log posted- slow comp and popups

Vander · 07-12-2006, 02:16 PM

hi, my computer is running slower than it should and im getting random popups, even when i am not browsing the internet. here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:08:49 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\pop06ap2.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mlltde.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\beas\tcar.exe
c:\Program Files\Loukh\Wmlir.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\COMMON~1\TSKS~1\WNSPOO~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\mlltde.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\aol\1142619837\ee\aim6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\rich is teh sex\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ionaprep.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\habwq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rvibbrv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsbA6.dll
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmfhrt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [New Value #1] c:\sysprep\test\ftest\ftest.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [Zwjiz] c:\Program Files\Loukh\Wmlir.exe
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\spybotsd.exe" /autocheck
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Aud] "C:\Program Files\beas\tcar.exe" -vt yazb
O4 - HKCU\..\Run: [Shs] C:\PROGRA~1\COMMON~1\TSKS~1\WNSPOO~1.EXE
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [mlltde] C:\WINDOWS\system32\mlltde.exe
O4 - HKCU\..\RunOnce: [mlltde] C:\WINDOWS\system32\mlltde.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/n...etizen/npx.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/n...rypt/npkcx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: inicfg32.dll ntvdm.dll C:\WINDOWS\system32\ntvdm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

any help would be appreciated. thanks.

Vikesrock8411 · 07-13-2006, 06:35 PM

Your computer is heavily infected with malware. The instructions below are fairly long and mus be completed in order to work properly. Please read through them and let me know if you have any questions befor you begin.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
combofix.exe-Save it to your Desktop, we will need this later.

E2TakeOut- Unzip it to your desktop.

Brute Force Uninstaller to your desktop.

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Cleanup!- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Anti-Malware

Install Ewido Anti-Malware
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
I also recommend changing the "Update interval" to something more reasonable like 12 hours.

If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
PurityScan by OIN
Snowball Wars by OIN
Yazzle by OIN
Outerinfo
or any programs by OIN
In case Purityscan or OINS is not listed, download and use this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Next, please reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it’s checked.

Click OK
Press the CleanUp! button to start the program. If prompted to reboot, click No.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
When the scan is complete click Recommended Action and change it to Quarantine
Then click Apply all actions

Once finished, click the Save report button, then click Save Report As and save it to your desktop.

Reboot your system in Normal Mode.

Double click E2TakeOut.exe

Click the Begin Removal button
Wait until the program is finished scanning
Once done, it will produce a popup stating that the infection has been found and you need to reboot you computer to complete the removal
Reboot your computer
Once your computer has rebooted E2TakeOut will open and produce a report
Please copy/paste that report into your next reply

Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post please include:

Ewido Log
E2TakeOut Log
Combofix Log
A new Hijackthis! Log

Vander · 07-17-2006, 06:19 PM

it wont let me restart in safe mode. i never hear a beep adn when i do press f8 i never have the option to restart in safe mode. my only option is to start windows.

Vikesrock8411 · 07-17-2006, 06:46 PM

Download BootSafe and save it to your Desktop.

Double click the BootSafe icon to start the program.
Select "Safe Mode - Minimal".
Click the Reboot button
When you have completed your tasks, simply run BootSafe again and select the Normal Restart option and click the Reboot button and your computer will reboot in Normal Mode.

Vander · 07-18-2006, 12:36 PM

Start Time= Tue 07/18/2006 13:39:12.71
Running from: C:\Documents and Settings\rich is teh sex\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

13:42:49.87

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

2006-06-19 16:19 304944 C:\WINDOWS\system32\WgaTray.exe
2006-06-21 19:44 115246 C:\WINDOWS\system32\ts_chad.exe
2006-04-18 18:30 536576 C:\WINDOWS\system32\DivXsm.exe
2006-05-09 22:36 6656 C:\WINDOWS\system32\WdfMgr.exe
2006-05-09 22:22 2463744 C:\WINDOWS\system32\wmvcore.dll
2006-05-29 11:30 1494016 C:\WINDOWS\system32\shdocvw.dll
2006-05-09 22:26 1063424 C:\WINDOWS\system32\WMADMOE.dll
2006-04-18 18:31 1044480 C:\WINDOWS\system32\libdivx.dll
2006-05-09 22:26 705024 C:\WINDOWS\system32\wmadmod.dll
2006-05-10 01:23 658432 C:\WINDOWS\system32\wininet.dll
2006-05-10 01:23 474112 C:\WINDOWS\system32\shlwapi.dll
2006-05-18 01:24 450560 C:\WINDOWS\system32\jscript.dll
2006-05-10 01:22 357888 C:\WINDOWS\system32\dxtmsft.dll
2006-05-09 20:45 304640 C:\WINDOWS\system32\MSDelta.dll
2006-05-10 01:22 251392 C:\WINDOWS\system32\iepeers.dll
2006-04-18 18:30 245408 C:\WINDOWS\system32\unicows.dll
2006-05-09 22:26 218112 C:\WINDOWS\system32\wmerror.dll
2006-05-10 01:22 205312 C:\WINDOWS\system32\dxtrans.dll
2006-04-18 18:31 200704 C:\WINDOWS\system32\ssldivx.dll
2006-06-22 06:47 181248 C:\WINDOWS\system32\rasmans.dll
2006-06-01 14:47 163840 C:\WINDOWS\system32\jgdw400.dll
2006-05-10 01:22 151040 C:\WINDOWS\system32\cdfview.dll
2006-06-08 20:22 53248 C:\WINDOWS\system32\suppdll.dll
2006-05-10 01:23 39424 C:\WINDOWS\system32\pngfilt.dll
2006-05-09 22:26 31744 C:\WINDOWS\system32\WMDMLOG.dll
2006-06-01 14:47 27648 C:\WINDOWS\system32\jgpl400.dll
2006-06-28 21:48 24576 C:\WINDOWS\system32\msxml3a.dll
2006-04-24 17:47 21840 C:\WINDOWS\system32\SIntfNT.dll
2006-04-24 17:47 17212 C:\WINDOWS\system32\SIntf32.dll
2006-05-10 01:22 16384 C:\WINDOWS\system32\jsproxy.dll
2006-04-24 17:47 12067 C:\WINDOWS\system32\SIntf16.dll
2006-05-09 22:26 4096 C:\WINDOWS\system32\WMVADVD.dll
2006-05-09 22:26 4096 C:\WINDOWS\system32\WMVADVE.DLL
2006-05-09 22:26 4096 C:\WINDOWS\system32\wmvdmod.dll
2006-05-09 22:26 4096 C:\WINDOWS\system32\wmsdmod.dll
2006-05-09 22:26 7706112 C:\WINDOWS\system32\wmploc.dll
2006-05-19 11:08 3052544 C:\WINDOWS\system32\mshtml.dll
2006-05-09 20:58 670208 C:\WINDOWS\system32\wpd_ci.dll
2006-05-10 01:23 613888 C:\WINDOWS\system32\urlmon.dll
2006-05-09 21:00 546816 C:\WINDOWS\system32\wmpmde.dll
2006-05-10 01:23 532480 C:\WINDOWS\system32\mstime.dll
2006-06-18 17:54 440312 C:\WINDOWS\system32\vsutil.dll
2006-05-09 21:00 382976 C:\WINDOWS\system32\MFPLAT.dll
2006-04-18 18:30 344064 C:\WINDOWS\system32\dpus11.dll
2006-05-09 22:26 306688 C:\WINDOWS\system32\MSWMDM.dll
2006-05-09 22:26 301056 C:\WINDOWS\system32\wmpdxm.dll
2006-05-09 22:26 237056 C:\WINDOWS\system32\wmpasf.dll
2006-05-09 22:26 219648 C:\WINDOWS\system32\CEWMDM.dll
2006-04-18 18:30 200704 C:\WINDOWS\system32\dtu100.dll
2006-05-09 22:26 165376 C:\WINDOWS\system32\MsPMSP.dll
2006-06-18 17:54 157688 C:\WINDOWS\system32\vsinit.dll
2006-05-19 08:59 148480 C:\WINDOWS\system32\dnsapi.dll
2006-05-09 20:58 144896 C:\WINDOWS\system32\wpdmtp.dll
2006-05-10 01:22 96256 C:\WINDOWS\system32\inseng.dll
2006-04-18 18:30 90112 C:\WINDOWS\system32\dpl100.dll
2006-06-18 17:54 83960 C:\WINDOWS\system32\zlcomm.dll
2006-06-18 17:54 83960 C:\WINDOWS\system32\vsdata.dll
2006-05-10 01:22 55808 C:\WINDOWS\system32\extmgr.dll
2006-05-09 22:26 36864 C:\WINDOWS\system32\WMDMPS.dll
2006-05-09 22:26 9728 C:\WINDOWS\system32\LAPRXY.dll
2006-05-09 22:26 4096 C:\WINDOWS\system32\wdfApi.dll
2006-05-10 01:22 1054208 C:\WINDOWS\system32\danim.dll
2006-05-09 20:59 417280 C:\WINDOWS\system32\MSSCP.dll
2006-05-09 20:58 343552 C:\WINDOWS\system32\WPDSp.dll
2006-04-18 18:30 294912 C:\WINDOWS\system32\dpu10.dll
2006-04-18 18:30 294912 C:\WINDOWS\system32\dpu11.dll
2006-06-19 21:07 278528 C:\WINDOWS\system32\pncrt.dll
2006-05-09 22:26 221696 C:\WINDOWS\system32\wmasf.dll
2006-05-09 22:26 155136 C:\WINDOWS\system32\wmidx.dll
2006-05-09 22:26 135680 C:\WINDOWS\system32\wmpps.dll
2006-06-18 17:54 100344 C:\WINDOWS\system32\vsxml.dll
2006-06-18 17:54 59384 C:\WINDOWS\system32\vswmi.dll
2006-04-18 18:30 57344 C:\WINDOWS\system32\dpv11.dll
2006-05-09 20:57 11264 C:\WINDOWS\system32\ehETW.dll
2006-06-12 00:17 2301 C:\WINDOWS\mozver.dat
2006-06-29 08:58 53 C:\WINDOWS\bpwwnp.dat

* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *

C:\qoobox\bpwwnp.dat.vir

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO

* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ts_chad.exe
C:\WINDOWS\system32\DivXsm.exe
C:\WINDOWS\system32\WdfMgr.exe
C:\WINDOWS\system32\wmvcore.dll
C:\WINDOWS\system32\shdocvw.dll
C:\WINDOWS\system32\WMADMOE.dll
C:\WINDOWS\system32\libdivx.dll
C:\WINDOWS\system32\wmadmod.dll
C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\shlwapi.dll
C:\WINDOWS\system32\jscript.dll
C:\WINDOWS\system32\dxtmsft.dll
C:\WINDOWS\system32\MSDelta.dll
C:\WINDOWS\system32\iepeers.dll
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\system32\wmerror.dll
C:\WINDOWS\system32\dxtrans.dll
C:\WINDOWS\system32\ssldivx.dll
C:\WINDOWS\system32\rasmans.dll
C:\WINDOWS\system32\jgdw400.dll
C:\WINDOWS\system32\cdfview.dll
C:\WINDOWS\system32\suppdll.dll
C:\WINDOWS\system32\pngfilt.dll
C:\WINDOWS\system32\WMDMLOG.dll
C:\WINDOWS\system32\jgpl400.dll
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\SIntfNT.dll
C:\WINDOWS\system32\SIntf32.dll
C:\WINDOWS\system32\jsproxy.dll
C:\WINDOWS\system32\SIntf16.dll
C:\WINDOWS\system32\WMVADVD.dll
C:\WINDOWS\system32\WMVADVE.DLL
C:\WINDOWS\system32\wmvdmod.dll
C:\WINDOWS\system32\wmsdmod.dll
C:\WINDOWS\system32\wmploc.dll
C:\WINDOWS\system32\mshtml.dll
C:\WINDOWS\system32\wpd_ci.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\wmpmde.dll
C:\WINDOWS\system32\mstime.dll
C:\WINDOWS\system32\vsutil.dll
C:\WINDOWS\system32\MFPLAT.dll
C:\WINDOWS\system32\dpus11.dll
C:\WINDOWS\system32\MSWMDM.dll
C:\WINDOWS\system32\wmpdxm.dll
C:\WINDOWS\system32\wmpasf.dll
C:\WINDOWS\system32\CEWMDM.dll
C:\WINDOWS\system32\dtu100.dll
C:\WINDOWS\system32\MsPMSP.dll
C:\WINDOWS\system32\vsinit.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\wpdmtp.dll
C:\WINDOWS\system32\inseng.dll
C:\WINDOWS\system32\dpl100.dll
C:\WINDOWS\system32\zlcomm.dll
C:\WINDOWS\system32\vsdata.dll
C:\WINDOWS\system32\extmgr.dll
C:\WINDOWS\system32\WMDMPS.dll
C:\WINDOWS\system32\LAPRXY.dll
C:\WINDOWS\system32\wdfApi.dll
C:\WINDOWS\system32\danim.dll
C:\WINDOWS\system32\MSSCP.dll
C:\WINDOWS\system32\WPDSp.dll
C:\WINDOWS\system32\dpu10.dll
C:\WINDOWS\system32\dpu11.dll
C:\WINDOWS\system32\pncrt.dll
C:\WINDOWS\system32\wmasf.dll
C:\WINDOWS\system32\wmidx.dll
C:\WINDOWS\system32\wmpps.dll
C:\WINDOWS\system32\vsxml.dll
C:\WINDOWS\system32\vswmi.dll
C:\WINDOWS\system32\dpv11.dll
C:\WINDOWS\system32\ehETW.dll
C:\WINDOWS\mozver.dat

