "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
    "svhost"="C:\WINDOWS\svhost.exe" []
    "Winmplayer"="C:\WINDOWS\System32\KB_963491.exe" [2007-08-17 12:11]
    "SNM"="C:\Program Files\SpyNoMore\SNM.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 14:08]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 19:13]
    "Fvsqnh"="C:\Documents and Settings\Lance\Application Data\M?crosoft.NET\w?auboot.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"= C:\WINDOWS\System32\wvutuss.dll [2007-08-18 17:21 43542]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "mhETsXpnnY"= {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll [2006-08-18 16:42 14848]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccawwx]
    fccawwx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxvuv]
    gebxvuv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyx]
    C:\WINDOWS\System32\gebyx.dll 2007-08-18 17:26 298080 C:\WINDOWS\system32\gebyx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]
    C:\WINDOWS\System32\mljgh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu]
    C:\WINDOWS\System32\vtutu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutuss]
    wvutuss.dll 2007-08-18 17:21 43542 C:\WINDOWS\system32\wvutuss.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=finger.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lance^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=C:\Documents and Settings\Lance\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    C:\Program Files\AIM\aim.exe -cnetwait.odl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
    "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
    "C:\Program Files\BearShare\BearShare.exe" /pause

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
    C:\Program Files\Creative\Shared Files\CamTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
    "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERROR ISO]
    C:\DOCUME~1\Lance\APPLIC~1\Mfcdknob\inter up.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
    "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    C:\WINDOWS\UpdReg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGA META AMEN SEND]
    C:\Documents and Settings\All Users\Application Data\axis heck vga meta\Jugs Obj.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

    R0 Nhuo60;Nhuo60;C:\WINDOWS\System32\drivers\Nhuo60.sys
    R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\System32\DRIVERS\BCMSM.sys
    R3 P16X;Creative SB Live! Series (WDM);C:\WINDOWS\System32\drivers\P16X.sys
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\System32\drivers\npf.sys
    S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\System32\DRIVERS\RimSerial.sys
    S3 SMC2862W;SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\System32\DRIVERS\2862WICB.sys
    S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\System32\drivers\tbhsd.sys


    Contents of the 'Scheduled Tasks' folder
    2007-08-05 23:34:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2007-08-19 01:00:00 C:\WINDOWS\Tasks\C9992350956B3D98.job - c:\docume~1\lance\applic~1\mfcdknob\upload each tick.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-18 20:13:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\drivers\symavc32.sys
    C:\WINDOWS\system32\drivers\Nhuo60.sys

    scan completed successfully
    hidden files: 2

    **************************************************************************

    Completion time: 2007-08-18 20:14:44 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-18 20:14

    --- E O F ---
     
  7. lancel

    lancel Thread Starter

    Joined:
    Aug 18, 2007
    Messages:
    8
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/18/2007 at 09:15 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3289
    Trace Rules Database Version: 1300

    Scan type : Custom Scan
    Total Scan Time : 00:55:47

    Memory items scanned : 338
    Memory threats detected : 5
    Registry items scanned : 4393
    Registry threats detected : 47
    File items scanned : 42892
    File threats detected : 512

    Trojan.Unknown Origin
    C:\WINDOWS\SYSTEM32\FINGER.DLL
    C:\WINDOWS\SYSTEM32\FINGER.DLL
    C:\QOOBOX\QUARANTINE\C\WINDOWS\B104.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AHUI.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\APPEND.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ARP.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ATTRIB.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CHARMAP.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CHKDSK.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CHKNTFS.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CISVC.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CKCNV.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CLEANMGR.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CLIPBRD.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CLIPSRV.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CSRSS.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CTFMON.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DLLHOST.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRWTSN32.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DVDPLAY.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EXPLORER.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JAVAW.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LOGONUI.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LSASS.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MSDTC.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MSHTA.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MSIEXEC.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NETDDE.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NOTEPAD.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NSLOOKUP.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NTOSKRNL.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NTVDM.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PING.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\REGSVR32.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RUNDLL32.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SERVICES.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SMSS.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SPOOLSV.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SPUPDSVC.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\STIMON.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SVCHOST.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SYSKEY.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TASKMGR.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TRACERT.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\USER.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\USERINIT.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINLOGON.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINSPOOL.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINTSVTR.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WOWEXEC.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WUAUCLT.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0152673.VBS
    C:\WINDOWS\SYSTEM32\ACCWIZ.DLL
    C:\WINDOWS\SYSTEM32\ACTMOVIE.DLL
    C:\WINDOWS\SYSTEM32\ALG.DLL
    C:\WINDOWS\SYSTEM32\ASUNINST.DLL
    C:\WINDOWS\SYSTEM32\AT.DLL
    C:\WINDOWS\SYSTEM32\ATMADM.DLL
    C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
    C:\WINDOWS\SYSTEM32\AUTOCONV.DLL
    C:\WINDOWS\SYSTEM32\AUTOFMT.DLL
    C:\WINDOWS\SYSTEM32\AUTOLFN.DLL
    C:\WINDOWS\SYSTEM32\BOOTOK.DLL
    C:\WINDOWS\SYSTEM32\BOOTVRFY.DLL
    C:\WINDOWS\SYSTEM32\CACLS.DLL
    C:\WINDOWS\SYSTEM32\CALC.DLL
    C:\WINDOWS\SYSTEM32\CIDAEMON.DLL
    C:\WINDOWS\SYSTEM32\CLICONFG.DLL
    C:\WINDOWS\SYSTEM32\CLSPACK.DLL
    C:\WINDOWS\SYSTEM32\CMD.DLL
    C:\WINDOWS\SYSTEM32\CMDL32.DLL
    C:\WINDOWS\SYSTEM32\CMMON32.DLL
    C:\WINDOWS\SYSTEM32\CMSTP.DLL
    C:\WINDOWS\SYSTEM32\COMP.DLL
    C:\WINDOWS\SYSTEM32\COMPACT.DLL
    C:\WINDOWS\SYSTEM32\CONIME.DLL
    C:\WINDOWS\SYSTEM32\CONTROL.DLL
    C:\WINDOWS\SYSTEM32\CONVERT.DLL
    C:\WINDOWS\SYSTEM32\CSCRIPT.DLL
    C:\WINDOWS\SYSTEM32\DCOMCNFG.DLL
    C:\WINDOWS\SYSTEM32\DDESHARE.DLL
    C:\WINDOWS\SYSTEM32\DEBUG.DLL