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-07-18 13:37 <DIR> C:\Program Files\ewido anti-spyware 4.0
2006-07-17 20:51 32,539 C:\WINDOWS\system32\adrot-uninst.exe
2006-07-17 20:11 350 C:\sccfg.sys
2006-07-17 19:56 <DIR> C:\Program Files\cleanup!
2006-07-17 19:05 <DIR> C:\Program Files\folder lock
2006-07-16 03:36 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\creative
2006-07-16 02:56 <DIR> C:\Program Files\limewire
2006-07-13 16:21 <DIR> C:\Program Files\xfire
2006-07-13 14:41 <DIR> C:\Program Files\Common Files\t?sks ( tsks~1 )
2006-07-13 14:39 <DIR> C:\Program Files\gamespy arcade
2006-07-13 13:15 <DIR> C:\Program Files\common files
2006-07-13 12:38 <DIR> C:\Program Files\?racle ( racle~1 )
2006-07-13 01:15 <DIR> C:\Program Files\beas
2006-07-13 01:00 <DIR> C:\Program Files\loukh
2006-07-13 00:42 <DIR> C:\Program Files\zone labs
2006-07-12 21:55 410 C:\WINDOWS\plrai.dll
2006-07-12 20:04 32,976 C:\WINDOWS\system32\uninsticn.exe
2006-07-12 00:24 8 C:\WINDOWS\system32\ctsackey.sys
2006-07-11 15:35 <DIR> C:\Program Files\Common Files\?ystem ( ystem~1 )
2006-07-10 16:09 <DIR> C:\Program Files\msn messenger
2006-07-10 15:52 <DIR> C:\Program Files\Common Files\??mbols ( mbols~1 )
2006-06-29 09:02 0 C:\Documents and Settings\rich is teh sex\Application Data\internaldb41.dat
2006-06-29 08:58 359,634 C:\WINDOWS\media_motor_bundle.exe
2006-06-29 08:58 32,178 C:\Program Files\Common Files\yazzle1119oinuninstaller.exe
2006-06-28 21:48 45,996 C:\WINDOWS\system32\unirimon.exe
2006-06-28 21:48 24,576 C:\WINDOWS\system32\msxml3a.dll
2006-06-28 21:29 359,570 C:\WINDOWS\chad_bundle.exe
2006-06-26 16:56 <DIR> C:\Program Files\opera
2006-06-26 14:51 <DIR> C:\Program Files\rapidcheck
2006-06-26 13:40 <DIR> C:\Program Files\Common Files\aol
2006-06-26 13:40 <DIR> C:\Program Files\aol
2006-06-26 13:40 <DIR> C:\Program Files\aod
2006-06-26 13:39 <DIR> C:\Program Files\Common Files\aolshare
2006-06-22 01:29 <DIR> C:\Program Files\xilisoft
2006-06-21 19:44 115,246 C:\WINDOWS\system32\ts_chad.exe
2006-06-21 19:43 235,165 C:\WINDOWS\system32\icon_chad.exe
2006-06-21 18:38 235,228 C:\WINDOWS\system32\icon_mediamotor.exe
2006-06-21 18:38 115,239 C:\WINDOWS\system32\ts_mediamotor.exe
2006-06-19 21:26 <DIR> C:\Program Files\real
2006-06-19 21:25 <DIR> C:\Program Files\Common Files\real
2006-06-19 21:09 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\real
2006-06-19 21:07 6,656 C:\WINDOWS\system32\pndx5016.dll
2006-06-19 21:07 5,632 C:\WINDOWS\system32\pndx5032.dll
2006-06-19 21:07 278,528 C:\WINDOWS\system32\pncrt.dll
2006-06-19 21:07 176,167 C:\WINDOWS\system32\rmoc3260.dll
2006-06-19 21:07 <DIR> C:\Program Files\Common Files\xing shared
2006-06-19 17:06 <DIR> C:\Program Files\call of duty
2006-06-19 16:20 702,768 C:\WINDOWS\system32\wgalogon.dll
2006-06-19 10:51 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\opera
2006-06-19 09:50 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\macromedia
2006-06-19 09:49 <DIR> C:\Program Files\Common Files\macromedia
2006-06-19 09:48 <DIR> C:\Program Files\macromedia
2006-06-19 09:48 <DIR> C:\Program Files\installshield installation information
2006-06-19 09:46 <DIR> C:\Program Files\erightsoft
2006-06-18 17:54 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-06-18 17:54 83,960 C:\WINDOWS\system32\vsdata.dll
2006-06-18 17:54 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-06-18 17:54 75,776 C:\WINDOWS\zllsputility.exe
2006-06-18 17:54 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-06-18 17:54 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-06-18 17:54 59,384 C:\WINDOWS\system32\vswmi.dll
2006-06-18 17:54 440,312 C:\WINDOWS\system32\vsutil.dll
2006-06-18 17:54 394,872 C:\WINDOWS\system32\vsdatant.sys
2006-06-18 17:54 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-06-18 17:54 157,688 C:\WINDOWS\system32\vsinit.dll
2006-06-18 17:54 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-06-18 17:54 100,344 C:\WINDOWS\system32\vsxml.dll
2006-06-17 06:27 <DIR> C:\Program Files\internet explorer
2006-06-16 17:00 <DIR> C:\Program Files\mozilla firefox
2006-06-16 14:34 48,936 C:\WINDOWS\system32\sirenacm.dll
2006-06-16 14:28 <DIR> C:\Program Files\kerio
2006-06-16 14:23 <DIR> C:\Program Files\eset
2006-06-16 14:11 <DIR> C:\Program Files\irfanview
2006-06-16 06:10 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\adobe
2006-06-16 00:47 <DIR> C:\Program Files\dvdlab
2006-06-12 04:11 <DIR> C:\Program Files\Common Files\macromedia shared
2006-06-12 00:17 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\mozilla
2006-06-11 04:03 <DIR> C:\Program Files\jasc software inc
2006-06-11 04:03 <DIR> C:\Program Files\Common Files\jasc software inc
2006-06-11 04:03 <DIR> C:\Program Files\Common Files\installshield
2006-06-11 04:03 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\jasc software inc
2006-06-11 00:17 <DIR> C:\Program Files\sierra
2006-06-10 21:28 <DIR> C:\Program Files\gstudio6
2006-06-10 02:10 <DIR> C:\Program Files\hide ip platinum
2006-06-09 01:55 <DIR> C:\Program Files\empire interactive
2006-06-09 01:28 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\adobeum
2006-06-08 20:22 53,248 C:\WINDOWS\system32\suppdll.dll
2006-06-08 19:36 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\azureus
2006-06-08 06:10 <DIR> C:\Program Files\winace
2006-06-07 19:32 <DIR> C:\Program Files\proxyway
2006-06-05 03:35 <DIR> C:\Program Files\htc
2006-06-03 15:45 <DIR> C:\Program Files\forester
2006-06-01 23:49 <DIR> C:\Program Files\ffdshow
2006-06-01 05:52 60,416 C:\WINDOWS\system32\adrotate.dll
2006-05-31 02:33 <DIR> C:\Program Files\america's army
2006-05-31 01:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\shockwave.com
2006-05-31 01:19 <DIR> C:\Program Files\shockwave.com
2006-05-30 01:14 <DIR> C:\Program Files\trymedia
2006-05-30 01:14 <DIR> C:\Program Files\marble blast gold
2006-05-26 06:38 <DIR> C:\Program Files\azureus
2006-05-24 17:55 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\vlc
2006-05-24 17:54 <DIR> C:\Program Files\videolan
2006-05-24 03:00 <DIR> C:\Program Files\mtv networks
2006-05-24 02:53 <DIR> C:\Program Files\windows media player
2006-05-22 16:38 <DIR> C:\Program Files\lovechess age of egypt
2006-05-21 22:33 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\microsoft
2006-05-21 18:47 43,520 C:\WINDOWS\system32\cmdlineext03.dll
2006-05-21 14:19 <DIR> C:\Program Files\divx
2006-05-21 14:16 <DIR> C:\Program Files\xvid
2006-05-21 02:00 <DIR> C:\Program Files\Common Files\symantec shared
2006-05-20 11:45 <DIR> C:\Program Files\burnatonce
2006-05-20 11:27 <DIR> C:\Program Files\pspvideo9
2006-05-20 11:27 <DIR> C:\Program Files\avisynth 2.5
2006-05-19 08:59 94,720 C:\WINDOWS\system32\iphlpapi.dll
2006-05-19 08:59 148,480 C:\WINDOWS\system32\dnsapi.dll
2006-05-19 08:59 111,616 C:\WINDOWS\system32\dhcpcsvc.dll
2006-05-19 02:23 <DIR> C:\Program Files\sd enternet
2006-05-19 01:16 <DIR> C:\Program Files\partygaming
2006-05-17 19:10 <DIR> C:\Program Files\Common Files\services
2006-05-14 01:52 <DIR> C:\Program Files\gold miner special edition
2006-05-14 01:30 <DIR> C:\Program Files\winzip
2006-05-14 01:19 <DIR> C:\Program Files\thrixxx
2006-05-14 01:19 <DIR> C:\Program Files\3d sexvilla (cracked) -=q=- repack
2006-05-13 08:25 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\leadertech
2006-05-11 21:33 <DIR> C:\Program Files\Common Files\vbox
2006-05-09 22:36 6,656 C:\WINDOWS\system32\wdfmgr.exe
2006-05-09 22:36 6,656 C:\WINDOWS\system32\uwdf.exe
2006-05-09 22:26 992,256 C:\WINDOWS\system32\wmnetmgr.dll
2006-05-09 22:26 97,792 C:\WINDOWS\system32\wmpshell.dll
2006-05-09 22:26 9,728 C:\WINDOWS\system32\laprxy.dll
2006-05-09 22:26 705,024 C:\WINDOWS\system32\wmadmod.dll
2006-05-09 22:26 7,706,112 C:\WINDOWS\system32\wmploc.dll
2006-05-09 22:26 7,168 C:\WINDOWS\system32\asferror.dll
2006-05-09 22:26 564,736 C:\WINDOWS\system32\wmspdmod.dll
2006-05-09 22:26 433,152 C:\WINDOWS\system32\wmpeffects.dll
2006-05-09 22:26 417,280 C:\WINDOWS\system32\wmdrmdev.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmvdmoe2.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmvdmod.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmvadve.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmvadvd.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmsdmoe2.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmsdmod.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wdfapi.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\mpg4dmod.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\mp4sdmod.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\mp43dmod.dll
2006-05-09 22:26 36,864 C:\WINDOWS\system32\wmdmps.dll
2006-05-09 22:26 337,408 C:\WINDOWS\system32\wmdrmnet.dll
2006-05-09 22:26 31,744 C:\WINDOWS\system32\wmdmlog.dll
2006-05-09 22:26 306,688 C:\WINDOWS\system32\mswmdm.dll
2006-05-09 22:26 301,056 C:\WINDOWS\system32\wmpdxm.dll
2006-05-09 22:26 267,776 C:\WINDOWS\system32\audiodev.dll
2006-05-09 22:26 26,112 C:\WINDOWS\system32\mspmsnsv.dll
2006-05-09 22:26 237,056 C:\WINDOWS\system32\wmpasf.dll
2006-05-09 22:26 221,696 C:\WINDOWS\system32\wmasf.dll
2006-05-09 22:26 219,648 C:\WINDOWS\system32\cewmdm.dll
2006-05-09 22:26 218,112 C:\WINDOWS\system32\wmerror.dll
2006-05-09 22:26 212,480 C:\WINDOWS\system32\msnetobj.dll
2006-05-09 22:26 203,776 C:\WINDOWS\system32\wmpsrcwp.dll
2006-05-09 22:26 201,728 C:\WINDOWS\system32\qasf.dll
2006-05-09 22:26 165,376 C:\WINDOWS\system32\mspmsp.dll
2006-05-09 22:26 155,136 C:\WINDOWS\system32\wmidx.dll
2006-05-09 22:26 135,680 C:\WINDOWS\system32\wmpps.dll
2006-05-09 22:26 1,641,472 C:\WINDOWS\system32\wmpencen.dll
2006-05-09 22:26 1,280,000 C:\WINDOWS\system32\wmspdmoe.dll
2006-05-09 22:26 1,063,424 C:\WINDOWS\system32\wmadmoe.dll
2006-05-09 22:22 2,463,744 C:\WINDOWS\system32\wmvcore.dll
2006-05-09 21:02 84,480 C:\WINDOWS\system32\logagent.exe
2006-05-09 21:01 1,463,808 C:\WINDOWS\system32\wmvdecod.dll
2006-05-09 21:01 1,359,360 C:\WINDOWS\system32\wmvsdecd.dll
2006-05-09 21:00 770,560 C:\WINDOWS\system32\wmvsencd.dll
2006-05-09 21:00 636,928 C:\WINDOWS\system32\wmvxencd.dll
2006-05-09 21:00 546,816 C:\WINDOWS\system32\wmpmde.dll
2006-05-09 21:00 382,976 C:\WINDOWS\system32\mfplat.dll
2006-05-09 21:00 299,520 C:\WINDOWS\system32\mp4sdecd.dll
2006-05-09 21:00 241,152 C:\WINDOWS\system32\mpg4decd.dll
2006-05-09 21:00 241,152 C:\WINDOWS\system32\mp43decd.dll
2006-05-09 21:00 1,455,616 C:\WINDOWS\system32\wmvencod.dll
2006-05-09 21:00 1,350,656 C:\WINDOWS\system32\drmv2clt.dll
2006-05-09 20:59 585,216 C:\WINDOWS\system32\blackbox.dll
2006-05-09 20:59 513,536 C:\WINDOWS\system32\wmdrmsdk.dll
2006-05-09 20:59 417,280 C:\WINDOWS\system32\msscp.dll
2006-05-09 20:59 229,376 C:\WINDOWS\system32\drmupgds.exe
2006-05-09 20:58 670,208 C:\WINDOWS\system32\wpd_ci.dll
2006-05-09 20:58 55,808 C:\WINDOWS\system32\wpdmtpus.dll
2006-05-09 20:58 52,224 C:\WINDOWS\system32\wpdshserviceobj.dll
2006-05-09 20:58 35,840 C:\WINDOWS\system32\wpdconns.dll
2006-05-09 20:58 345,600 C:\WINDOWS\system32\portabledeviceapi.dll
2006-05-09 20:58 343,552 C:\WINDOWS\system32\wpdsp.dll
2006-05-09 20:58 3,745,280 C:\WINDOWS\system32\wpdshext.dll
2006-05-09 20:58 188,928 C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-05-09 20:58 168,960 C:\WINDOWS\system32\portabledevicetypes.dll
2006-05-09 20:58 144,896 C:\WINDOWS\system32\wpdmtp.dll
2006-05-09 20:58 13,824 C:\WINDOWS\system32\wpdshextautoplay.exe
2006-05-09 20:58 13,312 C:\WINDOWS\system32\wpdtrace.dll
2006-05-09 20:58 103,424 C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-05-09 20:58 101,376 C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-05-09 20:57 11,264 C:\WINDOWS\system32\ehetw.dll
2006-05-09 20:45 304,640 C:\WINDOWS\system32\msdelta.dll
2006-05-09 20:00 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-05-07 02:45 <DIR> C:\Program Files\difx
2006-05-04 22:32 <DIR> C:\Program Files\creative
2006-05-02 22:29 871 C:\Documents and Settings\rich is teh sex\Application Data\adobedlm.log
2006-05-02 22:29 0 C:\Documents and Settings\rich is teh sex\Application Data\dm.ini
2006-05-02 22:27 <DIR> C:\Program Files\Common Files\adobe
2006-05-01 23:27 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\adobeaum
2006-05-01 22:16 <DIR> C:\Program Files\ti education
2006-05-01 22:16 <DIR> C:\Program Files\Common Files\ti shared
2006-05-01 22:15 <DIR> C:\Program Files\Common Files\wise installation wizard
2006-05-01 21:43 <DIR> C:\Program Files\ipod
2006-05-01 21:07 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\apple computer
2006-05-01 21:06 <DIR> C:\Program Files\itunes
2006-04-27 10:24 2,945,024 C:\WINDOWS\system32\smab.dll
2006-04-26 19:39 <DIR> C:\Program Files\java
2006-04-26 19:39 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\sun
2006-04-25 16:53 <DIR> C:\Program Files\the thing
2006-04-24 17:47 21,840 C:\WINDOWS\system32\sintfnt.dll
2006-04-24 17:47 17,212 C:\WINDOWS\system32\sintf32.dll
2006-04-24 17:47 12,067 C:\WINDOWS\system32\sintf16.dll
2006-04-24 17:29 94,208 C:\WINDOWS\diiunin.exe
2006-04-24 17:07 <DIR> C:\Program Files\diablo ii
2006-04-22 08:25 <DIR> C:\Program Files\starcraft
2006-04-20 07:41 <DIR> C:\Program Files\mm.bot
2006-04-19 16:09 778,240 C:\WINDOWS\system32\divx_xx0c.dll
2006-04-19 16:09 778,240 C:\WINDOWS\system32\divx_xx07.dll
2006-04-19 16:09 761,856 C:\WINDOWS\system32\divx_xx11.dll
2006-04-19 16:09 619,156 C:\WINDOWS\system32\divx.dll
2006-04-18 21:41 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\my games
2006-04-18 21:00 <DIR> C:\Program Files\firaxis games
2006-04-18 18:31 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-04-18 18:31 1,044,480 C:\WINDOWS\system32\libdivx.dll
2006-04-18 18:30 90,112 C:\WINDOWS\system32\dpl100.dll
2006-04-18 18:30 593,920 C:\WINDOWS\system32\dpugui11.dll
2006-04-18 18:30 57,344 C:\WINDOWS\system32\dpv11.dll
2006-04-18 18:30 536,576 C:\WINDOWS\system32\divxsm.exe
2006-04-18 18:30 53,248 C:\WINDOWS\system32\dpugui10.dll
2006-04-18 18:30 344,064 C:\WINDOWS\system32\dpus11.dll
2006-04-18 18:30 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-04-18 18:30 294,912 C:\WINDOWS\system32\dpu11.dll
2006-04-18 18:30 294,912 C:\WINDOWS\system32\dpu10.dll
2006-04-18 18:30 245,408 C:\WINDOWS\system32\unicows.dll
2006-04-18 18:30 200,704 C:\WINDOWS\system32\dtu100.dll
2006-04-16 02:23 <DIR> C:\Program Files\adobe
2006-04-16 01:08 <DIR> C:\Program Files\quicktime
2006-04-14 23:42 <DIR> C:\Program Files\daemon tools
2006-04-14 03:00 <DIR> C:\Program Files\outlook express
2006-04-14 03:00 <DIR> C:\Program Files\Common Files\system
2006-04-14 03:00 <DIR> C:\Program Files\Common Files\?ystem ( system )
2006-04-09 04:23 <DIR> C:\Program Files\warcraft iii
2006-04-04 00:48 <DIR> C:\Program Files\illiminable
2006-04-03 00:50 <DIR> C:\Program Files\spybot - search & destroy
2006-03-30 17:15 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\microsoft games
2006-03-30 17:11 <DIR> C:\Program Files\microsoft games
2006-03-29 21:24 <DIR> C:\Program Files\winrar
2006-03-29 21:24 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\help
2006-03-22 17:02 <DIR> C:\Program Files\overland
2006-03-22 17:01 <DIR> C:\Program Files\hp
2006-03-22 17:01 <DIR> C:\Program Files\hewlett-packard
2006-03-21 21:28 <DIR> C:\Program Files\viewpoint
2006-03-20 03:26 <DIR> C:\Program Files\Common Files\hewlett-packard
2006-03-20 03:21 <DIR> C:\Program Files\Common Files\hp
2006-03-18 17:15 <DIR> C:\Program Files\msnmusic
2006-03-18 15:12 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\corecodec
2006-03-18 15:11 <DIR> C:\Program Files\haali
2006-03-18 15:11 <DIR> C:\Program Files\corecodec
2006-03-18 04:46 <DIR> C:\Program Files\bitcomet
2006-03-18 04:45 <DIR> C:\Program Files\bitcomet toolbar
2006-03-18 04:42 <DIR> C:\Program Files\bittorrent
2006-03-18 04:11 <DIR> C:\Program Files\messenger
2006-03-18 02:55 <DIR> C:\Program Files\america's army server manager
2006-03-17 23:12 <DIR> C:\Program Files\Common Files\microsoft shared
2006-03-17 23:12 <DIR> C:\Program Files\Common Files\l&h
2006-03-17 23:11 <DIR> C:\Program Files\microsoft works
2006-03-17 23:11 <DIR> C:\Program Files\microsoft visual studio
2006-03-17 23:11 <DIR> C:\Program Files\microsoft office
2006-03-17 23:11 <DIR> C:\Program Files\microsoft activesync
2006-03-17 23:11 <DIR> C:\Program Files\Common Files\designer
2006-03-17 22:15 <DIR> C:\Program Files\peer impact
2006-03-17 20:24 <DIR> C:\Program Files\directx
2006-03-17 17:15 <DIR> C:\Program Files\Common Files\java
2006-03-17 14:47 <DIR> C:\Program Files\windows nt
2006-03-17 14:47 <DIR> C:\Program Files\netmeeting
2006-03-17 14:47 <DIR> C:\Program Files\movie maker
2006-03-17 14:26 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\acccore
2006-03-17 14:24 <DIR> C:\Program Files\Common Files\nullsoft
2006-03-17 13:39 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\xfire
2006-03-17 13:25 <DIR> C:\Program Files\linksys wireless-g pci wireless network monitor
2006-03-17 12:53 <DIR> C:\Program Files\uninstall information
2006-01-26 19:43 <DIR> C:\Program Files\xerox
2006-01-26 19:43 <DIR> C:\Program Files\elink
2006-01-26 19:42 <DIR> C:\Program Files\windowsupdate
2006-01-26 19:42 <DIR> C:\Program Files\via
2006-01-26 19:41 <DIR> C:\Program Files\s3
2006-01-26 19:41 <DIR> C:\Program Files\realtek sound manager
2006-01-26 19:41 <DIR> C:\Program Files\online services
2006-01-26 19:41 <DIR> C:\Program Files\nero
2006-01-26 19:39 <DIR> C:\Program Files\msn gaming zone
2006-01-26 19:39 <DIR> C:\Program Files\msn
2006-01-26 19:39 <DIR> C:\Program Files\microsoft frontpage
2006-01-26 19:38 <DIR> C:\Program Files\cyberlink
2006-01-26 19:38 <DIR> C:\Program Files\conexant
2006-01-26 19:38 <DIR> C:\Program Files\complus applications
2006-01-26 19:36 <DIR> C:\Program Files\Common Files\speechengines
2006-01-26 19:36 <DIR> C:\Program Files\Common Files\odbc
2006-01-26 19:36 <DIR> C:\Program Files\Common Files\nero
2006-01-26 19:36 <DIR> C:\Program Files\Common Files\mssoap
2006-01-26 19:35 <DIR> C:\Program Files\Common Files\ahead
2006-01-26 19:35 <DIR> C:\Program Files\avrack
2006-01-26 19:35 <DIR> C:\Program Files\ahead
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\snapfish
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\simple star
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\sampleview
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\identities
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\cyberlink
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\ahead

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-07-13 00:42 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-07-13 00:42 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-07-13 00:42 77,824 C:\WINDOWS\system32\driverif.dll
2006-07-13 00:42 75,776 C:\WINDOWS\zllsputility.exe
2006-07-13 00:42 733,236 C:\WINDOWS\system32\vete.dll
2006-07-13 00:42 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-07-13 00:42 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-07-13 00:42 59,384 C:\WINDOWS\system32\vswmi.dll
2006-07-13 00:42 394,872 C:\WINDOWS\system32\vsdatant.sys
2006-07-13 00:42 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-07-13 00:42 12,288 C:\WINDOWS\system32\vetntmsg.dll
2006-07-13 00:42 11,264 C:\WINDOWS\system32\SpOrder.dll
2006-07-13 00:42 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-07-13 00:42 100,344 C:\WINDOWS\system32\vsxml.dll
2006-07-13 00:41 83,960 C:\WINDOWS\system32\vsdata.dll
2006-07-13 00:41 440,312 C:\WINDOWS\system32\vsutil.dll
2006-07-13 00:41 157,688 C:\WINDOWS\system32\vsinit.dll
2006-06-28 21:57 32,539 C:\WINDOWS\system32\adrot-uninst.exe
2006-06-28 21:48 45,996 C:\WINDOWS\system32\UnIrimon.exe
2006-06-28 21:29 410 C:\WINDOWS\plrai.dll
2006-06-28 21:29 359,634 C:\WINDOWS\media_motor_bundle.exe
2006-06-28 21:29 359,570 C:\WINDOWS\chad_bundle.exe
2006-06-28 21:29 32,976 C:\WINDOWS\system32\uninstIcn.exe
2006-06-21 19:44 115,246 C:\WINDOWS\system32\ts_chad.exe
2006-06-21 19:43 235,165 C:\WINDOWS\system32\icon_chad.exe
2006-06-21 18:38 235,228 C:\WINDOWS\system32\icon_mediamotor.exe
2006-06-21 18:38 115,239 C:\WINDOWS\system32\ts_mediamotor.exe
2006-06-19 21:07 6,656 C:\WINDOWS\system32\pndx5016.dll
2006-06-19 21:07 5,632 C:\WINDOWS\system32\pndx5032.dll
2006-06-19 21:07 278,528 C:\WINDOWS\system32\pncrt.dll
2006-06-19 21:07 176,167 C:\WINDOWS\system32\rmoc3260.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VTTimer"="VTTimer.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"New Value #1"="c:\\sysprep\\test\\ftest\\ftest.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"VTTrayp"="VTtrayp.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SoundMan"="SOUNDMAN.EXE"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1142619837\\ee\\AOLSoftware.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"adstart"="iexplore.exe http://iesettingsupdate"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Nero\\data\\Xtras\\mssysmgr.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ProxyWay"="C:\\Program Files\\ProxyWay\\proxyway.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"irssyncd"="C:\\WINDOWS\\system32\\irssyncd.exe"
"mlltde"="C:\\WINDOWS\\system32\\mlltde.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"mlltde"="C:\\WINDOWS\\system32\\mlltde.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Aud"="\"C:\\PROGRA~1\\RACLE~1\\wucrtupd.exe\" -vt ndrv"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Aud"="\"C:\\PROGRA~1\\RACLE~1\\wucrtupd.exe\" -vt ndrv"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

Contents of the 'Scheduled Tasks' folder

Completion time: Tue 07/18/2006 13:49:31.89
ComboFix ver 06.07.16.2 - This logfile is located at C:\ComboFix.txt

ComboFix.txt

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:20:05 AM 7/18/2006

+ Scan result:

C:\WINDOWS\system32\nodeipproc.dll -> Adware.BHO : No action taken.
C:\WINDOWS\system32\nsbA6.dll -> Adware.EZula : No action taken.
HKU\S-1-5-21-1665546086-3646991189-2160724367-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : No action taken.
C:\WINDOWS\DLP.dll -> Adware.Webdir : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : No action taken.
HKU\S-1-5-21-1665546086-3646991189-2160724367-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : No action taken.
C:\WINDOWS\system32\windrvNT.sys -> Rootkit.NtRootKit.131 : No action taken.

::Report end

Start Time= Tue 07/18/2006 13:39:12.71
Running from: C:\Documents and Settings\rich is teh sex\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

13:42:49.87

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

2006-06-19 16:19 304944 C:\WINDOWS\system32\WgaTray.exe
2006-06-21 19:44 115246 C:\WINDOWS\system32\ts_chad.exe
2006-04-18 18:30 536576 C:\WINDOWS\system32\DivXsm.exe
2006-05-09 22:36 6656 C:\WINDOWS\system32\WdfMgr.exe
2006-05-09 22:22 2463744 C:\WINDOWS\system32\wmvcore.dll
2006-05-29 11:30 1494016 C:\WINDOWS\system32\shdocvw.dll
2006-05-09 22:26 1063424 C:\WINDOWS\system32\WMADMOE.dll
2006-04-18 18:31 1044480 C:\WINDOWS\system32\libdivx.dll
2006-05-09 22:26 705024 C:\WINDOWS\system32\wmadmod.dll
2006-05-10 01:23 658432 C:\WINDOWS\system32\wininet.dll
2006-05-10 01:23 474112 C:\WINDOWS\system32\shlwapi.dll
2006-05-18 01:24 450560 C:\WINDOWS\system32\jscript.dll
2006-05-10 01:22 357888 C:\WINDOWS\system32\dxtmsft.dll
2006-05-09 20:45 304640 C:\WINDOWS\system32\MSDelta.dll
2006-05-10 01:22 251392 C:\WINDOWS\system32\iepeers.dll
2006-04-18 18:30 245408 C:\WINDOWS\system32\unicows.dll
2006-05-09 22:26 218112 C:\WINDOWS\system32\wmerror.dll
2006-05-10 01:22 205312 C:\WINDOWS\system32\dxtrans.dll
2006-04-18 18:31 200704 C:\WINDOWS\system32\ssldivx.dll
2006-06-22 06:47 181248 C:\WINDOWS\system32\rasmans.dll
2006-06-01 14:47 163840 C:\WINDOWS\system32\jgdw400.dll
2006-05-10 01:22 151040 C:\WINDOWS\system32\cdfview.dll
2006-06-08 20:22 53248 C:\WINDOWS\system32\suppdll.dll
2006-05-10 01:23 39424 C:\WINDOWS\system32\pngfilt.dll
2006-05-09 22:26 31744 C:\WINDOWS\system32\WMDMLOG.dll
2006-06-01 14:47 27648 C:\WINDOWS\system32\jgpl400.dll
2006-06-28 21:48 24576 C:\WINDOWS\system32\msxml3a.dll
2006-04-24 17:47 21840 C:\WINDOWS\system32\SIntfNT.dll
2006-04-24 17:47 17212 C:\WINDOWS\system32\SIntf32.dll
2006-05-10 01:22 16384 C:\WINDOWS\system32\jsproxy.dll
2006-04-24 17:47 12067 C:\WINDOWS\system32\SIntf16.dll
2006-05-09 22:26 4096 C:\WINDOWS\system32\WMVADVD.dll
2006-05-09 22:26 4096 C:\WINDOWS\system32\WMVADVE.DLL
2006-05-09 22:26 4096 C:\WINDOWS\system32\wmvdmod.dll
2006-05-09 22:26 4096 C:\WINDOWS\system32\wmsdmod.dll
2006-05-09 22:26 7706112 C:\WINDOWS\system32\wmploc.dll
2006-05-19 11:08 3052544 C:\WINDOWS\system32\mshtml.dll
2006-05-09 20:58 670208 C:\WINDOWS\system32\wpd_ci.dll
2006-05-10 01:23 613888 C:\WINDOWS\system32\urlmon.dll
2006-05-09 21:00 546816 C:\WINDOWS\system32\wmpmde.dll
2006-05-10 01:23 532480 C:\WINDOWS\system32\mstime.dll
2006-06-18 17:54 440312 C:\WINDOWS\system32\vsutil.dll
2006-05-09 21:00 382976 C:\WINDOWS\system32\MFPLAT.dll
2006-04-18 18:30 344064 C:\WINDOWS\system32\dpus11.dll
2006-05-09 22:26 306688 C:\WINDOWS\system32\MSWMDM.dll
2006-05-09 22:26 301056 C:\WINDOWS\system32\wmpdxm.dll
2006-05-09 22:26 237056 C:\WINDOWS\system32\wmpasf.dll
2006-05-09 22:26 219648 C:\WINDOWS\system32\CEWMDM.dll
2006-04-18 18:30 200704 C:\WINDOWS\system32\dtu100.dll
2006-05-09 22:26 165376 C:\WINDOWS\system32\MsPMSP.dll
2006-06-18 17:54 157688 C:\WINDOWS\system32\vsinit.dll
2006-05-19 08:59 148480 C:\WINDOWS\system32\dnsapi.dll
2006-05-09 20:58 144896 C:\WINDOWS\system32\wpdmtp.dll
2006-05-10 01:22 96256 C:\WINDOWS\system32\inseng.dll
2006-04-18 18:30 90112 C:\WINDOWS\system32\dpl100.dll
2006-06-18 17:54 83960 C:\WINDOWS\system32\zlcomm.dll
2006-06-18 17:54 83960 C:\WINDOWS\system32\vsdata.dll
2006-05-10 01:22 55808 C:\WINDOWS\system32\extmgr.dll
2006-05-09 22:26 36864 C:\WINDOWS\system32\WMDMPS.dll
2006-05-09 22:26 9728 C:\WINDOWS\system32\LAPRXY.dll
2006-05-09 22:26 4096 C:\WINDOWS\system32\wdfApi.dll
2006-05-10 01:22 1054208 C:\WINDOWS\system32\danim.dll
2006-05-09 20:59 417280 C:\WINDOWS\system32\MSSCP.dll
2006-05-09 20:58 343552 C:\WINDOWS\system32\WPDSp.dll
2006-04-18 18:30 294912 C:\WINDOWS\system32\dpu10.dll
2006-04-18 18:30 294912 C:\WINDOWS\system32\dpu11.dll
2006-06-19 21:07 278528 C:\WINDOWS\system32\pncrt.dll
2006-05-09 22:26 221696 C:\WINDOWS\system32\wmasf.dll
2006-05-09 22:26 155136 C:\WINDOWS\system32\wmidx.dll
2006-05-09 22:26 135680 C:\WINDOWS\system32\wmpps.dll
2006-06-18 17:54 100344 C:\WINDOWS\system32\vsxml.dll
2006-06-18 17:54 59384 C:\WINDOWS\system32\vswmi.dll
2006-04-18 18:30 57344 C:\WINDOWS\system32\dpv11.dll
2006-05-09 20:57 11264 C:\WINDOWS\system32\ehETW.dll
2006-06-12 00:17 2301 C:\WINDOWS\mozver.dat
2006-06-29 08:58 53 C:\WINDOWS\bpwwnp.dat

* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *

C:\qoobox\bpwwnp.dat.vir

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO

* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ts_chad.exe
C:\WINDOWS\system32\DivXsm.exe
C:\WINDOWS\system32\WdfMgr.exe
C:\WINDOWS\system32\wmvcore.dll
C:\WINDOWS\system32\shdocvw.dll
C:\WINDOWS\system32\WMADMOE.dll
C:\WINDOWS\system32\libdivx.dll
C:\WINDOWS\system32\wmadmod.dll
C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\shlwapi.dll
C:\WINDOWS\system32\jscript.dll
C:\WINDOWS\system32\dxtmsft.dll
C:\WINDOWS\system32\MSDelta.dll
C:\WINDOWS\system32\iepeers.dll
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\system32\wmerror.dll
C:\WINDOWS\system32\dxtrans.dll
C:\WINDOWS\system32\ssldivx.dll
C:\WINDOWS\system32\rasmans.dll
C:\WINDOWS\system32\jgdw400.dll
C:\WINDOWS\system32\cdfview.dll
C:\WINDOWS\system32\suppdll.dll
C:\WINDOWS\system32\pngfilt.dll
C:\WINDOWS\system32\WMDMLOG.dll
C:\WINDOWS\system32\jgpl400.dll
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\SIntfNT.dll
C:\WINDOWS\system32\SIntf32.dll
C:\WINDOWS\system32\jsproxy.dll
C:\WINDOWS\system32\SIntf16.dll
C:\WINDOWS\system32\WMVADVD.dll
C:\WINDOWS\system32\WMVADVE.DLL
C:\WINDOWS\system32\wmvdmod.dll
C:\WINDOWS\system32\wmsdmod.dll
C:\WINDOWS\system32\wmploc.dll
C:\WINDOWS\system32\mshtml.dll
C:\WINDOWS\system32\wpd_ci.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\wmpmde.dll
C:\WINDOWS\system32\mstime.dll
C:\WINDOWS\system32\vsutil.dll
C:\WINDOWS\system32\MFPLAT.dll
C:\WINDOWS\system32\dpus11.dll
C:\WINDOWS\system32\MSWMDM.dll
C:\WINDOWS\system32\wmpdxm.dll
C:\WINDOWS\system32\wmpasf.dll
C:\WINDOWS\system32\CEWMDM.dll
C:\WINDOWS\system32\dtu100.dll
C:\WINDOWS\system32\MsPMSP.dll
C:\WINDOWS\system32\vsinit.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\wpdmtp.dll
C:\WINDOWS\system32\inseng.dll
C:\WINDOWS\system32\dpl100.dll
C:\WINDOWS\system32\zlcomm.dll
C:\WINDOWS\system32\vsdata.dll
C:\WINDOWS\system32\extmgr.dll
C:\WINDOWS\system32\WMDMPS.dll
C:\WINDOWS\system32\LAPRXY.dll
C:\WINDOWS\system32\wdfApi.dll
C:\WINDOWS\system32\danim.dll
C:\WINDOWS\system32\MSSCP.dll
C:\WINDOWS\system32\WPDSp.dll
C:\WINDOWS\system32\dpu10.dll
C:\WINDOWS\system32\dpu11.dll
C:\WINDOWS\system32\pncrt.dll
C:\WINDOWS\system32\wmasf.dll
C:\WINDOWS\system32\wmidx.dll
C:\WINDOWS\system32\wmpps.dll
C:\WINDOWS\system32\vsxml.dll
C:\WINDOWS\system32\vswmi.dll
C:\WINDOWS\system32\dpv11.dll
C:\WINDOWS\system32\ehETW.dll
C:\WINDOWS\mozver.dat