    C:\WINDOWS\SYSTEM32\DEFRAG.DLL
    C:\WINDOWS\SYSTEM32\DFRGFAT.DLL
    C:\WINDOWS\SYSTEM32\DFRGNTFS.DLL
    C:\WINDOWS\SYSTEM32\DIANTZ.DLL
    C:\WINDOWS\SYSTEM32\DISKPART.DLL
    C:\WINDOWS\SYSTEM32\DISKPERF.DLL
    C:\WINDOWS\SYSTEM32\DLLHST3G.DLL
    C:\WINDOWS\SYSTEM32\DMADMIN.DLL
    C:\WINDOWS\SYSTEM32\DMREMOTE.DLL
    C:\WINDOWS\SYSTEM32\DOSKEY.DLL
    C:\WINDOWS\SYSTEM32\DOSX.DLL
    C:\WINDOWS\SYSTEM32\DPLAYSVR.DLL
    C:\WINDOWS\SYSTEM32\DPNSVR.DLL
    C:\WINDOWS\SYSTEM32\DPVSETUP.DLL
    C:\WINDOWS\SYSTEM32\DRWATSON.DLL
    C:\WINDOWS\SYSTEM32\DUMPHIVE.DLL
    C:\WINDOWS\SYSTEM32\DUMPREP.DLL
    C:\WINDOWS\SYSTEM32\DVDUPGRD.DLL
    C:\WINDOWS\SYSTEM32\DWDSRNGT.DLL
    C:\WINDOWS\SYSTEM32\DWWIN.DLL
    C:\WINDOWS\SYSTEM32\DXDIAG.DLL
    C:\WINDOWS\SYSTEM32\EDLIN.DLL
    C:\WINDOWS\SYSTEM32\ESENTUTL.DLL
    C:\WINDOWS\SYSTEM32\EUDCEDIT.DLL
    C:\WINDOWS\SYSTEM32\EVENTVWR.DLL
    C:\WINDOWS\SYSTEM32\EXE2BIN.DLL
    C:\WINDOWS\SYSTEM32\EXPAND.DLL
    C:\WINDOWS\SYSTEM32\EXTRAC32.DLL
    C:\WINDOWS\SYSTEM32\FASTOPEN.DLL
    C:\WINDOWS\SYSTEM32\FC.DLL
    C:\WINDOWS\SYSTEM32\FIND.DLL
    C:\WINDOWS\SYSTEM32\FINDSTR.DLL
    C:\WINDOWS\SYSTEM32\FIXMAPI.DLL
    C:\WINDOWS\SYSTEM32\FONTVIEW.DLL
    C:\WINDOWS\SYSTEM32\FORCEDOS.DLL
    C:\WINDOWS\SYSTEM32\FREECELL.DLL
    C:\WINDOWS\SYSTEM32\FSUTIL.DLL
    C:\WINDOWS\SYSTEM32\FTP.DLL
    C:\WINDOWS\SYSTEM32\GDI.DLL
    C:\WINDOWS\SYSTEM32\GRPCONV.DLL
    C:\WINDOWS\SYSTEM32\HELP.DLL
    C:\WINDOWS\SYSTEM32\HOSTNAME.DLL
    C:\WINDOWS\SYSTEM32\IE4UINIT.DLL
    C:\WINDOWS\SYSTEM32\IEXPRESS.DLL
    C:\WINDOWS\SYSTEM32\IMAPI.DLL
    C:\WINDOWS\SYSTEM32\IPCONFIG.DLL
    C:\WINDOWS\SYSTEM32\IPSEC6.DLL
    C:\WINDOWS\SYSTEM32\IPV6.DLL
    C:\WINDOWS\SYSTEM32\IPXROUTE.DLL
    C:\WINDOWS\SYSTEM32\JAVA.DLL
    C:\WINDOWS\SYSTEM32\JAVAWS.DLL
    C:\WINDOWS\SYSTEM32\JDBGMGR.DLL
    C:\WINDOWS\SYSTEM32\JVIEW.DLL
    C:\WINDOWS\SYSTEM32\KB04080293.DLL
    C:\WINDOWS\SYSTEM32\KB18428516.DLL
    C:\WINDOWS\SYSTEM32\KB29665359.DLL
    C:\WINDOWS\SYSTEM32\KB44105609.DLL
    C:\WINDOWS\SYSTEM32\KB53321968.DLL
    C:\WINDOWS\SYSTEM32\KB86265833.DLL
    C:\WINDOWS\SYSTEM32\KB_963491.DLL
    C:\WINDOWS\SYSTEM32\KEYSTONE.DLL
    C:\WINDOWS\SYSTEM32\KRNL386.DLL
    C:\WINDOWS\SYSTEM32\KWINPMDT.DLL
    C:\WINDOWS\SYSTEM32\LABEL.DLL
    C:\WINDOWS\SYSTEM32\LIGHTS.DLL
    C:\WINDOWS\SYSTEM32\LNKSTUB.DLL
    C:\WINDOWS\SYSTEM32\LOCATOR.DLL
    C:\WINDOWS\SYSTEM32\LODCTR.DLL
    C:\WINDOWS\SYSTEM32\LOGAGENT.DLL
    C:\WINDOWS\SYSTEM32\LOGOFF.DLL
    C:\WINDOWS\SYSTEM32\LPQ.DLL
    C:\WINDOWS\SYSTEM32\LPR.DLL
    C:\WINDOWS\SYSTEM32\MAGNIFY.DLL
    C:\WINDOWS\SYSTEM32\MAKECAB.DLL
    C:\WINDOWS\SYSTEM32\MAPISRVR.DLL
    C:\WINDOWS\SYSTEM32\MEM.DLL
    C:\WINDOWS\SYSTEM32\MIGPWD.DLL
    C:\WINDOWS\SYSTEM32\MMC.DLL
    C:\WINDOWS\SYSTEM32\MNMSRVC.DLL
    C:\WINDOWS\SYSTEM32\MP43.DLL
    C:\WINDOWS\SYSTEM32\MPLAY32.DLL
    C:\WINDOWS\SYSTEM32\MPNOTIFY.DLL
    C:\WINDOWS\SYSTEM32\MRINFO.DLL
    C:\WINDOWS\SYSTEM32\MRT.DLL
    C:\WINDOWS\SYSTEM32\MSBIND32.DLL
    C:\WINDOWS\SYSTEM32\MSCDEXNT.DLL
    C:\WINDOWS\SYSTEM32\MSG.DLL
    C:\WINDOWS\SYSTEM32\MSHEARTS.DLL
    C:\WINDOWS\SYSTEM32\MSPAINT.DLL
    C:\WINDOWS\SYSTEM32\MSSWCHX.DLL
    C:\WINDOWS\SYSTEM32\MSTINIT.DLL
    C:\WINDOWS\SYSTEM32\MSTSC.DLL
    C:\WINDOWS\SYSTEM32\NARRATOR.DLL
    C:\WINDOWS\SYSTEM32\NBTSTAT.DLL
    C:\WINDOWS\SYSTEM32\NDDEAPIR.DLL
    C:\WINDOWS\SYSTEM32\NET.DLL
    C:\WINDOWS\SYSTEM32\NET1.DLL
    C:\WINDOWS\SYSTEM32\NETSETUP.DLL
    C:\WINDOWS\SYSTEM32\NETSH.DLL
    C:\WINDOWS\SYSTEM32\NETSTAT.DLL
    C:\WINDOWS\SYSTEM32\NLSFUNC.DLL
    C:\WINDOWS\SYSTEM32\NTKRNLPA.DLL
    C:\WINDOWS\SYSTEM32\NTSD.DLL
    C:\WINDOWS\SYSTEM32\NVAPPBAR.DLL
    C:\WINDOWS\SYSTEM32\NVSVC32.DLL
    C:\WINDOWS\SYSTEM32\NVUDISP.DLL
    C:\WINDOWS\SYSTEM32\NWIZ.DLL
    C:\WINDOWS\SYSTEM32\OCXLOADER.DLL
    C:\WINDOWS\SYSTEM32\ODBCAD32.DLL
    C:\WINDOWS\SYSTEM32\OSK.DLL
    C:\WINDOWS\SYSTEM32\PACKAGER.DLL
    C:\WINDOWS\SYSTEM32\PATHPING.DLL
    C:\WINDOWS\SYSTEM32\PENTNT.DLL
    C:\WINDOWS\SYSTEM32\PERFMON.DLL
    C:\WINDOWS\SYSTEM32\PING6.DLL
    C:\WINDOWS\SYSTEM32\PRINT.DLL
    C:\WINDOWS\SYSTEM32\PROCESS.DLL
    C:\WINDOWS\SYSTEM32\PROGMAN.DLL