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-07-18 13:37 <DIR> C:\Program Files\ewido anti-spyware 4.0
2006-07-17 20:51 32,539 C:\WINDOWS\system32\adrot-uninst.exe
2006-07-17 20:11 350 C:\sccfg.sys
2006-07-17 19:56 <DIR> C:\Program Files\cleanup!
2006-07-17 19:05 <DIR> C:\Program Files\folder lock
2006-07-16 03:36 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\creative
2006-07-16 02:56 <DIR> C:\Program Files\limewire
2006-07-13 16:21 <DIR> C:\Program Files\xfire
2006-07-13 14:41 <DIR> C:\Program Files\Common Files\t?sks ( tsks~1 )
2006-07-13 14:39 <DIR> C:\Program Files\gamespy arcade
2006-07-13 13:15 <DIR> C:\Program Files\common files
2006-07-13 12:38 <DIR> C:\Program Files\?racle ( racle~1 )
2006-07-13 01:15 <DIR> C:\Program Files\beas
2006-07-13 01:00 <DIR> C:\Program Files\loukh
2006-07-13 00:42 <DIR> C:\Program Files\zone labs
2006-07-12 21:55 410 C:\WINDOWS\plrai.dll
2006-07-12 20:04 32,976 C:\WINDOWS\system32\uninsticn.exe
2006-07-12 00:24 8 C:\WINDOWS\system32\ctsackey.sys
2006-07-11 15:35 <DIR> C:\Program Files\Common Files\?ystem ( ystem~1 )
2006-07-10 16:09 <DIR> C:\Program Files\msn messenger
2006-07-10 15:52 <DIR> C:\Program Files\Common Files\??mbols ( mbols~1 )
2006-06-29 09:02 0 C:\Documents and Settings\rich is teh sex\Application Data\internaldb41.dat
2006-06-29 08:58 359,634 C:\WINDOWS\media_motor_bundle.exe
2006-06-29 08:58 32,178 C:\Program Files\Common Files\yazzle1119oinuninstaller.exe
2006-06-28 21:48 45,996 C:\WINDOWS\system32\unirimon.exe
2006-06-28 21:48 24,576 C:\WINDOWS\system32\msxml3a.dll
2006-06-28 21:29 359,570 C:\WINDOWS\chad_bundle.exe
2006-06-26 16:56 <DIR> C:\Program Files\opera
2006-06-26 14:51 <DIR> C:\Program Files\rapidcheck
2006-06-26 13:40 <DIR> C:\Program Files\Common Files\aol
2006-06-26 13:40 <DIR> C:\Program Files\aol
2006-06-26 13:40 <DIR> C:\Program Files\aod
2006-06-26 13:39 <DIR> C:\Program Files\Common Files\aolshare
2006-06-22 01:29 <DIR> C:\Program Files\xilisoft
2006-06-21 19:44 115,246 C:\WINDOWS\system32\ts_chad.exe
2006-06-21 19:43 235,165 C:\WINDOWS\system32\icon_chad.exe
2006-06-21 18:38 235,228 C:\WINDOWS\system32\icon_mediamotor.exe
2006-06-21 18:38 115,239 C:\WINDOWS\system32\ts_mediamotor.exe
2006-06-19 21:26 <DIR> C:\Program Files\real
2006-06-19 21:25 <DIR> C:\Program Files\Common Files\real
2006-06-19 21:09 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\real
2006-06-19 21:07 6,656 C:\WINDOWS\system32\pndx5016.dll
2006-06-19 21:07 5,632 C:\WINDOWS\system32\pndx5032.dll
2006-06-19 21:07 278,528 C:\WINDOWS\system32\pncrt.dll
2006-06-19 21:07 176,167 C:\WINDOWS\system32\rmoc3260.dll
2006-06-19 21:07 <DIR> C:\Program Files\Common Files\xing shared
2006-06-19 17:06 <DIR> C:\Program Files\call of duty
2006-06-19 16:20 702,768 C:\WINDOWS\system32\wgalogon.dll
2006-06-19 10:51 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\opera
2006-06-19 09:50 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\macromedia
2006-06-19 09:49 <DIR> C:\Program Files\Common Files\macromedia
2006-06-19 09:48 <DIR> C:\Program Files\macromedia
2006-06-19 09:48 <DIR> C:\Program Files\installshield installation information
2006-06-19 09:46 <DIR> C:\Program Files\erightsoft
2006-06-18 17:54 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-06-18 17:54 83,960 C:\WINDOWS\system32\vsdata.dll
2006-06-18 17:54 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-06-18 17:54 75,776 C:\WINDOWS\zllsputility.exe
2006-06-18 17:54 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-06-18 17:54 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-06-18 17:54 59,384 C:\WINDOWS\system32\vswmi.dll
2006-06-18 17:54 440,312 C:\WINDOWS\system32\vsutil.dll
2006-06-18 17:54 394,872 C:\WINDOWS\system32\vsdatant.sys
2006-06-18 17:54 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-06-18 17:54 157,688 C:\WINDOWS\system32\vsinit.dll
2006-06-18 17:54 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-06-18 17:54 100,344 C:\WINDOWS\system32\vsxml.dll
2006-06-17 06:27 <DIR> C:\Program Files\internet explorer
2006-06-16 17:00 <DIR> C:\Program Files\mozilla firefox
2006-06-16 14:34 48,936 C:\WINDOWS\system32\sirenacm.dll
2006-06-16 14:28 <DIR> C:\Program Files\kerio
2006-06-16 14:23 <DIR> C:\Program Files\eset
2006-06-16 14:11 <DIR> C:\Program Files\irfanview
2006-06-16 06:10 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\adobe
2006-06-16 00:47 <DIR> C:\Program Files\dvdlab
2006-06-12 04:11 <DIR> C:\Program Files\Common Files\macromedia shared
2006-06-12 00:17 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\mozilla
2006-06-11 04:03 <DIR> C:\Program Files\jasc software inc
2006-06-11 04:03 <DIR> C:\Program Files\Common Files\jasc software inc
2006-06-11 04:03 <DIR> C:\Program Files\Common Files\installshield
2006-06-11 04:03 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\jasc software inc
2006-06-11 00:17 <DIR> C:\Program Files\sierra
2006-06-10 21:28 <DIR> C:\Program Files\gstudio6
2006-06-10 02:10 <DIR> C:\Program Files\hide ip platinum
2006-06-09 01:55 <DIR> C:\Program Files\empire interactive
2006-06-09 01:28 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\adobeum
2006-06-08 20:22 53,248 C:\WINDOWS\system32\suppdll.dll
2006-06-08 19:36 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\azureus
2006-06-08 06:10 <DIR> C:\Program Files\winace
2006-06-07 19:32 <DIR> C:\Program Files\proxyway
2006-06-05 03:35 <DIR> C:\Program Files\htc
2006-06-03 15:45 <DIR> C:\Program Files\forester
2006-06-01 23:49 <DIR> C:\Program Files\ffdshow
2006-06-01 05:52 60,416 C:\WINDOWS\system32\adrotate.dll
2006-05-31 02:33 <DIR> C:\Program Files\america's army
2006-05-31 01:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\shockwave.com
2006-05-31 01:19 <DIR> C:\Program Files\shockwave.com
2006-05-30 01:14 <DIR> C:\Program Files\trymedia
2006-05-30 01:14 <DIR> C:\Program Files\marble blast gold
2006-05-26 06:38 <DIR> C:\Program Files\azureus
2006-05-24 17:55 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\vlc
2006-05-24 17:54 <DIR> C:\Program Files\videolan
2006-05-24 03:00 <DIR> C:\Program Files\mtv networks
2006-05-24 02:53 <DIR> C:\Program Files\windows media player
2006-05-22 16:38 <DIR> C:\Program Files\lovechess age of egypt
2006-05-21 22:33 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\microsoft
2006-05-21 18:47 43,520 C:\WINDOWS\system32\cmdlineext03.dll
2006-05-21 14:19 <DIR> C:\Program Files\divx
2006-05-21 14:16 <DIR> C:\Program Files\xvid
2006-05-21 02:00 <DIR> C:\Program Files\Common Files\symantec shared
2006-05-20 11:45 <DIR> C:\Program Files\burnatonce
2006-05-20 11:27 <DIR> C:\Program Files\pspvideo9
2006-05-20 11:27 <DIR> C:\Program Files\avisynth 2.5
2006-05-19 08:59 94,720 C:\WINDOWS\system32\iphlpapi.dll
2006-05-19 08:59 148,480 C:\WINDOWS\system32\dnsapi.dll
2006-05-19 08:59 111,616 C:\WINDOWS\system32\dhcpcsvc.dll
2006-05-19 02:23 <DIR> C:\Program Files\sd enternet
2006-05-19 01:16 <DIR> C:\Program Files\partygaming
2006-05-17 19:10 <DIR> C:\Program Files\Common Files\services
2006-05-14 01:52 <DIR> C:\Program Files\gold miner special edition
2006-05-14 01:30 <DIR> C:\Program Files\winzip
2006-05-14 01:19 <DIR> C:\Program Files\thrixxx
2006-05-14 01:19 <DIR> C:\Program Files\3d sexvilla (cracked) -=q=- repack
2006-05-13 08:25 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\leadertech
2006-05-11 21:33 <DIR> C:\Program Files\Common Files\vbox
2006-05-09 22:36 6,656 C:\WINDOWS\system32\wdfmgr.exe
2006-05-09 22:36 6,656 C:\WINDOWS\system32\uwdf.exe
2006-05-09 22:26 992,256 C:\WINDOWS\system32\wmnetmgr.dll
2006-05-09 22:26 97,792 C:\WINDOWS\system32\wmpshell.dll
2006-05-09 22:26 9,728 C:\WINDOWS\system32\laprxy.dll
2006-05-09 22:26 705,024 C:\WINDOWS\system32\wmadmod.dll
2006-05-09 22:26 7,706,112 C:\WINDOWS\system32\wmploc.dll
2006-05-09 22:26 7,168 C:\WINDOWS\system32\asferror.dll
2006-05-09 22:26 564,736 C:\WINDOWS\system32\wmspdmod.dll
2006-05-09 22:26 433,152 C:\WINDOWS\system32\wmpeffects.dll
2006-05-09 22:26 417,280 C:\WINDOWS\system32\wmdrmdev.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmvdmoe2.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmvdmod.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmvadve.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmvadvd.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmsdmoe2.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wmsdmod.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\wdfapi.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\mpg4dmod.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\mp4sdmod.dll
2006-05-09 22:26 4,096 C:\WINDOWS\system32\mp43dmod.dll
2006-05-09 22:26 36,864 C:\WINDOWS\system32\wmdmps.dll
2006-05-09 22:26 337,408 C:\WINDOWS\system32\wmdrmnet.dll
2006-05-09 22:26 31,744 C:\WINDOWS\system32\wmdmlog.dll
2006-05-09 22:26 306,688 C:\WINDOWS\system32\mswmdm.dll
2006-05-09 22:26 301,056 C:\WINDOWS\system32\wmpdxm.dll
2006-05-09 22:26 267,776 C:\WINDOWS\system32\audiodev.dll
2006-05-09 22:26 26,112 C:\WINDOWS\system32\mspmsnsv.dll
2006-05-09 22:26 237,056 C:\WINDOWS\system32\wmpasf.dll
2006-05-09 22:26 221,696 C:\WINDOWS\system32\wmasf.dll
2006-05-09 22:26 219,648 C:\WINDOWS\system32\cewmdm.dll
2006-05-09 22:26 218,112 C:\WINDOWS\system32\wmerror.dll
2006-05-09 22:26 212,480 C:\WINDOWS\system32\msnetobj.dll
2006-05-09 22:26 203,776 C:\WINDOWS\system32\wmpsrcwp.dll
2006-05-09 22:26 201,728 C:\WINDOWS\system32\qasf.dll
2006-05-09 22:26 165,376 C:\WINDOWS\system32\mspmsp.dll
2006-05-09 22:26 155,136 C:\WINDOWS\system32\wmidx.dll
2006-05-09 22:26 135,680 C:\WINDOWS\system32\wmpps.dll
2006-05-09 22:26 1,641,472 C:\WINDOWS\system32\wmpencen.dll
2006-05-09 22:26 1,280,000 C:\WINDOWS\system32\wmspdmoe.dll
2006-05-09 22:26 1,063,424 C:\WINDOWS\system32\wmadmoe.dll
2006-05-09 22:22 2,463,744 C:\WINDOWS\system32\wmvcore.dll
2006-05-09 21:02 84,480 C:\WINDOWS\system32\logagent.exe
2006-05-09 21:01 1,463,808 C:\WINDOWS\system32\wmvdecod.dll
2006-05-09 21:01 1,359,360 C:\WINDOWS\system32\wmvsdecd.dll
2006-05-09 21:00 770,560 C:\WINDOWS\system32\wmvsencd.dll
2006-05-09 21:00 636,928 C:\WINDOWS\system32\wmvxencd.dll
2006-05-09 21:00 546,816 C:\WINDOWS\system32\wmpmde.dll
2006-05-09 21:00 382,976 C:\WINDOWS\system32\mfplat.dll
2006-05-09 21:00 299,520 C:\WINDOWS\system32\mp4sdecd.dll
2006-05-09 21:00 241,152 C:\WINDOWS\system32\mpg4decd.dll
2006-05-09 21:00 241,152 C:\WINDOWS\system32\mp43decd.dll
2006-05-09 21:00 1,455,616 C:\WINDOWS\system32\wmvencod.dll
2006-05-09 21:00 1,350,656 C:\WINDOWS\system32\drmv2clt.dll
2006-05-09 20:59 585,216 C:\WINDOWS\system32\blackbox.dll
2006-05-09 20:59 513,536 C:\WINDOWS\system32\wmdrmsdk.dll
2006-05-09 20:59 417,280 C:\WINDOWS\system32\msscp.dll
2006-05-09 20:59 229,376 C:\WINDOWS\system32\drmupgds.exe
2006-05-09 20:58 670,208 C:\WINDOWS\system32\wpd_ci.dll
2006-05-09 20:58 55,808 C:\WINDOWS\system32\wpdmtpus.dll
2006-05-09 20:58 52,224 C:\WINDOWS\system32\wpdshserviceobj.dll
2006-05-09 20:58 35,840 C:\WINDOWS\system32\wpdconns.dll
2006-05-09 20:58 345,600 C:\WINDOWS\system32\portabledeviceapi.dll
2006-05-09 20:58 343,552 C:\WINDOWS\system32\wpdsp.dll
2006-05-09 20:58 3,745,280 C:\WINDOWS\system32\wpdshext.dll
2006-05-09 20:58 188,928 C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-05-09 20:58 168,960 C:\WINDOWS\system32\portabledevicetypes.dll
2006-05-09 20:58 144,896 C:\WINDOWS\system32\wpdmtp.dll
2006-05-09 20:58 13,824 C:\WINDOWS\system32\wpdshextautoplay.exe
2006-05-09 20:58 13,312 C:\WINDOWS\system32\wpdtrace.dll
2006-05-09 20:58 103,424 C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-05-09 20:58 101,376 C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-05-09 20:57 11,264 C:\WINDOWS\system32\ehetw.dll
2006-05-09 20:45 304,640 C:\WINDOWS\system32\msdelta.dll
2006-05-09 20:00 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-05-07 02:45 <DIR> C:\Program Files\difx
2006-05-04 22:32 <DIR> C:\Program Files\creative
2006-05-02 22:29 871 C:\Documents and Settings\rich is teh sex\Application Data\adobedlm.log
2006-05-02 22:29 0 C:\Documents and Settings\rich is teh sex\Application Data\dm.ini
2006-05-02 22:27 <DIR> C:\Program Files\Common Files\adobe
2006-05-01 23:27 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\adobeaum
2006-05-01 22:16 <DIR> C:\Program Files\ti education
2006-05-01 22:16 <DIR> C:\Program Files\Common Files\ti shared
2006-05-01 22:15 <DIR> C:\Program Files\Common Files\wise installation wizard
2006-05-01 21:43 <DIR> C:\Program Files\ipod
2006-05-01 21:07 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\apple computer
2006-05-01 21:06 <DIR> C:\Program Files\itunes
2006-04-27 10:24 2,945,024 C:\WINDOWS\system32\smab.dll
2006-04-26 19:39 <DIR> C:\Program Files\java
2006-04-26 19:39 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\sun
2006-04-25 16:53 <DIR> C:\Program Files\the thing
2006-04-24 17:47 21,840 C:\WINDOWS\system32\sintfnt.dll
2006-04-24 17:47 17,212 C:\WINDOWS\system32\sintf32.dll
2006-04-24 17:47 12,067 C:\WINDOWS\system32\sintf16.dll
2006-04-24 17:29 94,208 C:\WINDOWS\diiunin.exe
2006-04-24 17:07 <DIR> C:\Program Files\diablo ii
2006-04-22 08:25 <DIR> C:\Program Files\starcraft
2006-04-20 07:41 <DIR> C:\Program Files\mm.bot
2006-04-19 16:09 778,240 C:\WINDOWS\system32\divx_xx0c.dll
2006-04-19 16:09 778,240 C:\WINDOWS\system32\divx_xx07.dll
2006-04-19 16:09 761,856 C:\WINDOWS\system32\divx_xx11.dll
2006-04-19 16:09 619,156 C:\WINDOWS\system32\divx.dll
2006-04-18 21:41 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\my games
2006-04-18 21:00 <DIR> C:\Program Files\firaxis games
2006-04-18 18:31 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-04-18 18:31 1,044,480 C:\WINDOWS\system32\libdivx.dll
2006-04-18 18:30 90,112 C:\WINDOWS\system32\dpl100.dll
2006-04-18 18:30 593,920 C:\WINDOWS\system32\dpugui11.dll
2006-04-18 18:30 57,344 C:\WINDOWS\system32\dpv11.dll
2006-04-18 18:30 536,576 C:\WINDOWS\system32\divxsm.exe
2006-04-18 18:30 53,248 C:\WINDOWS\system32\dpugui10.dll
2006-04-18 18:30 344,064 C:\WINDOWS\system32\dpus11.dll
2006-04-18 18:30 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-04-18 18:30 294,912 C:\WINDOWS\system32\dpu11.dll
2006-04-18 18:30 294,912 C:\WINDOWS\system32\dpu10.dll
2006-04-18 18:30 245,408 C:\WINDOWS\system32\unicows.dll
2006-04-18 18:30 200,704 C:\WINDOWS\system32\dtu100.dll
2006-04-16 02:23 <DIR> C:\Program Files\adobe
2006-04-16 01:08 <DIR> C:\Program Files\quicktime
2006-04-14 23:42 <DIR> C:\Program Files\daemon tools
2006-04-14 03:00 <DIR> C:\Program Files\outlook express
2006-04-14 03:00 <DIR> C:\Program Files\Common Files\system
2006-04-14 03:00 <DIR> C:\Program Files\Common Files\?ystem ( system )
2006-04-09 04:23 <DIR> C:\Program Files\warcraft iii
2006-04-04 00:48 <DIR> C:\Program Files\illiminable
2006-04-03 00:50 <DIR> C:\Program Files\spybot - search & destroy
2006-03-30 17:15 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\microsoft games
2006-03-30 17:11 <DIR> C:\Program Files\microsoft games
2006-03-29 21:24 <DIR> C:\Program Files\winrar
2006-03-29 21:24 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\help
2006-03-22 17:02 <DIR> C:\Program Files\overland
2006-03-22 17:01 <DIR> C:\Program Files\hp
2006-03-22 17:01 <DIR> C:\Program Files\hewlett-packard
2006-03-21 21:28 <DIR> C:\Program Files\viewpoint
2006-03-20 03:26 <DIR> C:\Program Files\Common Files\hewlett-packard
2006-03-20 03:21 <DIR> C:\Program Files\Common Files\hp
2006-03-18 17:15 <DIR> C:\Program Files\msnmusic
2006-03-18 15:12 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\corecodec
2006-03-18 15:11 <DIR> C:\Program Files\haali
2006-03-18 15:11 <DIR> C:\Program Files\corecodec
2006-03-18 04:46 <DIR> C:\Program Files\bitcomet
2006-03-18 04:45 <DIR> C:\Program Files\bitcomet toolbar
2006-03-18 04:42 <DIR> C:\Program Files\bittorrent
2006-03-18 04:11 <DIR> C:\Program Files\messenger
2006-03-18 02:55 <DIR> C:\Program Files\america's army server manager
2006-03-17 23:12 <DIR> C:\Program Files\Common Files\microsoft shared
2006-03-17 23:12 <DIR> C:\Program Files\Common Files\l&h
2006-03-17 23:11 <DIR> C:\Program Files\microsoft works
2006-03-17 23:11 <DIR> C:\Program Files\microsoft visual studio
2006-03-17 23:11 <DIR> C:\Program Files\microsoft office
2006-03-17 23:11 <DIR> C:\Program Files\microsoft activesync
2006-03-17 23:11 <DIR> C:\Program Files\Common Files\designer
2006-03-17 22:15 <DIR> C:\Program Files\peer impact
2006-03-17 20:24 <DIR> C:\Program Files\directx
2006-03-17 17:15 <DIR> C:\Program Files\Common Files\java
2006-03-17 14:47 <DIR> C:\Program Files\windows nt
2006-03-17 14:47 <DIR> C:\Program Files\netmeeting
2006-03-17 14:47 <DIR> C:\Program Files\movie maker
2006-03-17 14:26 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\acccore
2006-03-17 14:24 <DIR> C:\Program Files\Common Files\nullsoft
2006-03-17 13:39 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\xfire
2006-03-17 13:25 <DIR> C:\Program Files\linksys wireless-g pci wireless network monitor
2006-03-17 12:53 <DIR> C:\Program Files\uninstall information
2006-01-26 19:43 <DIR> C:\Program Files\xerox
2006-01-26 19:43 <DIR> C:\Program Files\elink
2006-01-26 19:42 <DIR> C:\Program Files\windowsupdate
2006-01-26 19:42 <DIR> C:\Program Files\via
2006-01-26 19:41 <DIR> C:\Program Files\s3
2006-01-26 19:41 <DIR> C:\Program Files\realtek sound manager
2006-01-26 19:41 <DIR> C:\Program Files\online services
2006-01-26 19:41 <DIR> C:\Program Files\nero
2006-01-26 19:39 <DIR> C:\Program Files\msn gaming zone
2006-01-26 19:39 <DIR> C:\Program Files\msn
2006-01-26 19:39 <DIR> C:\Program Files\microsoft frontpage
2006-01-26 19:38 <DIR> C:\Program Files\cyberlink
2006-01-26 19:38 <DIR> C:\Program Files\conexant
2006-01-26 19:38 <DIR> C:\Program Files\complus applications
2006-01-26 19:36 <DIR> C:\Program Files\Common Files\speechengines
2006-01-26 19:36 <DIR> C:\Program Files\Common Files\odbc
2006-01-26 19:36 <DIR> C:\Program Files\Common Files\nero
2006-01-26 19:36 <DIR> C:\Program Files\Common Files\mssoap
2006-01-26 19:35 <DIR> C:\Program Files\Common Files\ahead
2006-01-26 19:35 <DIR> C:\Program Files\avrack
2006-01-26 19:35 <DIR> C:\Program Files\ahead
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\snapfish
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\simple star
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\sampleview
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\identities
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\cyberlink
2006-01-26 19:20 <DIR> C:\Documents and Settings\rich is teh sex\Application Data\ahead