    C:\WINDOWS\SYSTEM32\PROQUOTA.DLL
    C:\WINDOWS\SYSTEM32\PROUNSTL.DLL
    C:\WINDOWS\SYSTEM32\PXCPYA64.DLL
    C:\WINDOWS\SYSTEM32\PXCPYI64.DLL
    C:\WINDOWS\SYSTEM32\PXHPINST.DLL
    C:\WINDOWS\SYSTEM32\PXINSA64.DLL
    C:\WINDOWS\SYSTEM32\PXINSI64.DLL
    C:\WINDOWS\SYSTEM32\QAPPSRV.DLL
    C:\WINDOWS\SYSTEM32\QMNIELFG.DLL
    C:\WINDOWS\SYSTEM32\QPROCESS.DLL
    C:\WINDOWS\SYSTEM32\QWINSTA.DLL
    C:\WINDOWS\SYSTEM32\RASAUTOU.DLL
    C:\WINDOWS\SYSTEM32\RASDIAL.DLL
    C:\WINDOWS\SYSTEM32\RASPHONE.DLL
    C:\WINDOWS\SYSTEM32\RCIMLBY.DLL
    C:\WINDOWS\SYSTEM32\RCP.DLL
    C:\WINDOWS\SYSTEM32\RDPCLIP.DLL
    C:\WINDOWS\SYSTEM32\RDSADDIN.DLL
    C:\WINDOWS\SYSTEM32\RDSHOST.DLL
    C:\WINDOWS\SYSTEM32\RECOVER.DLL
    C:\WINDOWS\SYSTEM32\REDIR.DLL
    C:\WINDOWS\SYSTEM32\REG.DLL
    C:\WINDOWS\SYSTEM32\REGEDT32.DLL
    C:\WINDOWS\SYSTEM32\REGINI.DLL
    C:\WINDOWS\SYSTEM32\REGWIZ.DLL
    C:\WINDOWS\SYSTEM32\REPLACE.DLL
    C:\WINDOWS\SYSTEM32\RESET.DLL
    C:\WINDOWS\SYSTEM32\REXEC.DLL
    C:\WINDOWS\SYSTEM32\ROUTE.DLL
    C:\WINDOWS\SYSTEM32\ROUTEMON.DLL
    C:\WINDOWS\SYSTEM32\RSH.DLL
    C:\WINDOWS\SYSTEM32\RSM.DLL
    C:\WINDOWS\SYSTEM32\RSMSINK.DLL
    C:\WINDOWS\SYSTEM32\RSMUI.DLL
    C:\WINDOWS\SYSTEM32\RSVP.DLL
    C:\WINDOWS\SYSTEM32\RTCSHARE.DLL
    C:\WINDOWS\SYSTEM32\RUNAS.DLL
    C:\WINDOWS\SYSTEM32\RUNONCE.DLL
    C:\WINDOWS\SYSTEM32\RWINSTA.DLL
    C:\WINDOWS\SYSTEM32\SAVEDUMP.DLL
    C:\WINDOWS\SYSTEM32\SC.DLL
    C:\WINDOWS\SYSTEM32\SCARDSVR.DLL
    C:\WINDOWS\SYSTEM32\SDBINST.DLL
    C:\WINDOWS\SYSTEM32\SESSMGR.DLL
    C:\WINDOWS\SYSTEM32\SETHC.DLL
    C:\WINDOWS\SYSTEM32\SETUP.DLL
    C:\WINDOWS\SYSTEM32\SETVER.DLL
    C:\WINDOWS\SYSTEM32\SHADOW.DLL
    C:\WINDOWS\SYSTEM32\SHARE.DLL
    C:\WINDOWS\SYSTEM32\SHMGRATE.DLL
    C:\WINDOWS\SYSTEM32\SHRPUBW.DLL
    C:\WINDOWS\SYSTEM32\SHUTDOWN.DLL
    C:\WINDOWS\SYSTEM32\SIGVERIF.DLL
    C:\WINDOWS\SYSTEM32\SKEYS.DLL
    C:\WINDOWS\SYSTEM32\SMLOGSVC.DLL
    C:\WINDOWS\SYSTEM32\SNDREC32.DLL
    C:\WINDOWS\SYSTEM32\SNDVOL32.DLL
    C:\WINDOWS\SYSTEM32\SOL.DLL
    C:\WINDOWS\SYSTEM32\SORT.DLL
    C:\WINDOWS\SYSTEM32\SPDWNWXP.DLL
    C:\WINDOWS\SYSTEM32\SPIDER.DLL
    C:\WINDOWS\SYSTEM32\SPOONUNINSTALL.DLL
    C:\WINDOWS\SYSTEM32\SPRECOVR.DLL
    C:\WINDOWS\SYSTEM32\SPRESTRT.DLL
    C:\WINDOWS\SYSTEM32\SRCHSTS.DLL
    C:\WINDOWS\SYSTEM32\SUBST.DLL
    C:\WINDOWS\SYSTEM32\SWREG.DLL
    C:\WINDOWS\SYSTEM32\SWSC.DLL
    C:\WINDOWS\SYSTEM32\SWXCACLS.DLL
    C:\WINDOWS\SYSTEM32\SYNCAPP.DLL
    C:\WINDOWS\SYSTEM32\SYSEDIT.DLL
    C:\WINDOWS\SYSTEM32\SYSOCMGR.DLL
    C:\WINDOWS\SYSTEM32\SYSTRAY.DLL
    C:\WINDOWS\SYSTEM32\TASKMAN.DLL
    C:\WINDOWS\SYSTEM32\TCMSETUP.DLL
    C:\WINDOWS\SYSTEM32\TCPSVCS.DLL
    C:\WINDOWS\SYSTEM32\TELNET.DLL
    C:\WINDOWS\SYSTEM32\TFTP.DLL
    C:\WINDOWS\SYSTEM32\TOURSTART.DLL
    C:\WINDOWS\SYSTEM32\TRACERT6.DLL
    C:\WINDOWS\SYSTEM32\TSCON.DLL
    C:\WINDOWS\SYSTEM32\TSCUPGRD.DLL
    C:\WINDOWS\SYSTEM32\TSDISCON.DLL
    C:\WINDOWS\SYSTEM32\TSKILL.DLL
    C:\WINDOWS\SYSTEM32\TSSHUTDN.DLL
    C:\WINDOWS\SYSTEM32\UNLODCTR.DLL
    C:\WINDOWS\SYSTEM32\UPNPCONT.DLL
    C:\WINDOWS\SYSTEM32\UPS.DLL
    C:\WINDOWS\SYSTEM32\USRMLNKA.DLL
    C:\WINDOWS\SYSTEM32\USRPRBDA.DLL
    C:\WINDOWS\SYSTEM32\USRSHUTA.DLL
    C:\WINDOWS\SYSTEM32\UTILMAN.DLL
    C:\WINDOWS\SYSTEM32\UWDF.DLL
    C:\WINDOWS\SYSTEM32\VSSADMIN.DLL
    C:\WINDOWS\SYSTEM32\VSSVC.DLL
    C:\WINDOWS\SYSTEM32\W32TM.DLL
    C:\WINDOWS\SYSTEM32\WDFMGR.DLL
    C:\WINDOWS\SYSTEM32\WEXTRACT.DLL
    C:\WINDOWS\SYSTEM32\WIAACMGR.DLL
    C:\WINDOWS\SYSTEM32\WINCHAT.DLL
    C:\WINDOWS\SYSTEM32\WINHLP32.DLL
    C:\WINDOWS\SYSTEM32\WINMINE.DLL
    C:\WINDOWS\SYSTEM32\WINMSD.DLL
    C:\WINDOWS\SYSTEM32\WINVER.DLL
    C:\WINDOWS\SYSTEM32\WJVIEW.DLL
    C:\WINDOWS\SYSTEM32\WMPSTUB.DLL
    C:\WINDOWS\SYSTEM32\WOWDEB.DLL
    C:\WINDOWS\SYSTEM32\WPABALN.DLL
    C:\WINDOWS\SYSTEM32\WPNPINST.DLL
    C:\WINDOWS\SYSTEM32\WRITE.DLL
    C:\WINDOWS\SYSTEM32\WSCRIPT.DLL
    C:\WINDOWS\SYSTEM32\WUAUCLT1.DLL
    C:\WINDOWS\SYSTEM32\WUPDMGR.DLL
    C:\WINDOWS\SYSTEM32\XCOPY.DLL
    C:\WINDOWS\SYSTEM32\XPSP1HFM.DLL
    C:\WINDOWS\SYSTEM32\YPCSERVICE.DLL
    C:\WINDOWS\TGFUY2U\N3IRSZO.VBS

    Adware.Vundo Variant
    C:\WINDOWS\SYSTEM32\GEBYX.DLL
    C:\WINDOWS\SYSTEM32\GEBYX.DLL
    HKLM\Software\Classes\CLSID\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}
    HKCR\CLSID\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}
    HKCR\CLSID\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}\InprocServer32
    HKCR\CLSID\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\MLJGH.DLL
    HKLM\Software\Classes\CLSID\{A9072813-1664-4178-84B8-20287C16926D}
    HKCR\CLSID\{A9072813-1664-4178-84B8-20287C16926D}
    HKCR\CLSID\{A9072813-1664-4178-84B8-20287C16926D}\InprocServer32
    HKCR\CLSID\{A9072813-1664-4178-84B8-20287C16926D}\InprocServer32#ThreadingModel
    HKLM\Software\Classes\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}
    HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}
    HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}\InprocServer32
    HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9072813-1664-4178-84B8-20287C16926D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{C84D8A0A-E708-42B6-90CA-9C30956A87C6}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\gebyx
    HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}

    Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\WVUTUSS.DLL
    C:\WINDOWS\SYSTEM32\WVUTUSS.DLL

    Trojan.Downloader-SP2F/Resident
    C:\WINDOWS\SYSTEM32\KJCL.DLL
    C:\WINDOWS\SYSTEM32\KJCL.DLL