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-07-13 00:42 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-07-13 00:42 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-07-13 00:42 77,824 C:\WINDOWS\system32\driverif.dll
2006-07-13 00:42 75,776 C:\WINDOWS\zllsputility.exe
2006-07-13 00:42 733,236 C:\WINDOWS\system32\vete.dll
2006-07-13 00:42 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-07-13 00:42 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-07-13 00:42 59,384 C:\WINDOWS\system32\vswmi.dll
2006-07-13 00:42 394,872 C:\WINDOWS\system32\vsdatant.sys
2006-07-13 00:42 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-07-13 00:42 12,288 C:\WINDOWS\system32\vetntmsg.dll
2006-07-13 00:42 11,264 C:\WINDOWS\system32\SpOrder.dll
2006-07-13 00:42 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-07-13 00:42 100,344 C:\WINDOWS\system32\vsxml.dll
2006-07-13 00:41 83,960 C:\WINDOWS\system32\vsdata.dll
2006-07-13 00:41 440,312 C:\WINDOWS\system32\vsutil.dll
2006-07-13 00:41 157,688 C:\WINDOWS\system32\vsinit.dll
2006-06-28 21:57 32,539 C:\WINDOWS\system32\adrot-uninst.exe
2006-06-28 21:48 45,996 C:\WINDOWS\system32\UnIrimon.exe
2006-06-28 21:29 410 C:\WINDOWS\plrai.dll
2006-06-28 21:29 359,634 C:\WINDOWS\media_motor_bundle.exe
2006-06-28 21:29 359,570 C:\WINDOWS\chad_bundle.exe
2006-06-28 21:29 32,976 C:\WINDOWS\system32\uninstIcn.exe
2006-06-21 19:44 115,246 C:\WINDOWS\system32\ts_chad.exe
2006-06-21 19:43 235,165 C:\WINDOWS\system32\icon_chad.exe
2006-06-21 18:38 235,228 C:\WINDOWS\system32\icon_mediamotor.exe
2006-06-21 18:38 115,239 C:\WINDOWS\system32\ts_mediamotor.exe
2006-06-19 21:07 6,656 C:\WINDOWS\system32\pndx5016.dll
2006-06-19 21:07 5,632 C:\WINDOWS\system32\pndx5032.dll
2006-06-19 21:07 278,528 C:\WINDOWS\system32\pncrt.dll
2006-06-19 21:07 176,167 C:\WINDOWS\system32\rmoc3260.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VTTimer"="VTTimer.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"New Value #1"="c:\\sysprep\\test\\ftest\\ftest.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"VTTrayp"="VTtrayp.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SoundMan"="SOUNDMAN.EXE"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1142619837\\ee\\AOLSoftware.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"adstart"="iexplore.exe http://iesettingsupdate"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Nero\\data\\Xtras\\mssysmgr.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ProxyWay"="C:\\Program Files\\ProxyWay\\proxyway.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"irssyncd"="C:\\WINDOWS\\system32\\irssyncd.exe"
"mlltde"="C:\\WINDOWS\\system32\\mlltde.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"mlltde"="C:\\WINDOWS\\system32\\mlltde.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Aud"="\"C:\\PROGRA~1\\RACLE~1\\wucrtupd.exe\" -vt ndrv"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Aud"="\"C:\\PROGRA~1\\RACLE~1\\wucrtupd.exe\" -vt ndrv"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

Contents of the 'Scheduled Tasks' folder

Completion time: Tue 07/18/2006 13:49:31.89
ComboFix ver 06.07.16.2 - This logfile is located at C:\ComboFix.txt

ComboFix.txt

E2TakeOut v1.01 [http://www.malwarebytes.org]

Removed orphaned leftovers
AppInit key reset

Vikesrock8411 · 07-18-2006, 11:23 PM

Download the file I have attatched to this post called vander.zip. Unzip it to it's own folder on your desktop and double click Vander.bat to run it. A window may briefly appear then disappear.

Run a new scan with Hijackthis and post the log here.

Vander · 07-19-2006, 04:00 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:00:16 PM, on 7/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\program files\common files\aol\1142619837\ee\aim6.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\rich is teh sex\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ionaprep.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsbA6.dll (file missing)
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll (file missing)
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [New Value #1] c:\sysprep\test\ftest\ftest.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [mlltde] C:\WINDOWS\system32\mlltde.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/n...etizen/npx.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/n...rypt/npkcx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ntvdm.dll C:\WINDOWS\system32\ntvdm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Vikesrock8411 · 07-19-2006, 09:15 PM

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Launch KillBox.exe & select the following options:

delete on Reboot

Select all the filenames below & then right-click & select Copy

C:\WINDOWS\system32\adrotate.dll
C:\WINDOWS\system32\irssyncd.exe
C:\WINDOWS\system32\mlltde.exe
C:\WINDOWS\system32\ntvdm.dll

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsbA6.dll (file missing)
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll (file missing)
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [mlltde] C:\WINDOWS\system32\mlltde.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/n...etizen/npx.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/n...rypt/npkcx.cab
O20 - AppInit_DLLs: ntvdm.dll C:\WINDOWS\system32\ntvdm.dll

Please remember to close all other windows, including browsers then click Fix checked.

Reboot your PC.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it may ask you to purchase the program, this is not necessary we will take care of the entries manually.

At the end of the scan click on see report. Then click Save report

Please post that log in your next reply.

In your next post please include:

Panda Activescan Log
A new Hijackthis! Log

Vander · 07-21-2006, 12:03 AM

Incident Status Location

Adware:adware program Not disinfected c:\windows\system32\key.~
Adware:adware/adrotator Not disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[Beyond.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@ad.yieldmanager[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@dist.belnk[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@questionmarket[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@tribalfusion[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Config/System/Process.exe]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/mm.BOT.543.exe]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Tools/mm.ItemReader.exe]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Tools/mm.RBlocks.exe]
Hacktool:HackTool/IpHide Not disinfected C:\Program Files\Hide IP Platinum\hideippla.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\mm.BOT\Config\System\Process.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.FList\mm.FList.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\adwerkz.dll
Hacktool:Rootkit/Final.A Not disinfected C:\WINDOWS\system32\windrvNT.sys

Incident Status Location

Adware:adware program Not disinfected c:\windows\system32\key.~
Adware:adware/adrotator Not disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[Beyond.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@ad.yieldmanager[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@dist.belnk[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@questionmarket[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@tribalfusion[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Config/System/Process.exe]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/mm.BOT.543.exe]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Tools/mm.ItemReader.exe]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Tools/mm.RBlocks.exe]
Hacktool:HackTool/IpHide Not disinfected C:\Program Files\Hide IP Platinum\hideippla.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\mm.BOT\Config\System\Process.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.FList\mm.FList.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\adwerkz.dll
Hacktool:Rootkit/Final.A Not disinfected C:\WINDOWS\system32\windrvNT.sys

Vikesrock8411 · 07-21-2006, 12:26 AM

Please follow the instructions here to clear Sun Java's cache.