    Trojan.Downloader-Gen/WinUpd-Fake
    C:\WINDOWS\SYSTEM32\KB_963491.EXE
    C:\WINDOWS\SYSTEM32\KB_963491.EXE
    [Winmplayer] C:\WINDOWS\SYSTEM32\KB_963491.EXE

    Trojan.WinFixer
    HKLM\Software\Classes\CLSID\{E25600A1-015A-4F11-B0FA-C098C26D7599}
    HKCR\CLSID\{E25600A1-015A-4F11-B0FA-C098C26D7599}
    HKCR\CLSID\{E25600A1-015A-4F11-B0FA-C098C26D7599}\InprocServer32
    HKCR\CLSID\{E25600A1-015A-4F11-B0FA-C098C26D7599}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\VTUTU.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E25600A1-015A-4F11-B0FA-C098C26D7599}

    Trojan.DCOM Server
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#DCOM Server 25319

    Adware.Tracking Cookie
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\lance@atdmt[2].txt
    C:\Documents and Settings\Lance\Cookies\lance@advertising[2].txt
    C:\Documents and Settings\Lance\Cookies\lance@adecn[1].txt
    C:\Documents and Settings\Lance\Cookies\lance@fastclick[2].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][2].txt
    C:\Documents and Settings\Lance\Cookies\lance@adbrite[2].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\lance@tacoda[2].txt
    C:\Documents and Settings\Lance\Cookies\lance@clicksor[1].txt
    C:\Documents and Settings\Lance\Cookies\lance@winantivirus[1].txt
    C:\Documents and Settings\Lance\Cookies\lance@questionmarket[2].txt
    C:\Documents and Settings\Lance\Cookies\lance@mediaplex[1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][2].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\lance@winantispyware[2].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][2].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\lance@interclick[2].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\lance@enhance[1].txt
    C:\Documents and Settings\Lance\Cookies\lance@findwhat[2].txt
    C:\Documents and Settings\Lance\Cookies\lance@pro-market[1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][2].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\lance@zedo[1].txt
    C:\Documents and Settings\Lance\Cookies\lance@casalemedia[2].txt
    C:\Documents and Settings\Lance\Cookies\lance@canepmedia[2].txt
    C:\Documents and Settings\Lance\Cookies\lance@realmedia[2].txt
    C:\Documents and Settings\Lance\Cookies\lance@0[2].txt
    C:\Documents and Settings\Lance\Cookies\lance@ex=0_[2].txt
    C:\Documents and Settings\Lance\Cookies\lance@ex=0_[3].txt
    C:\Documents and Settings\Lance\Cookies\lance@exitexchange[2].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\lance@doubleclick[1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lance\Cookies\lance@specificclick[2].txt
    C:\Documents and Settings\Lance\Cookies\lance@entrepreneur[1].txt
    C:\Documents and Settings\Lance\Cookies\lance@overture[1].txt
    C:\Documents and Settings\Lance\Cookies\[email protected][2].txt
    C:\Documents and Settings\Lance\Cookies\lance@bluestreak[1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt
    C:\Documents and Settings\Guest\Cookies\guest@adrevolver[3].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@clicksor[1].txt
    C:\Documents and Settings\Guest\Cookies\guest@cpvfeed[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\guest@enhance[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\guest@specificclick[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\guest@winantispyware[2].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected]



    (more below)
     
  8. lancel

    lancel Thread Starter

    Joined:
    Aug 18, 2007
    Messages:
    8
    [1].txt
    C:\Documents and Settings\LocalService\Cookies\system@winantispyware[2].txt

    Adware.Mirar/NetNucleus
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files#C:\WINDOWS\System32\WinATS.dll
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#CODEBASE
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#INF
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion#LastModified
    C:\WINDOWS\Downloaded Program Files\WinATS.inf
    C:\DOCUMENTS AND SETTINGS\LANCE\MY DOCUMENTS\UNINSTALLER.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP769\A0142491.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP772\A0143611.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP772\A0143633.DLL

    Adware.ClickSpring/Yazzle
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#Publisher
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR

    Trojan.Vundo
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Asynchronous
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#DllName
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Impersonate
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Startup
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Logoff

    Adware.ZenoSearch-NVON
    C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMP\THINKSNET.EXE
    C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\AA9J1RYP\THINKSNET[1].EXE
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWDSRNGT.EXE.VIR

    Adware.WebBuying Assistant-Installer
    C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMP\UF254.EXE
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\G1\BY88.EXE.VIR

    Trojan.ZenoSearch
    C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DN3YVNX\DT[1].EXE
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KWINPMDT.EXE.VIR

    Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6M3Z3WWF\WINANTISPYWARE2007FREEINSTALL[1].EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\GH6V89AB\WINANTISPYWARE2007FREEINSTALL[1].EXE
    C:\QOOBOX\QUARANTINE\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NETINSTALLER.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155682.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155695.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155697.EXE
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UWA7P_0001_N91M0809NETINSTALLER.EXE
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\UWA7P_0001_N91M0809NETINSTALLER.EXE

    Trojan.Downloader-Gen/IEUPD
    C:\DOCUMENTS AND SETTINGS\LANCE\DESKTOP\IEUPDR2.EXE

    Adware.ClickSpring/Outer Info Network
    C:\DOCUMENTS AND SETTINGS\LANCE\DESKTOP\OIUNINSTALLER.EXE

    Trojan.Rootkit-TnCore/Installer
    C:\DOCUMENTS AND SETTINGS\LANCE\INSTALL.EXE

    Adware.ZenoSearch
    C:\DOCUMENTS AND SETTINGS\LANCE\TISKY008.EXE
    C:\QOOBOX\QUARANTINE\C\DOCUME~1\LANCE\STARTM~1\PROGRAMS\STARTUP\TA_START.LNK.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151642.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151643.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0155709.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0155710.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0156699.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0156700.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP789\A0157722.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP789\A0157723.LNK

    Trojan.Downloader-LDCore
    C:\DOCUMENTS AND SETTINGS\LANCE\USER10.EXE

    Trojan.LanMan/Rootkit
    C:\PROGRAM FILES\YAHOO!\YPSR\QUARANTINE\PPQ74.TMP
    C:\PROGRAM FILES\YAHOO!\YPSR\QUARANTINE\PPQ75.TMP
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0153660.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0153662.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0153668.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155659.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155661.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155663.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0155701.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0155703.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0155705.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0156692.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0156693.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0156696.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0157711.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0157712.EXE
    C:\WINDOWS\SYSTEM32\QMNIELFG.EXE

    Adware.ClickSpring
    C:\QooBox\Quarantine\C\DOCUME~1\Lance\APPLIC~1\MCROSO~1.NET\WAUBOO~1.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CZGJCNX.DLL.VIR

    Worm.Sober Variant
    C:\QOOBOX\QUARANTINE\C\DOCUME~1\LANCE\MYDOCU~1\FNTS~1\WINWORD.EXE.VIR

    Trojan.IBM/Shell
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\IBM00003.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\IBM00004.DLL.VIR

    Unclassified.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TTC.DLL.VIR
    C:\WINDOWS\TGFUY2U\COMMAND.EXE

    Trojan.Downloader-Gen/Win
    C:\QOOBOX\QUARANTINE\C\WINDOWS\RETADPU77.EXE.VIR

    Unclassified.Unknown Origin/System
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EVDCNLM.DLL.VIR

    Trojan.Net-K163
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KSYS.SYS.VIR