Open Internet Explorer and click Tools->Internet Options. On the General tab click the Delete Cookies button. Click OK twice and close IE.

Delete these 2 files:
C:\WINDOWS\system32\adwerkz.dll
c:\windows\system32\key.~

Post a new Hijackthis log here for review.

Vander · 07-21-2006, 01:13 AM

Logfile of HijackThis v1.99.1
Scan saved at 3:12:52 AM, on 7/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1142619837\ee\aim6.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\rich is teh sex\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ionaprep.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [New Value #1] c:\sysprep\test\ftest\ftest.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Vikesrock8411 · 07-21-2006, 01:20 AM

Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.

Tick the checkbox - Turn off System Restore on all drives
Click Apply
Turn it back 'On' by unticking the same checkbox & click OK

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Sunbelt Kerio Personal Firewall

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

Vander · 07-21-2006, 03:03 AM

i use Opera as my browser now and ive been using the payed version of Zone Alarm Security Suite for a few weeks now. I've also got Spybot - Search and Destroy. thanks for all your help.

07-12-2006, 02:16 PM	#1 (permalink)
Vander Registered User Join Date: Jul 2006 Posts: 8 OS: XP	log posted- slow comp and popups hi, my computer is running slower than it should and im getting random popups, even when i am not browsing the internet. here is my HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 4:08:49 PM, on 7/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\pop06ap2.exe C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\mlltde.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\beas\tcar.exe c:\Program Files\Loukh\Wmlir.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\COMMON~1\TSKS~1\WNSPOO~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\DllHost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\mlltde.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\common files\aol\1142619837\ee\aim6.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Documents and Settings\rich is teh sex\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ionaprep.org/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\habwq.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rvibbrv.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsbA6.dll O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmfhrt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file) O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [New Value #1] c:\sysprep\test\ftest\ftest.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe O4 - HKLM\..\Run: [Zwjiz] c:\Program Files\Loukh\Wmlir.exe O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\spybotsd.exe" /autocheck O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [Aud] "C:\Program Files\beas\tcar.exe" -vt yazb O4 - HKCU\..\Run: [Shs] C:\PROGRA~1\COMMON~1\TSKS~1\WNSPOO~1.EXE O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe O4 - HKCU\..\Run: [mlltde] C:\WINDOWS\system32\mlltde.exe O4 - HKCU\..\RunOnce: [mlltde] C:\WINDOWS\system32\mlltde.exe O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .media-motor.net O15 - Trusted Zone: .mmohsix.com O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-motor.net/cabs/joysaver.cab O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10 O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/n...etizen/npx.cab O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/n...rypt/npkcx.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: inicfg32.dll ntvdm.dll C:\WINDOWS\system32\ntvdm.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing) any help would be appreciated. thanks.

07-13-2006, 06:35 PM	#2 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Your computer is heavily infected with malware. The instructions below are fairly long and mus be completed in order to work properly. Please read through them and let me know if you have any questions befor you begin. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Downloads(make sure to save these in a permanent location) combofix.exe-Save it to your Desktop, we will need this later. E2TakeOut- Unzip it to your desktop. Brute Force Uninstaller to your desktop. Right click the BFU folder on your desktop, and choose Extract All Click "Next" In the box to choose where to extract the files to, Click "Browse" Click on the + sign next to "My Computer" Click on "Local Disk (C:) or whatever your primary drive is Click "Make New Folder" Type in BFU Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish". RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover. Save it in the same folder you made earlier (c:\BFU). Cleanup!- Install it. You will use this later. NOTE Cleanup deletes EVERYTHING out of temporary folders and does not make backups. Ewido Anti-Malware Install Ewido Anti-Malware Double-click the icon on Desktop to launch Ewido You will need to update Ewido to the latest definition files. On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. I also recommend changing the "Update interval" to something more reasonable like 12 hours. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: PurityScan by OIN Snowball Wars by OIN Yazzle by OIN Outerinfo or any programs by OIN In case Purityscan or OINS is not listed, download and use this uninstaller: http://www.outerinfo.com/OiUninstaller.exe Next, please reboot your computer in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. Please go to Start > My Computer and navigate to the C:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.) Wait for the complete script execution box to pop up and press OK. Press exit to terminate the BFU program. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it’s checked. Click OK Press the CleanUp!* button to start the program. If prompted to reboot, click No. Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine Then click Apply all actions Once finished, click the Save report button, then click Save Report As and save it to your desktop. Reboot your system in Normal Mode. Double click E2TakeOut.exe Click the Begin Removal button Wait until the program is finished scanning Once done, it will produce a popup stating that the infection has been found and you need to reboot you computer to complete the removal Reboot your computer Once your computer has rebooted E2TakeOut will open and produce a report Please copy/paste that report into your next reply Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall In your next post please include: Ewido Log E2TakeOut Log Combofix Log A new Hijackthis! Log __________________

07-17-2006, 06:46 PM	#4 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Download BootSafe and save it to your Desktop. Double click the BootSafe icon to start the program. Select "Safe Mode - Minimal". Click the Reboot button When you have completed your tasks, simply run BootSafe again and select the Normal Restart option and click the Reboot button and your computer will reboot in Normal Mode. __________________

07-18-2006, 11:23 PM	#6 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Download the file I have attatched to this post called vander.zip. Unzip it to it's own folder on your desktop and double click Vander.bat to run it. A window may briefly appear then disappear. Run a new scan with Hijackthis and post the log here. __________________ Last edited by Vikesrock8411; 09-17-2006 at 10:24 PM.

07-19-2006, 09:15 PM	#8 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175) Launch KillBox.exe & select the following options: delete on Reboot Select all the filenames below & then right-click & select Copy C:\WINDOWS\system32\adrotate.dll C:\WINDOWS\system32\irssyncd.exe C:\WINDOWS\system32\mlltde.exe C:\WINDOWS\system32\ntvdm.dll * Go to the File menu, and choose Paste from Clipboard * Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsbA6.dll (file missing) O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll (file missing) O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe O4 - HKCU\..\Run: [mlltde] C:\WINDOWS\system32\mlltde.exe O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10 O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/n...etizen/npx.cab O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/n...rypt/npkcx.cab O20 - AppInit_DLLs: ntvdm.dll C:\WINDOWS\system32\ntvdm.dll Please remember to close all other windows, including browsers then click Fix checked. Reboot your PC. Online Scans Perform an online scan with Internet Explorer with Panda ActiveScan click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC** & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Click Scan Now* Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it may ask you to purchase the program, this is not necessary we will take care of the entries manually. At the end of the scan click on see report. Then click Save report Please post that log in your next reply. In your next post please include: Panda Activescan Log A new Hijackthis! Log __________________

07-17-2006, 06:19 PM	#3 (permalink)
Vander Registered User Join Date: Jul 2006 Posts: 8 OS: XP	it wont let me restart in safe mode. i never hear a beep adn when i do press f8 i never have the option to restart in safe mode. my only option is to start windows.

07-19-2006, 04:00 PM	#7 (permalink)
Vander Registered User Join Date: Jul 2006 Posts: 8 OS: XP	Logfile of HijackThis v1.99.1 Scan saved at 6:00:16 PM, on 7/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\program files\common files\aol\1142619837\ee\aim6.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinRAR\WinRAR.exe C:\Documents and Settings\rich is teh sex\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ionaprep.org/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsbA6.dll (file missing) O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll (file missing) O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [New Value #1] c:\sysprep\test\ftest\ftest.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe O4 - HKCU\..\Run: [mlltde] C:\WINDOWS\system32\mlltde.exe O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10 O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/n...etizen/npx.cab O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/n...rypt/npkcx.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: ntvdm.dll C:\WINDOWS\system32\ntvdm.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

07-21-2006, 12:03 AM	#9 (permalink)
Vander Registered User Join Date: Jul 2006 Posts: 8 OS: XP	Incident Status Location Adware:adware program Not disinfected c:\windows\system32\key.~ Adware:adware/adrotator Not disinfected Windows Registry Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[BlackBox.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[VerifierBug.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[Beyond.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[BlackBox.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[VerifierBug.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[Beyond.class] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@ad.yieldmanager[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@atwola[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@dist.belnk[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@questionmarket[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@tribalfusion[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@zedo[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Config/System/Process.exe] Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/mm.BOT.543.exe] Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Tools/mm.ItemReader.exe] Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Tools/mm.RBlocks.exe] Hacktool:HackTool/IpHide Not disinfected C:\Program Files\Hide IP Platinum\hideippla.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\mm.BOT\Config\System\Process.exe Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.FList\mm.FList.exe Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\adwerkz.dll Hacktool:Rootkit/Final.A Not disinfected C:\WINDOWS\system32\windrvNT.sys Incident Status Location Adware:adware program Not disinfected c:\windows\system32\key.~ Adware:adware/adrotator Not disinfected Windows Registry Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[BlackBox.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[VerifierBug.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-30e23a9b.zip[Beyond.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[BlackBox.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[VerifierBug.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\rich is teh sex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3fdb8e18.zip[Beyond.class] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@ad.yieldmanager[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@atwola[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@dist.belnk[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@questionmarket[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@tribalfusion[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\rich is teh sex\Cookies\rich is teh sex@zedo[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Config/System/Process.exe] Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/mm.BOT.543.exe] Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Tools/mm.ItemReader.exe] Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\rich is teh sex\My Documents\Hack\diablo ii manus-magnus [1.11b]mm.bot.5.43 final [81908].zip[mm.BOT.543/Tools/mm.RBlocks.exe] Hacktool:HackTool/IpHide Not disinfected C:\Program Files\Hide IP Platinum\hideippla.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\mm.BOT\Config\System\Process.exe Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.FList\mm.FList.exe Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\adwerkz.dll Hacktool:Rootkit/Final.A Not disinfected C:\WINDOWS\system32\windrvNT.sys

07-21-2006, 12:26 AM	#10 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Please follow the instructions here to clear Sun Java's cache. Open Internet Explorer and click Tools->Internet Options. On the General tab click the Delete Cookies button. Click OK twice and close IE. Delete these 2 files: C:\WINDOWS\system32\adwerkz.dll c:\windows\system32\key.~ Post a new Hijackthis log here for review. __________________

07-21-2006, 01:13 AM	#11 (permalink)
Vander Registered User Join Date: Jul 2006 Posts: 8 OS: XP	Logfile of HijackThis v1.99.1 Scan saved at 3:12:52 AM, on 7/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe c:\program files\common files\aol\1142619837\ee\aim6.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\rich is teh sex\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ionaprep.org/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [New Value #1] c:\sysprep\test\ftest\ftest.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142619837\ee\AOLSoftware.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

07-21-2006, 01:20 AM	#12 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved. Setting a new Restore Point Go to Start >> Run - type control sysdm.cpl,,4 & press Enter. Tick the checkbox - Turn off System Restore on all drives Click Apply Turn it back 'On' by unticking the same checkbox & click OK Windows Update Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site. Prevention A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include: AVG Free Avast! Home Edition (Antivirus & Firewall) AntiVir A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are: Zone Alarm Outpost Tiny Personal Firewall Sunbelt Kerio Personal Firewall Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed. Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses. IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC. The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed. Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all. Alternative Programs Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) Desktop Weather - Free taskbar weather program that is free, malware free, and resource light. Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. __________________

07-21-2006, 03:03 AM	#13 (permalink)
Vander Registered User Join Date: Jul 2006 Posts: 8 OS: XP	i use Opera as my browser now and ive been using the payed version of Zone Alarm Security Suite for a few weeks now. I've also got Spybot - Search and Destroy. thanks for all your help.