    Trojan.Downloader-Gen/OCXApi
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OCXAPI.DLL.VIR

    Trojan.Downloader-YAY
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP704\A0120544.EXE

    Adware.WhenU
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP732\A0128022.EXE

    Adware.AdSponsor/ISM
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP745\A0132210.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP745\A0132211.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP746\A0132221.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP746\A0132222.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP747\A0132564.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP747\A0132565.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP752\A0135241.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP753\A0136022.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP753\A0136023.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP753\A0136024.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP783\A0147646.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP783\A0147647.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151672.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151674.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151675.EXE

    Trojan.Downloader-Stera/WinSoftware
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP769\A0141467.EXE

    Trojan.WinAntiSpyware 2007
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP769\A0142454.EXE

    Trojan.TagASaurus
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0150650.EXE

    Trojan.Downloader-ClickSpring/NDrv
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151637.DLL

    Trojan.Downloader-MSDCom32
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP789\A0158731.DLL
    C:\_BACKUPD\JQWR.DLL

    Trojan.Downloader-Twain/Fake
    C:\WINDOWS\AVSHLEXT.EXE
    C:\WINDOWS\IETEMP.EXE
    C:\WINDOWS\INRES.EXE
    C:\WINDOWS\PCDLIB32.EXE
    C:\WINDOWS\SHWOL.EXE
    C:\WINDOWS\TWAIN.EXE
    C:\WINDOWS\TWAIN_32.EXE
    C:\WINDOWS\UNICOWS.EXE
    C:\WINDOWS\VMMREG32.EXE
    C:\WINDOWS\WEBASSIST.EXE
    C:\WINDOWS\XHELPER.EXE

    Trojan.Downloader-IEUpdater/Fake
    C:\WINDOWS\IE_UPDATE3R.EXE

    Trojan.RK-MountVol/AI
    C:\WINDOWS\SYSTEM32\MOUNTVOL.DLL

    Adware.Adservs
    C:\WINDOWS\TGFUY2U\ASAPPSRV.DLL



    New hijack this log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:29:36 PM, on 8/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\WINDOWS\System32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {142540F2-ABDD-41EF-93B1-2123308FF454} - \
    O2 - BHO: (no name) - {18ADFA67-1F0A-458B-893E-245D895B9085} - C:\WINDOWS\shwol.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Fvsqnh] "C:\Documents and Settings\Lance\Application Data\M?crosoft.NET\w?auboot.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ConferenceRoom Java Client - http://chat3.cytron.com:8080/java/cr.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O20 - AppInit_DLLs: finger.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: fccawwx - fccawwx.dll (file missing)
    O20 - Winlogon Notify: gebxvuv - gebxvuv.dll (file missing)
    O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing)
    O20 - Winlogon Notify: wvutuss - wvutuss.dll (file missing)
    O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 7730 bytes
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {142540F2-ABDD-41EF-93B1-2123308FF454} - \

    O2 - BHO: (no name) - {18ADFA67-1F0A-458B-893E-245D895B9085} - C:\WINDOWS\shwol.dll

    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"

    O4 - HKCU\..\Run: [Fvsqnh] "C:\Documents and Settings\Lance\Application Data\M?crosoft.NET\w?auboot.exe"

    O20 - AppInit_DLLs: finger.dll

    O20 - Winlogon Notify: fccawwx - fccawwx.dll (file missing)

    O20 - Winlogon Notify: gebxvuv - gebxvuv.dll (file missing)

    O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing)

    O20 - Winlogon Notify: wvutuss - wvutuss.dll (file missing)

    O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll (file missing)

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following line(s) one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\SYSTEM32\finger.dll

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode



    How are things on the PC???????????
     
  10. lancel

    lancel Thread Starter

    Joined:
    Aug 18, 2007
    Messages:
    8
    Went into safe mode to delete the file and it gave me an error at the end so I'm not sure if it deleted the file. Though I did go in and remove the temporary internet files like you said and here's the latest highjack this log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:16:07 PM, on 8/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\spupdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    c:\progra~1\yahoo!\messen~1\ymsgr_tray.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ConferenceRoom Java Client - http://chat3.cytron.com:8080/java/cr.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 7080 bytes
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix this

    O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll (file missing)

    How are things on the PC - Boot - post a new log
     
  12. lancel

    lancel Thread Starter

    Joined:
    Aug 18, 2007
    Messages:
    8
    Systems going much faster and I have no more download request from Winantispy so that's great. Fixed the 021 file, rebooted and did another log file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:01, on 2007-08-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    c:\progra~1\yahoo!\messen~1\ymsgr_tray.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\BearShare\BearShare.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ConferenceRoom Java Client - http://chat3.cytron.com:8080/java/cr.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 7129 bytes
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/611818